Jay ButlerJay Butler, Manager of Client Implementations

The Hurricane:

As Hurricane Irene was bearing down on the East Coast, I was proud to know our SafeSysMail subscribers could still rely on email communications in spite of the storm.  The SafeSysMail servers and infrastructure are housed in state-of-the-art facilities designed to withstand power outages and natural disasters.  SafeSysMail users need only an Internet connection, power, and a computer or smartphone to gain full access to their email.  Business continuity relies heavily on communication, and these days we seem to communicate more through email than any other medium.  With access to email alone, parts of your business can remain viable.  You can write SafeSysMail into your DR/BCP plan as a reliable communication method during most disasters including those that can potentially make business locations inaccessible.

For businesses that use their own in-house mail server, accessibility might not be possible.  A potential disaster could destroy the building or only the server and could take out email communications, likely for days.  Recovering an in-house mail server is often a lengthy process ripe with complications.  It can take days to acquire new hardware and rebuild the server back to full operation.  Data loss could occur unless real-time backups are employed and running error-free.  Even then, it can take many hours to perform a multi-gigabyte data restore.

Your customers and business associates would receive email delivery failures until your systems could be brought back online.  Even locally, deployed backup servers are no guarantee.  Some questions you might want to ask include when was the last time that solution was fully tested?  Could you turn off the primary mail server at your main location right now without any disruption in email service?  Would the backup server be protected from a real disaster, or could its location also be destroyed?

These are not questions you need be concerned about with SafeSysMail.  Our facilities are replicated in real time at locations in different parts of the interior United States where catastrophes are extremely unlikely.  Should a disaster befall your financial institution, SafeSysMail will not be affected.  Anyone sending email to your business would not be alarmed by non-delivery notices and would otherwise be unaware of any problem.

The Virus:

As Hurricane Irene was roaring and then dissipating, our email filtering system was busy eliminating a different kind of threat, email viruses.  One particular virus was a new spin on an existing method in which an email appearing to arrive from a legitimate source (the FDIC) was actually a virus.  Over a 24-hour period, our system filtered out at least 1,000 transmissions of this fraudulent message.  Because our system deleted the message on arrival, it never reached our SafeSysMail or Escan subscribers’ mailboxes.

This attack claimed to be an email from the FDIC telling the recipient their ACH and wire transactions had been temporarily suspended for security reasons.  The email attempted to lure the recipient into opening an attachment that supposedly contained instructions for reactivating transaction abilities.  Of course, the attachment was not instructions for reactivating legitimate services (that were never deactivated in the first place).  The attachment was a virus intent on stealing private information and/or loading malicious software.  The email was not sent from the FDIC; it had instead originated from an unidentified computer hacking system, likely from a malicious botnet.  Visit http://www.fdic.gov/consumers/consumer/alerts/ to learn more.  The FDIC has posted information here about fraudulent email dating back to April 2010.

Our email filtering system, Escan, within SafeSysMail eliminates attacks of this type all the time.  In this case, our antivirus scanner detected the attachment and eliminated the entire message BEFORE it had any chance of tricking a recipient into unleashing the attack.  This particular file would have likely attempted to exploit unpatched software, so it is important to keep focus on that critical security layer as well.  These attacks are constantly morphing making it difficult for any one security layer to thwart every attempt; however, email filtering technology may be the most critical layer in stopping email born attacks.  It serves as the first line of defense by analyzing every message BEFORE delivery.  Once the message is delivered, the number of variables multiplies quickly; every recipient’s ability to detect and react appropriately is tested.  The integrity of all software comes into question.  The locally installed AV must be working on every computer and up-to-date on the latest viruses.

Our Escan and SafeSysMail subscribers are protected by one of the best in class email security solutions available.  Our system inspects every message before delivery to the user’s mailbox, eliminating threats and most annoying spam.  A locally deployed solution may not have prevented this email from arriving to end users’ mailboxes.  If you have a locally deployed security solution, how do you know if it blocked these messages or if any were delivered?

The recent events of the hurricane and this virus demonstrate two distinct qualities of SafeSysMail (and Escan), resiliency and security.  If you have a locally deployed email server and security solution, hopefully this article will inspire a comparison.  Perhaps you have a solution that provides the same level of protection.  Otherwise, it might be worth considering something new to serve one of the most fundamental needs of any business–communication.

 

Write a Comment