Select Page

Mar 16, 2021

Why You Need Anti-Spam in Your NGFW

by

Most businesses rely upon email to get work done. However, as important as email is to overall business processes, more than 50% of all emails in 2020 were spam, or bulk unsolicited email, according to industry sources.

You may be thinking, “My email administrator has already set up anti-spam, so why do I need to worry about this?”

There are quite a number of reasons, actually.

The Problem with Spam Email

Cybercriminals embrace spam because it’s cheap, efficient, and successful often enough to be lucrative – evidenced by the 300 billion spam emails (and growing) sent each year. While some spam email might simply sap employee productivity, all spam has the potential for phishing, ransomware, viruses and other malicious activities.

Spam has become a critical vector for network attacks, and thus a key concern of network admins. An employee that interacts with a spam message can result in the takeover of one or more accounts, data exfiltration, or another similarly serious outcome. Further, like other malware creators, spammers continuously adapt and evolve to elude detection and improve efficacy.

Outbound spam is another concern. Spammers frequently use botnets for their operation, and an enterprise computer can become compromised and begin spewing out spam via the corporate domain. This can damage the organization’s domain reputation, which can bring serious ramifications such as email from organization’s domain being blocked, resulting in legitimate email being dropped. In addition, outbound spam can violate regulatory compliance, exfiltrate sensitive data, and more.

Email servers, either on premise or in the cloud, offer a number of anti-spam measures like content filtering, blackhole lists, spam traps and others. Each of these techniques has its own strengths and weaknesses. Even though server-based anti-spam might use a number of different techniques, however, functionally it is still a single layer of defense against spam.

Anti-Spam at the Network Perimeter

Next generation firewalls (NGFWs) are admins’ weapon of choice to provide robust security protections at the network perimeter. Using a variety of techniques and technologies, they inspect both inbound and outbound traffic for malware, anomalous behaviors, and other indicators of threats, then take appropriate actions to defend the network.

The core capabilities of NGFWs thus serve as a backstop for email services’ anti-spam measures. By inspecting all traffic, including SSL-encrypted traffic, NGFWs can accurately detect and block a wide variety of attacks.

More-advanced NGFWs, like Hillstone’s A-Series Next Generation Firewall, also offer anti-spam capabilities that are refined and tuned to classify and prevent both inbound and outbound spam. Spam messages are sorted into four categories: confirmed spam, suspected spam, bulk spam and valid bulk email, regardless of the language, format or content of the message, and working on SMTP and POP3 email protocols.

Hillstone anti-spam utilizes a smart cloud-based collection system with strategically located spam collectors throughout the world. The system processes and analyzes billions of emails per month, and correlates the data to provide highly accurate detection and prevention.

In addition, Hillstone anti-spam uses machine learning and pattern analysis to understand indicators of threat that are unique to spam. By analyzing patterns, rather than content, structure patterns that indicate mass sending, and distribution patterns that indicate threats, can be quickly identified and blocked.

The anti-spam solution also incorporates real-time classification with a unique ‘pull’ (vs. ‘push’) updating architecture. This continuous updating allows around 75% of spam classification to be resolved via the local cache, speeding throughput and overall performance.

A Layered Defense at Each Threat Stage

Hillstone’s anti-spam solution for NGFWs is part of a full lifecycle-based threat detection and prevention strategy that can be defined in three stages: Pre-breach, during a breach and post-breach.

At the pre-breach stage, anti-spam is complemented by an intrusion prevention system, IP reputation services, URL filtering and anti-virus. These technologies detect or identify potential threats and then block them before a breach can occur.

Anti-virus also plays a role during an active breach by detecting and blocking known malwares through its advanced signature database. A cloud sandbox diverts suspicious traffic to a safe execution environment where potential malicious content can be analyzed, then collaborates with other technologies within the NGFW to provide rapid remediation.

To detect and mitigate risk after a breach, botnet C&C prevention discovers intranet botnet hosts and blocks them to prevent further threats like ransomware. In addition, StoneShield leverages machine learning and AI to detect and prevent malware and anomalous network behaviors.

Through Hillstone’s layered defense strategy, and by including email spam detection and prevention, Hillstone solutions can detect and mitigate even the most sophisticated and rapidly evolving malware and ransomware variants at any or all attack stages, including post breach. Hillstone NGFWs offer IPS, IP reputation, URL filtering, anti-virus, cloud sandboxing and botnet C&C protection, along with other security measures. In addition, a unified threat detection and analytics engine coordinates across all security mechanisms to dramatically enhance efficiency while reducing network latency.