Symantec E-mail Security Appliances Focus On Targeted Attacks, SMB Markets

Today at RSA, Symantec announced the release of a small business edition with identical feature sets to its Brightmail, but simplified licensing and SMB-scaled pricing. Symantec's latest release for its e-mail security appliances boasts enhanced ability to detect and block increasingly prevalent targeted e-mail attacks, real-time updates and customer-centric protection.

Targeted attacks such as 419 scams and focused phishing, according to Symantec, accounted for 21 percent of all spam messages in January 2010, more than double the percentage in January 2009. These range from attacks that target groups of users -- for example, those likely to contribute to charity such as earthquake relief -- to very specific attacks that zero in on a particular industry, company or user. They typically leverage profile information gathered on Facebook or LinkedIn, claiming to be a friend, relative or perhaps an IT admin.

The latest Brightmail release employs new techniques designed to detect these lower volume attacks, analyzing common characteristics such as word proximity, header information, subject versus body text, source, etc. Symantec has also widened participation its Probe Network to collect input directly from customer appliances and responding rapidly to attacks on specific customer businesses. In the past, the Probe Network collected information primarily from U.S.-based ISPs.

"The difference is that historical process of joining was focused on service providers because that gave us largest volume of e-mail, and spam used to be more generic," said Angelos Kottas, principal product manager for Brightmail. "Now with targeted attacks, different customers are seeing different kinds of spam. So, we need to insert probe accounts into the entire spectrum of our customer base."

Speed is a factor, Kottas said. Symantec analysts say that most attacks are delivered with half-hour of launch. In response, Brightmail now downloads protection updates incrementally as often as every second--compared to every few minutes up to now--and verifies the baseline every 24 hours.Symantec has offered a hosted e-mail security service since its acquisition of MessageLabs. Brightmail 9.0 integrates MessageLabs' e-mail encryption service with the appliance's e-mail-based DLP capabilities, offering policy-based encryption. Brightmail Gateway 9.0 Small Business Edition is driven by channel demand, Kottas said, with single-appliance licensing, no per-user metering and SMB pricing.

The Small Business Edition strengthens Symantec's competitive position in the SMB market, by offering the option of either an appliance or hosted service. McAfee, for example, recently acquired hosted email security provider MxLogic. Enterprises make the choice based on customer preference, Kottas said, choosing to control everything on premise, or going to a hosted service based on business strategy.

There's plenty of opportunity for both models in the 250-and-under user market, he said.
"I absolutely think the SMB market will embrace the hosted model," he said. "But there's a market in the hundreds of millions of dollars that's focused on SMB appliances, and Small Business Edition is a direct response to channel partners. The CDWs and Dells of the world, these very transactional businesses, get customers calling in to say 'I want an e-mail appliance.""