Subscribe in a reader
Report Card: Incite #7 - Bad Content is Bad Content
Submitted by Mike Rothman on Wed, 2006-12-27 09:14.
Given innovation by spammers and fraudsters, keeping content filtering algorithms accurate and timely is proving very difficult for content-focused security vendors. In 2006, heuristics-based detection cocktails fall out of favor, pushing the pendulum back towards signatures that favor entrenched AV vendors. Users increasingly embrace in the cloud content filtering for e-mail, IM, and web traffic because it allows them to get rid of another box in the perimeter and stop worrying about exponentially increasing message volumes.
Grade: B+
Original Days of Incite post: here
Incite Redux post: here
Spam made a comeback in 2006 in a big way. Image-based spam and other nefarious techniques kept most of the anti-spam vendors on their heels all year and also created a lot of swap-outs and turmoil on the email security gateway.
The problem with the Incite was that spam signatures didn’t fare much better than anything else in detecting the new wave of spam. The business of catching spam is a thankless situation and much like the AV battles of a few years ago, tend to leave a few very large players and a lot of carnage. Anti-spam (along with other content security functions) is also increasingly being bundled into the UTM platform.
This is another case in point as to why I won’t be making any more product architecture projections in the future. Customers don’t care whether it’s heuristics, signatures, or black magic. They want the spam to stop and that didn’t happen well enough in 2006. The email security vendors have a lot of work to do.
The part of the Incite that really resonated was the drive towards services. Whether it’s the big couple of services players (Postini, MessageLabs), consolidated challengers (Microsoft/FrontBridge, SurfControl/Black Spider) or Tom, Dick and Harry installing a few Barracuda boxes in their garage and calling themselves an email security service – there are plenty of options for customers.
The large enterprise will still use their dedicated email security appliances, but the mid-market will continue to flock to the services as we move forward.
A long-term Incite might be that email is going away. There is little that email offers that will keep it above IM, VoIP/VoiceMail, SMS. And the spam will certainly push people away, as there really is no inherent solution to spam in the protocol other than bandages and patches on a leaky dam, and that requires constant vigilence that is just not cost-effective for anyone other than big players or email providers themselves.
Of course, that's not to say spammers won't follow the markets and move along to IM and SMS in an even bigger way, but the general business and consumer public won't be that far-thinking, imo.
Now that is an interesting supposition. But I, for one, am not ready to even think about replacing emai because it's asynchronous. I tend not to use IM very often because it's interuppt driven. When I'm focused, I don't like to be disturbed and IM doesn't allow for a store and forward mechanism (right now anyway) which allows for my messages to be queued up and for me to respond on my timetable. I guess SMS would do the trick, but my phone number is not permanent. I guess there is number portability, but it's much easier for folks to remember mike.rothman (at) securityincite (dot) com, rather than my phone number.
So I'm not sold that email is going away, but clearly something needs to be done on the spam side because it's gotten ridiculous and I can't even imagine what it would be like if I didn't have anti-spam measures in place.