Barracuda Spam Firewall Moves Beyond Traditional Reputation Analysis With Predictive Sender Profiling
April 18, 2007; 01:56 AM
“While 2006 marked the beginning of an assault on image spam, 2007 is marking yet another trend through spammer identity obfuscation,” said Stephen Pao, vice president of product management for Barracuda Networks. “Taking an analogy from the financial industry, where reputation analysis is like a FICO score, identity obfuscation, like identity theft, requires profiling against anomalous behavior.”
“Reputation is a computationally efficient way to profile spam,” said Michael Osterman, president of Osterman Research. “However, we have observed that spoofing, botnets, and other means of hiding behind the reputation of another sender have made this technique less effective than it might otherwise be. As a result, while we believe reputation is very important, other spam prevention techniques that profile sender behavior will be very important moving forward.”
Predictive Sender Profiling
Modern spam trends require reputation data be augmented with behavioral profiling techniques. For example, by taking control of networks of computers infected with malware (also called “botnets”), spammers can send email from diverse sources throughout the Internet, thus hiding their own identity from traditional reputation checks that profile sender network addresses. By registering new domains or by redirecting to spam Web domains through reputable blogs, free Web site providers, or URL redirection services, spammers have also learned to hide their identity from traditional reputation checks that profile spam Web domains.
When spammers obfuscate their identities, the Barracuda Spam Firewall can profile behaviors of all senders. Examples include:
“As identity obfuscation continues to proliferate, the stand-alone value of reputation data diminishes,” said Pao. “Through Predictive Sender Profiling, we are able to recognize bad sender behavior and implement a broad variety of countermeasures in real-time. With six of the 12 comprehensive defense layers tunable through updates delivered by Barracuda Central, our engineers have the broadest set of weapons available to stop the spam. Combining this set of weapons with the industry’s most diverse and active compilation of email, Barracuda Networks can deliver industry-leading spam accuracy even as the spam landscape continues to evolve.”
“We have been using our Barracuda Spam Firewall since early 2005, and I can't imagine ever being without it,” said Jacob Nyhart, network engineer for South Carolina Heart Center. “While spam trends keep changing, our Barracuda Spam Firewall seems to catch them right away and has continued to effectively block more than 98 percent of incoming spam here at SCHC. We appreciate that Barracuda Central is profiling spammer behavior so that we don’t have to.”
Barracuda Spam Firewall Reputation Analysis
While the standalone value of reputation data is diminishing, it remains an important baseline for sender profiling. For reputation analysis, the Barracuda Spam Firewall leverages data on both network addresses used to send email and domain names embedded in the Web links of emails gathered by Barracuda Central, an advanced technology operations center where engineers continually monitor the Internet for trends in spam and virus attacks. Both the IP and reputation data combined, enables Barracuda Networks to implement countermeasures to mitigate those threats.
For network addresses used to send email, Barracuda Spam Firewalls download two lists used in its IP Analysis defense layer – a Block list (“blacklist”) of known spammers and an Allow list (“whitelist”) of known senders with good email practices. With these lists, Barracuda Spam Firewalls can efficiently differentiate those emails to be blocked or allowed with minimal processing. Other network addresses in the “grey area” are left for further analysis through nine subsequent spam and virus defense layers.
Domains embedded in Web links of emails are analyzed through the Intent Analysis defense layer of the Barracuda Spam Firewall. Intent Analysis is designed to capture the call to action of a spam email – to click on a Web link, call a phone number, or reply to an email. Even when the network origin of an email cannot be identified, the intent of the email can often reveal the identity of the sender. Barracuda Central maintains the reputation of Internet domains and their associated Domain Name Server (DNS) configuration.
“As a baseline for Predictive Sender Profiling, Barracuda Networks remains committed to delivering state-of-the-art reputation data,” continued Pao. “With email sourced from our spam traps throughout the Internet, as well as submissions from thousands of customer systems worldwide spanning small and medium businesses, enterprises, government institutions, and Internet Service Providers across over 80 countries, Barracuda Central has the world’s most diverse corpus of email on which to base reputation data.”
Pricing and Availability
The Barracuda Spam Firewall Reputation Analysis and Predictive Sender Profiling capabilities are immediately available with Barracuda Spam Firewall firmware releases 188.8.131.52 and 184.108.40.206. All Barracuda Spam Firewall customers with current Energize Updates subscriptions may upgrade to the latest firmware releases at no additional charge. For new customers, Reputation Analysis and Predictive Sender Profiling will be included out of the box. Barracuda Spam Firewall pricing varies by model and starts at $1,499 in the U.S. with no per user licensing fees. International pricing varies by region.
About the Barracuda Spam Firewall
The Barracuda Spam Firewall is available in six models and supports from 1,000 to 30,000 active users with no per user licensing fees. Its architecture leverages 12 defense layers: denial of service and security protection, rate control, IP analysis, sender authentication, recipient verification, virus protection, policy (user-specified rules), Fingerprint Analysis, Intent Analysis, Image Analysis, Bayesian Analysis, and a Spam Rules Scoring engine. In addition, the entire Barracuda Spam Firewall line features simultaneous inbound and outbound email filtering with the inclusion of sophisticated outbound email filtering techniques, such as rate controls, domain restrictions, user authentication (SASL), keyword and attachment blocking, dual layer virus blocking, and remote user support for outbound email filtering. The Barracuda Spam Firewall’s layered approach minimizes the processing of each email, which yields the performance required to process millions of messages per day. For more information on the Barracuda Spam Firewall, visit http://www.barracuda.com/spam.
About Barracuda Networks, Inc.
Barracuda Networks is the leading provider of application security appliances for comprehensive email, Internet and IM protection. Its products protect over 40,000 customers around the world, including Adaptec, Caltrans, CBS, Georgia Institute of Technology, IBM, NASA, Pizza Hut, Union Pacific Railroad Company, and the U.S. Treasury Department. The Barracuda Spam Firewall and Barracuda Spam Firewall - Outbound protect organizations against spam, viruses, and violations to e-mail security policy. The Barracuda Web Filter offers comprehensive content filtering and complete network protection against spyware, malware and viruses. The Barracuda IM Firewall is the only all in one gateway solution for IM traffic management and security. The Barracuda Load Balancer offers easy to configure, secure and comprehensive IP network traffic management across multiple servers. Barracuda Networks is a privately held company with headquarters in Mountain View, California. Barracuda Networks has offices in eight international locations and distributors in over 80 countries. More information is available at www.barracuda.com.
|Copyright © 1998 - 2018 DevStart, Inc. All Rights Reserved|