As spam becomes viral and viruses spread through spam, anti-virus and anti-spam companies are aggregating products and solutions to serve up multi part security and messaging solutions.

by Alex Goldman ISP-Planet Managing Editor [October 11, 2004]

It's a trend. Anti-virus companies are buying up anti-spam companies. Our Anti-Spam directory notes that anti-virus vendor Sophos acquired ActiveState and Symantec purchased Brightmail and TurnTide. ISS, a security services firm, acquired anti-spam and filtering operation Cobion.

But even bigger fish are swimming here. Earlier this year, Juniper Networks purchased firewall vendor NetScreen for $4 billion. Cisco has been making smaller purchases, such as Twingo, acquired for $5 million, and Allegro, a VPN company, that it acquired for $181 million.

Recently, Cisco signed an agreement to acquire P-Cube for about $200 million. P-Cube makes a firewall-like device that provides total security for enterprises and ISPs. Len LuPriore, senior director of corporate marketing at P-Cube, notes, "there's been a lot of consolidation in the anti-spam space. We're approaching the problem differently and in a complementary fashion to other systems."

The idea is to augment measures already in place, not to replace them. "We assist the service provider in figuring out the problem and how to protect against it. We reduce the overall network costs caused by junk mail, and also the storage problems and costs caused by junk mail."

Dawn of the dead subscribers
Threats are changing—for the worse—every day. Last week, for example, eSecurityPlanet.com noted (in Spammers Hide Trojan in Opt-Out Link) that viruses can be placed anywhere in an e-mail. Service providers cannot assume that end users will understand the issue.

"Subscribers are going to ISPs and asking for help. They don't understand the problem, how it's sourced, or why it's hitting them directly," says LuPriore.

Right now, P-Cube is focused on solving the zombie problem. The P-Cube system intercepts traffic from a compromised customer and redirects that customer's browser to the ISP's help desk. "This lowers supports costs, and the subscriber sees some value in to too. The subscriber feels good about the service provider if the service provider helps fix the problem," says LuPriore.

A secure base
But not every anti-spam outfit is being purchased. Many remain independent. One such is IronPort, the company that announced it was changing messaging forever when it came out of stealth mode in 2001. "Our mission at IronPort is to revolutionize Internet messaging," the company's CEO, Scott Weiss, told internetnews.com in November of that year.

IronPort settled on a very different system than that of P-Cube or Cisco. Rather than relying on lone appliances, the company built a network in which every customer would assist every other customer in the detection of problems and in creating a whitelist through a bonded sender program.

The latest iteration in this ongoing project is called SenderBase. "This network gives us an insight into 25 percent of the world's e-mail traffic," enthuses Ambika Gare, director of product management information services at IronPort.

The SenderBase network, she explains, collects data from contributing organizations, including message volume, message composition, data from spam traps on those networks, complaints, ISP abuse reports, Spamcop (which the company now owns), and "about eight different blacklists."

It's all about reacting quickly, in real time. "The real power of this network is that the data is dynamic and collected in real time," she says. "If a partner gets compromised, their reputation will fall."

The system rates the likelihood that a message is spam based on the reputation of the network it originated from and based on its content and statistics. A receiving system that uses SenderBase might automatically reject all messages rated -4 to -10, automatically accept all messages rated 4 to 10, and scan all messages rated -4 to 4.

If a whitelisted major ISP starts to have a zombie problem, its reputation will drop, and messages from that ISP will be scanned. If the problem continues, those messages will be rejected. When the problem is solved, the ISP will be whitelisted again.

The IronPoint approach is very different from the P-Cube/Cisco approach and we think that's good. It's good for the ISP industry when there are a variety of ideas on how to protect the network and the messaging infrastructure.

This is our prediction for the coming months and even for the next few years: expect more consolidation as companies merge and acquire pieces of the puzzle in order to serve up a total messaging security solution.

—End