Consultancy firm The Leading Edge called Proofpoint to restore its email when a Botnet attack took the company’s Internet link down.
The infection left the business with intermittent email for two days.
It became a major source of spam emails and its email gateway was forwarding tens of thousands of spam emails purporting to be from a Spanish bank.
Proofpoint provided a solution called a Messaging Security Gateway appliance to remove spam from outbound and inbound email, ensuring its systems remain operational 24 x 7.
“Email is our key communications tool,” said Tom Lineen, Sydney-based IT manager for The Leading Edge, which employs more than 100 staff in Sydney, Melbourne, Singapore and London.
“We rely on email for all aspects of our work, from selling our services and setting up contracts to client communications.
“When email is down, people are very unhappy. We work on highly critical timeframes for some of our projects. If the email system hadn’t come back we could have lost business.”
Initially, on discovering the problem, The Leading Edge’s IT staff took down the company’s email server and re-established its Internet connection.
But, their efforts to stop the infection proved frustrating. Each time they thought they had fixed the problem and restarted the email server, the infection would reappear in a different form and start sending out spam emails again.
“It was a very hard problem to resolve. We were losing Internet connection, having speed issues then realised we were sending out tens of thousands of emails every hour that were clogging up our Internet server, taking down the system and overloading it,” said Lineen.
“The Botnet (virtual network where external machines use internal email systems to send emails on behalf of someone else – such as a Spanish bank) was changing all the time. They might be sending it from one system, but as we worked through the problem, the emails changed and started coming from different places,” he added.
The company realised it would first have to deal with the symptoms of the problem before addressing the cause.
The IT department at The Leading Edge decided that if it could stop outgoing spam it could restore its email systems.
The company was already protected by an anti-virus solution and an email security solution, but neither could do anything to help.
The email security solution only offered protection against incoming spam and relied on a reputation-based system to identify spam emails, so it was unable to stop spam originating from a trusted source – in this case, the company’s own mail server.
“We had our own anti-virus solution in place and we still continue to use the companies that supplied that. Their products are good for what they do, but not good for helping me resolve my problem.
“I have backed up their systems with Proofpoint so it has given me an extra layer of security. It’s brought my security in-house rather than relying on other companies to manage it from overseas,” said Lineen.
Within 24 hours, The Leading Edge deployed a Proofpoint appliance, which immediately stopped outgoing spam.
The company’s IT staff then set about eradicating the Botnet infection and, when that was done, getting The Leading Edge removed from a number of spam blacklist services that were still stopping some outgoing emails from being delivered.
“These days security threats are changing. The spammers are getting clever – we call them blended threats because as soon as you resolve one thing it masks itself into doing something else,” said Lineen.
“Proofpoint prevented spam leaving the organisation as well as coming in. The solution we had before assumed the problem was on the outside.
“We are confident it won’t happen again. That particular type of threat has been diminished, but who knows what can happen. We used to think it was okay just to have anti-virus software, but that isn’t the case anymore.
“The key thing for me is that I can sleep more soundly now. The Proofpoint solution gives me control inside my network of what’s coming in and going out,” he added.
According to Lineen, Proofpoint has detected 14 spam-borne viruses in the last month that its other solution had let through.
“Spam is not just a problem that exists outside the organisation.
It is just as possible to be something that comes from within,” said Gerry Tucker, regional head at Proofpoint APAC.
“Spam is growing because of Botnets and we are seeing it affect more and more organisations. In many ways outbound spam causes more problems than inbound.
“Blacklisting, for example, can be very disruptive. The bottom line is, if you rely on email and you want to ensure your email works 24 x 7, you need a solution that stops outgoing as well as incoming spam,” he added.
The Leading Edge launched in 1990 and undertakes projects worldwide for clients such as Fonterra Brands, Yum!, KFC and Pizza Hut, Vodafone, Microsoft, Glaxo SmithKline, David Jones and Fosters Group.
Proofpoint provides the leading edge
By Jenny Eagle on Oct 28, 2008 12:17PM
This article appeared in the 27th October 2008 issue of CRN magazine.
In The Spotlight
Got a news tip for our journalists? Share it with us anonymously here.