Outbound Threats: Defend Against Internal Email Misuse
Threats can come from within an organization, as well as without. Whether inadvertent or intentional, outgoing email threats can damage a company through breach of confidential information, loss of intellectual property, misuse of the company’s systems, and costly allocation of resources to remedy the problem. Just as inbound threats need to be stopped at the perimeter, outbound threats must be stopped before leaving the company and causing damage.

MailFrontier’s outbound email protection detects outbound viruses, zombie machines, and policy violations.

Virus Protection
MailFrontier applies its breakthrough Anti-Virus techniques to scanning outbound emails to ensure that dangerous attachments are not being sent from within the company. MailFrontier Anti-Virus keeps the network safe and enables the enterprise to maintain a reputation of safe outbound email.

Zombie Detection
Malicious code can be used to take over an enterprise’s computers, which are then used to send dangerous emails such as spam, phishing, and viruses. These computers are called zombies, because they have been secretly taken over to do the bidding of the hacker. A computer can become a zombie through any method of downloading a virus or Trojan, such as executable attachments to emails and downloads on Web sites. Emails sent from zombie machines will appear to originate from the victim’s computer and will steal computer resources to send the emails, often sent out en masse. These zombie machines can damage a company’s reputation and require costly resources to purge the malicious code.

MailFrontier provides zombie detection that employs multiple identifiers to locate these dangerous machines and stop the transmission of email threats. The identifiers include:

• Machines that are sending out spam, phishing, or virus emails.
• Emails that are sent from an address not in the company’s LDAP address list.
• The number of emails sent out in an hour exceeds the permitted number specified by the administrator.

The administrator can select how to respond to actions flagged as zombie machine identifiers:

• The email messages can be deleted or quarantined.
• An alert can be sent to a designated recipient.
• “Outbound Safe Mode” can be initiated, which:
  • Sends alerts every 30 minutes
  • Prevents dangerous attachments from being sent
  • Allows for the option to delete or quarantine outbound messages with dangerous attachments (for example, executables)

MailFrontier’s multiple diagnostic approach combined with flexible response options enables enterprises to prevent zombie damage while allowing the company to send legitimate outgoing emails.



Outbound Policy
Administrators can establish policy rules that are specific to outbound email. For example, administrators can decide how to process outgoing emails with potentially dangerous attachments or append a confidential signature to emails from Human Resources or Finance. Once policies have been established, emails violating these polices can be identified and appropriate action taken.

Another outbound policy feature is Disguised Text Identification, which protects enterprises from the distribution of intentionally modified information that is disguised in the hopes of avoiding detection. Key word match is not enough to identify confidential information or intellectual property that has been altered to hide its transmission. With MailFrontier’s Disguised Text Identification, enterprises can designate text that it wishes to protect. Disguised Text Identification will then apply statistical methods to identify possible variations of the designated text. The enterprise can then specify how to respond to these flagged emails.

MailFrontier’s outbound threat protection defends the network against internal misuse of email – securing confidential information, protecting the company’s reputation, and preventing costly damage.