2 page Case Study - Posted 11/5/2006
Views: 217
Rate This Evidence:
Financial Services Firm Stems Spam Deluge; Restores E-mail Flow from Hours to Minutes
Banking and financial services firm Sasfin Holdings Limited suddenly saw its spam e-mail traffic spike tenfold—to 165,000 messages per day to one individual—and its existing defenses were powerless to stop it. Only Microsoft® Forefront™ Security for Exchange Server and Exchange Server 2007 stemmed the flow, reducing mail bottlenecks from hours to minutes. Sasfin says the solution also beats its current antivirus software. The company plans to deploy it broadly when it becomes commercially available.
Business Needs
Sasfin Holdings Limited, a South African-based banking and financial services company, is extremely careful about security. It has to be. The company serves the entrepreneurial, corporate, commercial, and private client markets. Its clients’ financial information has to remain private. Communications between Sasfin executives and those clients have to be prompt and reliable—as do communications among Sasfin’s 500 employees on behalf of those clients.
Those communications are enabled by Microsoft® Exchange Server 2003 communications and collaboration software. The company hadn’t been hit by a virus attack in five years, so Chief Information Officer Peter Oeschger had reason to think the third-party antivirus and antispam software the company used was sufficient. Then he discovered otherwise.
Someone appropriated Oeschger’s own e-mail address and used it to send spam to millions of e-mail addresses worldwide. Oeschger became aware of this when his mailbox started filling with 165,000 bounce-back and out-of-office messages per day, generated in response to the spam. Because the e-mails weren’t spam—they were from legitimate e-mail addresses in response to spam—Sasfin’s e-mail security software was blind to it.
“My work life was a mess,” says Oeschger, who refused to change his e-mail address. “We tried everything we had. Nothing could stop it.”
He was getting ten times as much mail as the rest of his company put together. It was taking hours for him to clean his mailbox each day. And Oeschger was hardly the only Sasfin employee affected. The enormous spike in incoming mail flooded Sasfin’s bridgehead e-mail servers, slowing e-mail traffic throughout the company by hours. Bandwidth wasn’t the only casualty; valuable disk space was needlessly consumed by the torrent of e-mail messages, as well.
Solution
Oeschger and his colleagues brought their issue to the Microsoft Exchange Server product team. Could Microsoft do anything to halt the flow of e-mail that was becoming a drag on operations throughout the company?
Yes, it could. Just a week before, Microsoft had released beta software for a new product: Microsoft® Forefront™ Security for Exchange Server, security software designed to provide comprehensive protection against viruses, worms, and spam. The software works with a layered, multiple scan engine approach that helps stop the latest threats while also maintaining uptime, optimizing performance, and simplifying the management of Exchange Server messaging systems.
The solution is the successor to Microsoft Antigen for Exchange Server—formerly Sybari Antigen for Exchange—and one of a planned range of Microsoft Forefront products that will protect ever-larger aspects of a company’s Microsoft-based infrastructure.
To solve its problem, Sasfin deployed Forefront Security for Exchange Server, installing it on a single server running a prerelease version of Exchange Server 2007. The Forefront solution activated the premium antispam services of Exchange 2007, including the Microsoft IP Reputation Service and Intelligent Message Filters. The content filters were trained to search for keywords in incoming messages—“replica watches” and “hot stocks” were the relevant phrases—while bounce-back rules were used to identify offending e-mails.
“Turning on Forefront Security for Exchange Server turned off the flood of spam,” says Oeschger. His mailbox returned to normal—and the delays in e-mail movement throughout Sasfin ended as well, with the e-mail flow speeding up from hours to minutes.
Benefits
Solving its spam emergency gave Sasfin the opportunity to test Forefront Security for Exchange Server more thoroughly. As a result, Sasfin plans to deploy it in production throughout its e-mail environment once it is commercially available.
“We looked at Forefront Security for Exchange Server and it blew us away,” says Oeschger. “We’re a Microsoft shop. We want to use products that will integrate well with what we have. And we’ve seen the Microsoft roadmap for Forefront, so we know this is a product we can use to increasing advantage in the years to come.”
Among the tests that Sasfin conducted, it looked at Forefront Security for Exchange Server’s antivirus capabilities, using the nine built-in scanning engines—five simultaneously—that the software supports. The use of multiple, continually updated engines means that the software is more likely to catch the latest viruses.
“Forefront Security for Exchange Server has caught viruses that got through our other antivirus and antispam products,” says Oeschger.
Oeschger and his team also like the software’s protection against dangerous file types, such as .exe, .zip, and various picture file types. “We have to run a tight ship,” says Oeschger. “We want to stop everything that could conceivably cause a problem. With Forefront Security for Exchange Server, we can.”
Nor does Oeschger expect that extra protection to come at the cost of a hit on performance. Forefront Security for Exchange Server features, such as incremental background scanning and the elimination of redundant scanning, mean that the solution can minimize its impact on network bandwidth and other resources. For example, because the solution places a secure antivirus header stamp on each e-mail message as it is first scanned—whether at the edge or the hub of the infrastructure—scanned messages never need to be scanned again as they move through the infrastructure, reducing the processing load.
“Forefront Security’s elimination of redundant scanning will make a real difference for us,” says Oeschger. “Obviously, processing time and cost affect what we do. Forefront will help minimize those costs.”
Greater cost-effectiveness is a bonus. The bottom-line benefit to Sasfin is greater security. “We had security issues that nothing else could fix,” says Oeschger. “Forefront Security for Exchange Server came to the party and did it. It just gives us more protection.”
For more information about other Microsoft customer successes, please visit:
www.microsoft.com/resources/casestudies
This case study is for informational purposes only. MICROSOFT MAKES NO WARRANTIES, EXPRESS OR IMPLIED, IN THIS SUMMARY.
Document published October 2006
