Why is it important to check outgoing e-mail communication as well? What can you learn from that?
May 04, 2020
When it comes to mail filtering, antispam and antivirus, everyone automatically think of incoming mail. Thousands of messages are being send to our servers from the internet every day, and most of them contain a threat. It is therefore logical that we need some reliable filtering, which will rid us of problems in advance and prevent them from reaching our mailbox.
However, checking outgoing mail is just as important, even though most users are not aware of it at all. There is not much talk about outgoing mail, but its filtering is just as important as in the opposite direction. Maybe even more important.
At the beginning, we need to realize who or what can send mail in our network. They are far from just ordinary users sitting at their desk behind the computer. There are usually dozens of different devices in a corporate network that work autonomously and we don't even know about them until something breaks.
These devices can often send automated e-mails. Securing them is sometimes difficult, so they are often misused by attackers to send spam. These are various printers, scanners, sensors, production equipment, disk arrays, remote access systems or, for example, a card access system.
However, the server applications also inform users about their status: corporate CRM, invoicing system, web administration interface and more. All of these systems communicate via e-mail messages. Do you have an overview of what is sent where?
At Virusfree we strongly recommend customers not to stay with incoming mail filtering, but also to extended the antispam and antivirus functionality to outgoing messages as well.
This will allow them to automatically respond to a situation where a device starts behaving abnormally and starts sending mail to the Internet that it shouldn't. Attackers are increasingly targeting various IoT devices such as printers or cameras. They attack its firmware, add their own tools and then start sending spam from them.
The output filter system then automatically notices that the camera has started sending thousands of messages to different addresses and can take action. On the one hand, it can stop these messages, but it can also inform those responsible that something strange is happening.
The second advantage is the storage of operational records of outgoing mail in the filtration system. We are thus able to trace back which devices behave abnormally and detect successful attack.
Outgoing mail filtering is as important as checking incoming mail. Without it, you are half-blind, because you will not see half of your mail traffic. It will remain completely hidden from you and you may not know that the infected printers sends all company documents to an unknown e-mail address somewhere abroad.
Therefore, protect your network and your users by deploying a filtering system that no e-mail will be sent unnoticed.