News

E-Mail 'Biggest' Security Risk, Microsoft Says

• By Jabulani Leffall
• November 10, 2009

An organization's security has a lot to do with its E-mail system, a top security official at Microsoft suggested.

"Messaging is fraught with a lot of challenges," said J.G. Chirapurath, Microsoft's senior director for identity and security, in a phone interview. "It comes down to the integrity of the information and who is seeing it. It's all about secure messaging because when you examine the world we live in, e-mail really is the biggest attack vector, as well as the biggest leak vector."

Microsoft's big news on Monday was the release of Exchange 2010. However, the company simultaneously released a security solution for the new e-mail server called Forefront Protection 2010 for Exchange. Forefront is Microsoft's general brand for a family of enterprise software security products. 

Microsoft officials have been saying that Forefront Protection 2010 for Exchange offers faster malware detection rates, even while it uses multiple antimalware engines simultaneously. In addition, they claim that spam protection is at 99 percent, with about one spam message per 250,000 getting through.

Microsoft's literature suggests that the solution can provide protection anywhere through "identity aware security." IT pros can adjust security levels based on access assignments and system parameters. In addition, the product's management system can help identify critical process owners and implement security measures accordingly.

The focus on enterprise-level security for Exchange has a lot to do with the threat landscape, which has been changing.

"The attacks on the OS are devolving, and [attacks] now happen at the application or workload layers," Chirapurath explained. "So the old paradigms of security and old ways of security need to evolve. Deep integration with Exchange is important, and this is integrated with a platform."

And when it comes to e-mail, everyone is subject to attacks -- even Microsoft security officials.

"I carry a laptop and compute within Microsoft where I know I'm protected," Chirapurath said. "But a lot of the time, I also go sit in a coffee shop and view confidential information; use someone else's network. I open attachments from outside. I use mobile devices and I'm not necessarily immune."

Given such scenarios, Chirapurath said, it's important to have a "business-ready security" strategy in place.