Late last week, security researchers contact ISPs that were apparently hosting various command and control servers used by the botnet in an attempt to shut the network down (not unlike the original takedown of botnets hosted by rogue ISP McColo). Apparently approximately 20 out of 30 of the C&C servers used by the Pushdo/Cutwail botnet were cut off from the internet, possibly having a short-lived effect on overall spam volume.

As other vendors have seen, spam fighters in the Proofpoint Attack Response Center tell me that Proofpoint's own spamtraps (sometimes referred to as "honeypots") have not seen a volume decrease, but noted that the volume pattern—the natural rises and falls in spam volume that accompany new spam campaigns—have been more "spikey", with bigger fluctuations between high and low volume than we are used to seeing. It's unclear if this behavior is at all related to activities around the Pushdo/Cutwail botnet.

As always, email volumes, especially those received by large enterprises, can fluctuate wildly. This is driven in part by general spam and malware sending activity, but also from attacks that attempt to target specific organizations whether they are attempts at denial-of-service, directory harvest attacks, or targeted phishing attacks.

This ongoing unpredictability is one of the key reasons that many organizations have (or are looking at) moving their inbound email security protection to a SaaS model. The rationale being, "Why worry about properly scaling your email and email security infrastructure to meet worst case scenarios when the same type of protection and control is available "in the cloud" at a much lower total cost-of-ownership?"

Today we released the latest edition of our Outbound Email and Data Loss Prevention in Today's Enterprise report, now in its seventh year. As always, this report contains a huge number of interesting findings. Check out the video preview, above, for just a few of the top findings. This year, IT decision makers from 261 large US enterprises (all with 1000 or more employees) responded to our survey, conducted with the help of Osterman Research.

You can find more highlighted findings about how large enterprises manage data loss risks in our press release. Better yet, download the complete report, by visiting http://www.proofpoint.com/outbound.

I'll be blogging more about this throughout the week, but here are just a few of the most interesting findings:

Proofpoint found that, despite a growing awareness of data loss risks, large enterprises continue to be impacted by data loss at a surprising rate:

• 36% of respondents said their organization was impacted by the exposure of sensitive or embarrassing information in the past 12 months.
• 31% of respondents said their organization was impacted by the improper exposure or theft of customer information in the past 12 months.
• 29% of respondents said their organization was impacted by the improper exposure or theft of intellectual property in the past 12 months.

Enterprise concerns and data loss events from social media continued to rise in the past 12 months:

• Social Networking Sites (such as Facebook and LinkedIn): 20% of companies investigated the exposure of confidential, sensitive or private information via a post to a social networking site. 7% of companies terminated an employee for social networking policy violations. Twenty percent disciplined an employee for such violations. 53% are highly concerned about the risk of information leakage via social networking sites. 53% explicitly prohibit the use of Facebook, while 31% explicitly prohibit use of LinkedIn.
  
• Blog and Message Board Postings: 25% of companies investigated the exposure of confidential, sensitive or private information via a blog or message board posting. 11% of companies terminated an employee for blog or message board posting policy violations. 54% are highly concerned about the risk of information leakage via blogs and message boards.
  
• SMS and Web-Based Short Messaging Services (such as Twitter): 17% of companies investigated the exposure of confidential, sensitive or private information via one of these services. 51% are highly concerned about the risk of information leakage. 49% explicitly prohibit the use of Twitter.
  
• Media Sharing Sites (e.g., YouTube, Vimeo): 18% of companies investigated the exposure of confidential, sensitive or private information via shared video or audio m5edia. 9% of companies terminated an employee for media sharing/posting policy violations. 21 disciplined an employee for such violations. 52% are highly concerned about the risk of information leakage. 53% explicitly prohibit the use of media-sharing sites.

Financial services firm National Financial Partners has been a long-time user of Proofpoint's SaaS email archiving solution and, more recently, also deployed Proofpoint's SaaS solutions for inbound and outbound email security. 

Dán Salomon, NFP's Senior Vice President of Technology, kindly took the time to speak with me about how his organization uses Proofpoint's SaaS solutions and why he feels that performing email archiving and email security functions "in the cloud" is more secure than taking an on-premesis approach. Beyond the cost advantages of SaaS, Dán explains the other business drivers for adopting Software-as-a-Service in this video (recorded on location at Proofpoint's 2010 "Inner Circle" customer event in New York).

My thanks to Dán and NFP for his willingness to discuss his approach and for allowing us to share this interview here!

Echoing many of the same issues that Proofpoint CEO Gary Steele noted in his recent guest blog post at Byron Acohido's "Last Watchdog" blog (see "Why Wall Street is Boosting Investments in Tech Security"), Intel and McAfee gave the following rationale for the acquisition:

First, security is fundamental to today's computing environment. Intel CEO Paul Otellini is quoted as saying, "In the past, energy-efficient performance and connectivity have defined computing requirements. Looking forward, security will join those as a third pillar of what people demand from all computing experiences."

And those "computing experiences" are becoming more and more pervasive. The explosive growth of Internet connected devices—not just PCs but smartphones, tablet computers (like the iPad, the rumored Google Chrome OS pad, etc.), even ATMs, medical diagnostic equipment and on and on—requires better security for those devices to prevent exploitation and protect private data held and processed by those devices.

As security vendors regularly point out, security threats continue to proliferate rapidly and are becoming more complex and more costly to remediate. In the email security space, for example, targeted attacks such as spear phishing, the use of multiple attack vectors (combining email, web and social media components) and more clever social engineering are now commonplace. "The cyber threat landscape has changed dramatically over the past few years, with millions of new threats appearing every month,” says McAfee CEO Dave DeWalt.

McAfee's online announcement also notes that, "The current cybersecurity model isn’t extensible across the proliferating spectrum of devices – providing protection to a heterogeneous world of connected devices requires a fundamentally new approach to security." Which I think is a rather verbose way of saying that network security in today's world needs a major "re-think" and that certain security functions and controls need to migrate further down the IT application stack and be more of an integral part of the hardware and firmware that power new devices.

Additionally, Intel notes that this acquisition is part of their ongoing effort to broaden its IT footprint, delivering not just hardware but software components. Notes the Intel announcement, "Intel has made a series of recent and successful software acquisitions to pursue a deliberate strategy focused on leading companies in their industry delivering software that takes advantage of silicon. These include gaming, visual computing, embedded device and machine software and now security." (Intel's acquisitions of embedded/mobile software vendor Wind River and gaming AI/physics vendor Havok are cited.)

Expect this news to spur ongoing M&A activity in the security space. And, more importantly, the trend toward making security more of a core component of computing devices—rather than an afterthought—will make for a safer computing world.

"Organizations are drowning in e-mail and often find it difficult to get the problem under control. Very few companies have a comprehensive and well-enforced e-mail retention program which determines what messages are kept and for how long.

A message retention program, however, is becoming a business necessity as organizations struggle to comply with external regulatory requirements, internal records management needs, demands for e-mail discovery to support litigation efforts and demands from users for preservation of legitimate business messages."

You can read the full version of Gartner's report, Building an E-mail Retention Strategy, courtesy of Proofpoint, by visiting the following URL:

http://www.proofpoint.com/id/email-archiving-strategy/index.php

Pictured at left is our updated datasheet about Proofpoint Enterprise Archive, which has been enhanced with information about the latest features. (You can click the image to snag a PDF copy.)

The new version adds full support for Microsoft Exchange Server 2010, including support for Outlook Web Access, access to stubbed attachments and advanced search capabilities.

It also supports organizations that are migrating from earlier versions of Exchange—or that have complex email environments—because it's compatible with environments that use multiple Microsoft Exchange server versions including 2003, 2007 and 2010.

One of the primary benefits of Proofpoint Enterprise Archive is that it helps reduce legal discovery risks and costs. By providing a secure, searchable repository of all email messages, Proofpoint's email archiving solution makes it easy to perform early case assessments, instantly preserve data in active legal holds and enforce email retention policies.

“eDiscovery is critical to our firm, as attorneys must be able to store and search email records quickly during the legal hold stage at the beginning of the litigation process,” says Proofpoint customer Steven Heller, director of technology for law firm Graubard Miller (for more on the benefits Steven and his firm have realized, see this previous blog post). “We continue to trust Proofpoint for our archiving needs and are thrilled with its ability to generate search results in near-real time. New legal hold features will empower our team to track and identify key information faster and easier than ever before.” 

The new release includes a variety of enhancements to help streamline the eDiscovery process:

• Proofpoint Enterprise Archive’s active legal hold capabilities allow attorneys and staff to instantly preserve data in legal holds, in contrast to inefficient, manual, methods that are difficult to track and audit and increase legal risks of data spoliation.
• Enhanced eDiscovery capabilities make it easier for legal teams to search data in near real-time to prepare for HR, regulatory or litigation issues. Proofpoint Enterprise Archive now supports data export to EDRM XML, a standard format used in the legal industry to simplify the movement of archived data to other legal analysis tools. New search capabilities also benefit end-users who can more easily perform complex searches of their own archived email.
• Proofpoint Enterprise Archive includes compliance and supervision features for industry-specific rules and regulations such as FINRA, GLBA and HIPAA, as well as SEC policies for email storage. For organizations with supervisory compliance requirements (such as compliance with FINRA rules) Proofpoint Enterprise Archive now makes it easier to handle larger groups of supervised users, perform supervision searches and randomly sample data for auditing purposes. An enhanced supervision workflow allows records managers and compliance officers to more easily manage multiple supervision queues.

You can learn more about the solution in our complete press release... And see my next blog post for the link to a new Gartner report on email archiving strategies...