Sybari: Enterprise Messaging Security with Smarts

Email Print Digg This Add to del.icio.us

Continued from Page 1.

I can also add on two other optional modules: Sybari's VCL Antispam and SpamCure Engine. We all know that there are over a sextillion ways to say "Viagara" -- it's specifically 1,300,925,111,156,286,160,896 (not that once isn't already enough). So, can a spam engine pick up all the variations that would appear in spam telling you how to enhance this body part or that? With these two modules, your ability to minimize this to near nil is greatly increased.

Now, there is the SpamCure Engine, which is a signature-based spam detection tool. This can be helpful at finding the more common spam and eliminating it immediately. What's intriguing about this spam engine is that it's not just a simplistic signature-based engine but actual does a variety of verifications and updates (as quick as one every 15 minutes) so that false positives are minimized.

The core of the SpamCure engine is the STAR (Spammer Tricks Analysis and Response engine). STAR looks are a variety of factors including hashing messages (spam messages are often repeated elsewhere and will carry the same hash size for the message body size), extra HTML found in messages, any embedded content, foreign languages and invisible characters (again, more HTML — the person that includes HTML into emails should be severely punished).

Now, if we left it at the SpamCure engine that might suffice for most but this is a world of layered security and having more options means minimizing risk. Enter VCL.

Sybari's VCL (Vector-Based Classification and Learning) is a heuristic spam module, for lack of a better description, but it's not just an average heuristic engine. Instead, it's a rather intelligent engine that uses algorithms based an interesting mathematical idea of Support Vector Machines. Basically, it learns based on statistics, regression and functional analysis as well as learning theories. So rather than basing its decisions on a set baseline and looking at what might stray from the mark, it learns what might be spam and what might not.

This should mean that if I send a like to a friend to this site (very safe for work bird-watching site, despite the seemingly suggestive URL), for instance, it would pass through the filters since it's not relying on a simple word matching. This should mean, in this case and many others, a reduction in the potential for false positives.

One of the last comments on this product that I'd like to make is that the same product can be used for each version of Notes. So even if you are using R4, R5 or R6 you can use the same product. This means that if Notes released R7 today, then you could use the same product that you already have. This is the kind of flexibility that helps companies stay ahead of the game.

As I was writing this article, there was an interesting development: Microsoft was going to buy Sybari. While one might speculate that this was the anti-virus software that Microsoft has been talking about to include with future OSes, I somehow doubt it. Antigen is designed for server products and larger loads. I could see MS including multiple engines and you'd end up with an auto-update feature that would tell you when an engine needs a new update, download it from MS and off you go. Perhaps it could mean two engines as default rather than four.

In light of this, it will be interesting to see how the technology evolves. If they are allowed to continue to produce the Antigen product as they have, then this will be a proverbial "good thing". What many fear is that the MS-branded successor will compromise on some functionality out of a desire to piece together an all-in-one product. This works OK for the home user but can be a nightmare for the enterprise.

After discussing this with a friend who is a Lotus Notes administrator, she is worried about what might happen to Sybari and it's Notes support since Microsoft hasn't been too big on Notes in general (not surprising since they would obviously support Exchange). For now, we have to wait and see what the future will hold.

If Microsoft is able to stick to Sybari's vision for Antigen, then you should make Antigen a permanent fixture in your email environment. That way, you can spend your days trying to catch a glimpse of the little bird with a naughty-sounding name.

Contact Sybari for pricing information.

Email Print Digg This Add to del.icio.us