Antiphishing feature added to Engate e-mail security
- — 28 September, 2007 08:29
Engate Technology Thursday announced a version of its antispam software that the company says includes the industry's first preemptive protection against phishing attacks.
MailSentinel 3.5, available now, features PhishFilet, Engate's profiling technology that blocks phishing attacks at the network level, according to company officials. Engate says catching phishing attacks at the network level results in 99 percent effectiveness and very few false positives.
Engate CEO Wil Cochran says he can't go into too much detail about how the new technology knows a phish when it sees one, because the company has eight patents pending, but he says the feature was developed from the company's existing technology that catches spam at the network level.
MailSentinel 3.5 monitors inbound connection requests from e-mail senders, examining TCP headers and envelope information, he explains. By working at this level, the software can determine whether the message is coming from the domain it claims to be from; if the two don't match, the software knows that the sender is pretending to be a different organization, or spoofing, Cochran says.
While spoofing is an integral part of phishing, it's also used by spam and other e-mail threats; how PhishFilet can distinguish a spam message from a phishing attack is Engate's secret, he says. Connection requests from senders determined to be phishers are immediately dropped.
The advantage to this network-level approach is that companies running MailSentinel never have to accept, store, filter or process any phishing messages they are sent, Cochran says. This is particularly important for financial institutions, which are subject to regulations that say they must archive any e-mail they accept.
"What our competitors do is use a 'cocktail' solution, so they use IP reputation, content filtering, traffic shaping, grey listing, and combine them with hopes of getting a good solution," Cochran says. "What we've patented happens right at the connection layer, so we don't do anything other than this analysis at the connection layer. That's all it takes."
MailSentinel 3.5 comes loaded on a dedicated appliance and is priced starting at US$1,195. The company also sells MailSentinel for inclusion in other hardware makers' devices, such as appliances, routers and firewalls.