Postini to sell threat-identification technology to others

E-mail security service provider Postini Monday made commercially available the Postini Threat Identification Network service, which the company has been using internally to pinpoint senders of spam and malicious e-mail.

PTIN is a real-time analysis technology that examines the sending patterns of IP addresses sending mail to Postini’s customer base and blocks traffic from addresses deemed suspicious, says Andrew Lochart, senior director of marketing with Postini. Each sending IP address monitored by Postini is given a score based on activity – for example, an IP address that suddenly sends out hundreds of thousands of e-mail messages in a short period of time would score high on the potential threat scale – and messages coming from high-scoring addresses would be blocked until the sender’s activity returns to a normal level, Lochart explains.

The data that drives Postini Threat Identification Network is gathered from the 500 million messages the company processes for its customers every day, Lochart says.

PTIN has been a part of Postini’s outsourced e-mail security for three years; now, Postini is making the technology available to three sets of third-party companies. The first are makers of routers and e-mail gateways that want to integrate PTIN into their products to provide an extra level of threat protection, says Lochart.

“Our engineers have figured out they can use BGP (Border Gateway Protocol) to send snapshots of data to the router and update that information… so if a range of IP addresses are engaged in an attack for some period of time, [the updates would say] don’t route packets from them,” Lochart says. Postini is in talks with an equipment maker to purchase PTIN and hopes to make a related announcement in the near future, he adds.

The second group is ISPs who want up-to-date information about any of their members that are considered a threat by PTIN, so the ISP can take action to correct the situation, Lochart says. The third group is companies who provide reputation services to legitimate e-mailers; for these companies Postini would supply a history of sending activity so that the certifier could be sure of an e-mail sender’s reputation.

In June, Postini was awarded a patent with 35 claims that cover how PTIN works. While competitors including IronPort, CipherTrust, Symantec, Trend Micro and others take a similar approach to flagging suspicious IP addresses, Lochart says he is unaware of any other company making their technology commercially available outside of their offerings.

Pricing for PTIN Access will be set on a case-by-case basis, Lochart says.