Postini to offer new threat-ID service

An e-mail security provider last week announced commercial offering of its Postini Threat Identification Network Access, which the company has been using as part of its hosted service to pinpoint senders of spam and malicious e-mail.

Postini's offering is based on a real-time analysis technology that examines the patterns of IP addresses in mail sent to the company's customer base and blocks traffic from addresses deemed suspicious, says Andrew Lochart, senior director of marketing. Each IP sending address monitored by Postini is given a score based on activity - for example, an IP address that suddenly sends hundreds of thousands of e-mail in a short period would score high on the potential threat scale - and messages coming from high-scoring addresses would be blocked until the sender's activity returns to a normal level, Lochart says.

PTIN has been a part of Postini's outsourced e-mail security for three years; Postini now is making the technology available to three sets of third-party companies. The first group embraces makers of routers and e-mail gateways that want to integrate PTIN into their products to provide an extra level of threat protection, Lochart says.

To continue reading, register here and become an Insider. You'll get free access to premium content from CIO, Computerworld, CSO, InfoWorld, and Network World. See more Insider content or sign in.

An e-mail security provider last week announced commercial offering of its Postini Threat Identification Network Access, which the company has been using as part of its hosted service to pinpoint senders of spam and malicious e-mail.

Postini's offering is based on a real-time analysis technology that examines the patterns of IP addresses in mail sent to the company's customer base and blocks traffic from addresses deemed suspicious, says Andrew Lochart, senior director of marketing. Each IP sending address monitored by Postini is given a score based on activity - for example, an IP address that suddenly sends hundreds of thousands of e-mail in a short period would score high on the potential threat scale - and messages coming from high-scoring addresses would be blocked until the sender's activity returns to a normal level, Lochart says.

PTIN has been a part of Postini's outsourced e-mail security for three years; Postini now is making the technology available to three sets of third-party companies. The first group embraces makers of routers and e-mail gateways that want to integrate PTIN into their products to provide an extra level of threat protection, Lochart says.

"Our engineers have figured out they can use [Border Gateway Protocol] to send snapshots of data to the router and update that information . . . so if a range of IP addresses are engaged in an attack for some period of time, [the updates would say] don't route packets from them," Lochart says. Postini is in talks with an equipment maker to purchase PTIN and hopes to make a related announcement in the future, he says.

The benefit for companies is another level of security against e-mail threats, offering an additional component of protection to the "cocktail approach" to security, one analyst says.

"Companies like Postini that handle tremendous amounts of spam are starting to extract the intelligence which will add additional blocking capabilities to organizations, and by pushing that service out to let's say the router level, it would add yet another layer of protection," says Matt Cain, an analyst at Gartner.

The second group to which Postini is looking to sell PTIN is ISPs that want up-to-date information about any of their members considered a threat, so the ISP can take action to correct the situation, Lochart says.

The third group is companies that provide reputation services to legitimate e-mailers. For these companies Postini would supply a history of sending activity so that the certifier could be sure of an e-mail sender's reputation.

Postini in June was awarded a patent with 35 claims that cover how PTIN works. While competitors, including IronPort, CipherTrust, Symantec, Trend Micro and others, take a similar approach to flagging suspicious IP addresses, Lochart says he is unaware of any other company making their technology commercially available outside of their service offerings.

PTIN Access pricing will be set on a case-by-case basis.

Read more about security in Network World's Security section.