Info Security Products Guide - ZixCorp - Identifying Email Vulnerabilities with ZixAuditor

With the constraints of regulatory compliance and the inundation of spam and viruses, protecting the security and privacy of your corporate email is a challenge. The Health Insurance Portability and Accountability Act of 1996 (HIPAA) and the Gramm-Leach-Bliley Act (GLBA) mandate the types of sensitive information that must be secured. Protected health information and personal financial information must be safeguarded when sent over the Internet.

Most users are inundated with spam. Unsolicited email can also contain profanity or viruses. Before investing in content filtering and email encryption technology that will protect your organization, how do you determine what vulnerabilities you face?

Zix Corporation offers ZixAuditor, an email assessment service that enables you to identify corporate email risks, implement more effective policies and procedures, and monitor ongoing communications to determine the effectiveness of your email encryption and content filtering services. It provides objective, statistical analysis of your company’s inbound and outbound Internet email use and the liabilities associated with it.

ZixAuditor tabulates the volume of email sent and received by your organization and the email domains with which you communicate the most. It provides accurate and compelling reports detailing the number of email messages that are spam, contain profane language, or contain sensitive material that needs to be protected. ZixAuditor uses its finely tuned email lexicons to search for these vulnerabilities.

ZixCorp has performed over 350 ZixAuditor email assessments in the past three years for customers who need to understand the level of sensitive and inappropriate content in their email stream.

ZixCorp ® sends you a collection device, a Linux-based network sniffer with 10/100/1000 GB Ethernet ports. This laptop device is positioned at the perimeter of your network where it captures all email traffic. The collector does not require an IP address and is non-intrusive to your existing network structure. It transparently captures all SMTP sessions on port 25, essentially recording all email traffic to and from the Internet.

At the end of the three- to seven-day collection period, ZixAuditor stops listening and begins to encrypt all of the raw binary data it has collected. The collector is shipped back to ZixCorp’s SysTrust™ and SAS-70 certified data center for analysis. An average sample size is about 120,000 email messages. Measured in gigabytes, the ZixAuditor collectors can each bring back sample sizes of 5 GB to 35 GB of email traffic.

The data is offloaded from the collector to processing servers that reside in a secure, standalone environment. The processing servers decrypt the binary data, reassemble the packets into SMTP session files, and recreate the original messages with their attachments.

After decryption and reassembly, the data is parsed, indexed, and scanned against the ZixCorp lexicons and rule sets for sensitive content, spam, and profanity. The lexicons are sets of instructions that tell the content scanner what to look for. They are made up of words, expressions, and numeric and linguistic patterns. Pattern-matching techniques for the lexicon entries include wild carding, stemming, fuzzy logic, Boolean operators, and proximity matching.

The lexicons search for terms, labels, and masks that identify sensitive information and help you see breaches in your company’s policies or lapses in your adherence to government mandates. When ZixAuditor finds a match against one of its categories or sub-categories, it records a hit against that message in the database.

The lexicons look for sensitive content in the following categories:

As a CIO or security administrator, you can request that ZixCorp customize the lexicons to suit the terminology of your specific environment. For example, the lexicons can include terminology that is proprietary or relates to your intellectual property.

The raw results from the database are tabulated in a detailed report that summarizes all database entries by domain and by category. For example, ZixAuditor reports the number of messages that contain potentially sensitive information relating to HIPAA or GLBA that were sent from every domain. The results are presented graphically, making them easy to digest.

The report also contains a time summary of messages sent and received in six-hour intervals over the collection period, indicating which times have peak traffic usage and bandwidth consumption.

The staff of the ZixResearch Center™ takes a random sampling of data to ensure the validity of the computer-generated results. Sample messages are scrubbed, replacing the personal identifiers with generic data and included in the report. This step enables you to see examples of the kinds of sensitive information that are moving through your mail stream. The analysis helps security policy makers and administrators adjust policies, better train users, or justify email encryption and anti-spam technology solutions.

The final report contains a summary of key findings with detailed inbound and outbound traffic statistics and recommendations.

Following completion of an assessment and presentation of the results, all customer data on collectors and servers is destroyed according to U.S. Department of Defense standards.

After you have performed an initial email assessment and introduced encryption and content filtering technologies, running a follow-up assessment can help measure the results of the improvements. Once a baseline is defined, the effectiveness of solutions implemented to protect email is more easily measured. Many organizations find value in completing a ZixAuditor email assessment quarterly, semi-annually, or annually. A follow-up assessment ensures that your encryption and content filtering policies are working effectively to protect sensitive information. As business models and processes change over time, periodic assessments ensure your organization’s technical solutions, regulatory compliance efforts, and corporate polices regarding email remain effective.

Angela MacRae serves as technical documentation manager for ZixCorp’s eSecure solutions. She has more than 20 years in technology product management and marketing.