In-Depth

Briefs: Brand spoofing on the rise; e-Security update

SurfControl reports brand spoofing is on the rise; e-Security updates Enterprise Security Management software

• By Mathew Schwartz
• 07/23/2003

Web and e-mail filtering company SurfControl, which tracks and monitors spam trends and techniques, reports that so-called “brand spoofing” is on the rise. That’s the practice of sending unsolicited e-mail that purports to be from a well-known company—complete with appropriate colors and graphic design—and entices readers to visit the accompanying Web site, sometimes via a customer service-type hook, which looks like the real thing. The site asks users to verify personal or financial information.

Companies recently brand-spoofed include Best Buy, UPS, Bank of America, PayPal, and First Union Bank.

The increase in dangerous spam could also be linked to the growth in the availability of open proxy servers, which allow spammers to send anonymous, nearly untraceable e-mail. According to recent research, the number of identified open proxies grew from 1,000 in October 2002, to 100,000 in April 2003.

E-mail filtering, says SurfControl, can reduce the risk to employees using e-mail at work by blocking spam before it enters the corporate network. In addition, using a product such as SurfControl E-mail Filter, companies can immediately add the spam to the software filter's rules and custom dictionaries.

"Companies need to focus on three things to stay ahead of the spammers: get organized and institute intelligent, articulate acceptable use policies; get smart and use the latest technologies; and get employees educated and engaged in managing their e-mail wisely and responsibly,” says Susan Getgood, a senior vice president at SurfControl.

For more information, see http://www.surfcontrol.com.

e-Security Updates Enterprise Security Management Software

e-Security Inc. released e-Security v4, the latest version of its enterprise security management software. The product consists of three components: e-Security Wizard, e-Security Sentinel and e-Security Advisor.

In addition to incident management capabilities, the software allows for the automatic correlation of security incidents through correlation rules, helping investigators track down and resolve intrusions more quickly, no matter whether it’s correlating a device, application, database, or even physical security.

The software’s management console now also presents information directly from the knowledge base of SecurityFocus (a security company), allowing security administrators to easily research security incidents, compare them against known vulnerabilities, and update devices and IDS signatures quickly.

For details, visit www.esecurityinc.com.