May 05, 2008, 9:28 AM — With about 90 percent of all emails today being spam, it's hard for even the best anti-spam program to keep up. And what's worse is that spammers are constantly developing new techniques, such as image-based spam, to sidestep the filters. What if you could determine ahead of time, the intentions of everyone who sends you an email? Wouldn't it be wonderful to know, without a doubt, who the bad guys are? What if there were a central authority that knew the reputations of everyone who has ever sent an email? As it turns out, you don't have to be a mind-reader. Reputation-based security is very similar to what the financial services industry has created with credit agencies. Every person who has ever paid a bill or used a credit card has a credit score-a credit reputation, if you will. When you want to buy a new car, the finance company looks at your reputation, and then decides whether or not to let you past the gates and give you some money. We now have the same thing for people who send emails.
Dmitri Alperovitch, Chief Research Scientist at Secure Computing and developer of reputation-based security, talks about the evolution of spam, the next big thing in spam prevention, and how to identify the culprits before they bombard your email server.
Where did reputation based security come from?
It was an invention of CipherTrust, and since then, a variety of other companies have applied it to the email security area as well. When we were working on spam detection at CipherTrust, which was bought by Secure Computing, we realized early on that it made sense to aggregate information on a global level and to collect data from all of the customers that we had deployed at that time, and apply behavioral techniques not on an individual box, but on the cloud where you have a much broader view into email traffic.
You're the point man on reputation system development. What led to your development efforts in this direction? Was there an "aha" moment when you knew that you had to create a reputation system?
Spam was starting to take off in the early 2000s and we were developing antispam technology fairly early on. We realized that a lot of this analysis that we were trying to put on the spam gateway itself would really work much better if we had a view into more traffic. The only way to do that is to put it in the cloud, and have all of these devices talk to the cloud, report what they are seeing, and get information back from the cloud. So that was the "eureka" moment that we had, where we said, "hey, let's try to get as much data as possible." And the only way to do that is through this centralized authority. It's very much akin to a credit agency. If you're a store and someone comes in to apply for credit, you can look at the local history that you may have on that person, but that can only be so effective if this is a new customer or a customer that's purchased only one or two things from you. But if you aggregate together with all the stores in the nation, which is what credit agencies do, you can build a much more accurate profile. That was the approach we took with this system.
And at that point nobody else had ever done that yet.
Exactly right. The blacklists were out there but they were not really doing the analysis globally; they were distributing the information globally, and that was the difference.
How does reputation technology differ from a real time blacklist?
