Follow

Does MDS OmniNet replace existing spam filtering services?

OmniNet does not replace existing spam filtering services and in fact recommends partners to leverage leading proxy based spam filtering vendors for such type of filtering as an additional layer of protection.

 

Spam and unwanted email has been a major headache since just about the time email was invented.

Traditional email protection against this includes software that resides on the email server itself, services in "front" of the email server, as well as basic checks against sending domains and IP addresses of connecting servers depending on email server configurations.

Its no secret spam filtering vendors have moved to the Cloud to provide proxy level spam filtering and have proven very efficient and placed in a strategic position to offer emergency "bagging" services should any interruption at the receiving email servers location.

 

How does OmniNet help today?

Many layers of OmniNet work to help keep your locations secure.  The architecture of the email solution will determine how OmniNet will help.

 

Email Servers not using encrypted connections

OmniNet Antivirus engine scans traffic as emails are received and blocks infected attachments.

OmniNet detection would trigger if something slipped by and is trying to communicate to a C2 server with our botnet detection.

OmniNet blocks connection attempts to any links in an email and anything that link would try to download in the background using our Web Filtering and Application control engines.  When these connections are attempted, our IP and URL reputation checks would put the brakes on the connection for URLs or IPs known to be hosting malicious content and inform the user accordingly.

IPS and DDOS defense sits in front of your email server that if it is in-house and connected behind OmniNet services.

 

Email Servers using encryption for external connections

 

Scenario A:  

Externally Hosted Email Server with SSL sessions between client and server

 

Details:

AntiSpam and AntiVirus is a very important layer of defense - AS and AV should happen at their mail server, or in front of it (Recommended).  They can use Email Proxy services for scanning email before its delivered to their email server and outbound after it leaves their email server. 

Note: OmniNet is looking to integrate with a select proxy email scanning service as a checkbox enable option within MDSManager in the future.

 

How OmniNet helps in this scenario:

Since their email is encrypted, we wouldn’t peer into it, and we can’t see where the mail is originating from if its an externally hosted email service.  (i.e. via POP), it’s already arrived at their external email server (Such as Godaddy) so the filtering should be done there.  Whatever their email server has allowed to be delivered will in turn be downloaded to the client.

In this scenario, where OmniNet comes in at that point is the detection if something slipped by and is trying to communicate to a C2 server.  Additionally, OmniNet would block any links in an email and anything that link would try to download in the background using our Web Filtering and Application control engines.  When these connections are attempted, our IP and URL reputation checks would put the brakes on the connection for URLs or IPs known to be hosting malicious content and inform the user accordingly.

 

Scenario B:

Internally Hosted Email Server with SSL sessions to external recipients

 

Details:

AntiSpam and AntiVirus is a very important layer of defense - AS and AV should happen at their mail server, or in front of it (Recommended).  Recommendation would be to use Email Proxy services for scanning email before its delivered to their email server and outbound after it leaves their email server. 

Note: OmniNet is looking to integrate with a select proxy email scanning service as a checkbox enable option within MDSManager in the future.

 

How OmniNet helps in this scenario:

Since their email is encrypted, we wouldn’t peer into it, however for incoming external email we CAN see where the mail is originating from, since this is an internally hosted email service.  (i.e. in house Exchange Server).  

In this scenario, as delivery attempts are made with connections to their internal email server, our IP reputation engine would kick in denying connections from known bad IP reputation source (i.e. know spam server IPs) and therefore preventing delivery from known bad sources.  Additionally, when the email is opened OmniNet would  at that point allow detection if something slipped by and is trying to communicate to a C2 server.  OmniNet would block any links in an email and anything that link would try to download in the background using our Web Filtering and Application control engines.  When these connections are attempted, our IP and URL reputation checks would put the brakes on the connection for URLs or IPs known to be hosting malicious content and inform the user accordingly.

 

 

 

Have more questions? Submit a request
Powered by Zendesk