Antispam: Keeping the gate closed


ESET antispam solution has been recognized as best on market. Miroslav Rolko, Antispam Core Development Team Lead, explains what’s behind ESET’s dominance.

First, congratulations on your success in the recent Virus Bulletin and AV-Comparatives tests of antispam solutions. It’s quite rare that two authorities independently award the best mark to both a consumer and business antispam solution from the same vendor, isn’t it?

Thank you. Our hard work has paid off, but I am not quite so sure that it is that rare. Both solutions use the same antispam engine, with small adaptations of course. Thus, it should not be any great surprise that if our business antispam solution is able to achieve best results, then our consumer solution should do the same work.

How can you explain it?

First, we consider spam protection a crucial part of overall internet security and invest serious effort into this area. We have created a cloud solution for the most rapid response from our databases with the focus on the processing of samples, a process which has to be as quick as possible. We are also creating a new cloud solution that connects classical white/black lists with a new generation of our advanced cloud heuristic.

Our solution builds on good old-fashioned statistical methods, along with those that use new processes and techniques from Artificial Intelligence. These allow us to process billions of spam patterns per day. Simply put, our cloud spam filtering system can adapt to changing conditions – learn, if you will – and actively hunt, even for threats that are unknown at the moment.

However, I would like to mention that, even if you have the best solution, you need a little bit of luck to win in tests – especially with antispam tests. There is always a grey area – cases which even a human can hardly tell apart.

An antispam filter does the job of a detective, right?

Exactly. The variability of what the filter deals with is huge… Just imagine that the attacker’s goal is to fool humans. The possibilities to claim legitimacy are countless, so one can’t rest with any pre-defined set of rules – even if they were once fully functional. Crooks learn and improve on their methods. Hence, you need to learn as well – and you must learn quickly.

You say that spam protection is a crucial part of overall internet security. Why is it so important?

First, let me explain why it’s important for the antispam filter to perform properly.

It’s all about false positives.  ESET invests huge resources into minimizing false positives. It’s important at all layers of security because false alarms have a negative impact, but with the spam filter, you deal with end users. So in some cases what you’ve mistakenly filtered out might be a pretty important email. As you can easily imagine, the consequences might be huge.

Well, not only me, but I suspect most of our readers can as well. Now, let’s get back to my question about the importance of spam protection.

Look, at ESET we believe in multi layered security which gives you more chances to stop attacks.

Naturally, the sooner you stop the attack, the better. That’s because if you don’t allow the threat to enter the environment in the first place, the attack effectively stops the moment it is launched – and you can be sure that it’s caused no harm to the protected system.

Of course, no system is perfect and some unwanted emails, maybe with malicious content, may slip past all the controls. For these cases you must also have other layers of security solution – Network Attack Protection, Reputation and Cache, DNA signatures, Exploit Blocker, Advanced memory Scanner, Cloud Malware Protection System, Botnet Protection… All these technologies must work in unison in order to deliver the best possible results.

So it’s better to have an antispam filter integrated into the security solution, you say.

Definitely! Antispam and antivirus in an integrated solution can communicate with each other – It means that they are able to exchange information about new unknown threats and learn from one another. Thus, an integrated solution is more powerful and flexible than having a spam filter alone. 

What trends do you see in spamming and in the antispam business?

First, spam will continue to be the key method of infection.

Second, other methods of spamming will grow in importance. With the rise of social networks – I mean not only proliferation but also due to their importance to consumers and organizations – we can expect a growing interest in the misuse of messages on social networks. Simply, users of Facebook, Twitter, Instagram and other networks will face more and more unsolicited and malicious messages.

Third, spam will grow better. As I’ve already said, the bad guys improve. Not only do they improve at an operational level – gone are days when spam messages were easily recognizable by their poor grammar – but also poor implementation on a tactical level. Spam campaigns tend to be smaller and more narrowly targeted. This is in line with the broader trend of attacks being increasingly well prepared. It’s always a challenge to security when the bad guys do their homework before launching the attack…

Seems to me that all these trends indicate that spam protection is going to be even more important in the future…

Definitely. And with messaging increasingly integrated into our everyday lives and business relationships, spam protection must also become better integrated with other layers of security.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s