Stopping spam brings additional security benefits for cable company

Earlier this year, the IT staff at Hellerman Tyton Ltd was struggling with its antispam system. See which appliance helped the cable company reduce its unwanted messages.

Earlier this year, the IT staff at Hellerman Tyton Ltd., a cable management company based in Crawley, was struggling to cope with an unreliable antispam system that was just as likely to block valid email messages as it was to let through phishing messages and other kinds of unwanted mail.

This meant that staff not only had to answer calls from users complaining about spam, but they had to trawl through the spam folder looking for any important messages that had been wrongly blocked.

"We were using a dictionary-based system from a major supplier -- I prefer not to name them as it wouldn't be fair," said IT manager Tony Lambert. "On a Monday morning there could be upwards of 6,000 quarantined messages in the email filter waiting to be checked. We were getting phone calls from people saying they were expecting an important email that hadn't arrived."

On average, Lambert's team would discover 20 to 30 valid messages that had to be released from quarantine from the 6,000, and then they would need to monitor a further 2,000 quarantined messages a day. "We had to check every single message, and sometimes it was difficult to identify why a valid message had been blocked. At the same time, the system was still letting some spam through," says Lambert.

With the contract on the software up for renewal and the supplier offering an upgrade, Lambert took the opportunity to see what else was on the market, and asked for advice from his security supplier, London-based Nebulas Solutions Group Ltd.

"We had a Nebulas engineer putting in a new Check Point firewall at our central services office in Crawley, and I just asked him how they coped with spam. He mentioned the IronPort appliance and offered to give me a demonstration."

Lambert was impressed by the technology from IronPort Systems Inc., now part of Cisco. The appliance works in conjunction with the IronPort SenderBase network, which tracks global threats and captures data from more than 100,000 organisations worldwide to build up a picture of Internet traffic patterns.

Lambert installed a resilient cluster of two IronPort C150 email security appliances, which interrogates all messages before they reach the Exchange mail server, thus reducing a great deal of the work that needed to done beforehand.

The effect on spam was dramatic. "The date is imprinted on my memory, because July 15th 2008 was the day we stopped spam in its tracks," says Lambert. "The appliances just came straight out of the box. We switched on the filter, and that was the end of the problem."

He says his team initially did spot-checks in the spam filter to see if any false positives had gone through. "We have been running this product for a few months now, and I have yet to find a false positive in the spam filter," says Lambert. "It was just like switching a light-switch -- it was the end of spam. And we've not had a virus through either."

Lambert's company continues to run Norton antivirus on the company's 250 PCs and also on the mail server. But the IronPort device also checks incoming and outgoing emails for viruses, providing a second layer of defence.

With the success of the mail device, Lambert says he adopted the IronPort Web security appliance to ensure staff do not go to known infected sites.

The new antispam service has been well received by the company's 250 users, according to Lambert. "We emailed everyone to let them know the new system was going live, and told them to contact us if they received any spam. Two users got in touch, but it turned out that in both cases, the spam got through before IronPort was switched on," he says. "Two or three users have even phoned IT to thank us for stopping the spam."

Bringing the spam menace under control has delivered several other benefits, as he says, "It's had a huge impact on this business. There's been a massive drop in network traffic, so we've made big savings in bandwidth and can prolong the life of our Exchange servers. It's also resulted in a much more reliable network."

Read more on Application security and coding requirements