Proofpoint, Inc., the leader in large-enterprise messaging security solutions, today announced the availability of a new version of its machine learning-based anti-spam technology that features enhanced protection against the latest image-based spam attacks. The Proofpoint Spam Detection(TM) module -- powered by Proofpoint MLX(TM) machine learning technology -- offers the industry's highest effectiveness against hard-to-detect image-based spam, using a unique combination of machine learning algorithms and patent-pending image analysis techniques.
Over the past year, inbound email volumes -- consisting mostly of spam -- have risen dramatically as spammers take advantage of new spam distribution techniques. In a recent study of its enterprise customers' inbound message volumes, Proofpoint found that, on average, incoming email volumes had surged by two to four times in the past 12 months.
Proofpoint estimates that image-based spam now represents approximately 30% of all new spam campaigns. In the month of December to date, image-based spam has accounted for more than 24% of total spam volume. Of these messages, more than 80% use GIF format attachments to deliver the spam payload, with most of the rest using JPEG format images.
"Enterprises are once again facing a spam crisis and most anti-spam solutions are letting unacceptable amounts of spam through to end users," said Sandra Vaughan, senior vice president of products for Proofpoint. "For organizations without extremely effective spam protection in place, spam has become a serious threat to mission-critical communications infrastructure and employee productivity. Proofpoint continues to develop and deliver innovative new spam blocking techniques to our customer base, helping to insulate them from these problems."
Proofpoint's anti-spam solution has continued to perform with extremely high effectiveness against both "traditional" and image-based spam during the latest spam outbreaks -- averaging higher than 99.5% effectiveness during the month of November, as measured against Proofpoint's network of honeypots.
The recent rise in inbound spam volume is due to the rapid proliferation of botnets -- networks of compromised PCs -- that have made it extremely cost-effective to send large quantities of spam because spammers are able to tap into large pools of computing and network resources. This same economy of scale has also made it possible to send more resource-intensive types of spam (e.g., image-based spam) where the spam "payload" is delivered as an attached image, sometimes accompanied by large amounts of text.
In these spam campaigns, each spam message is uniquely customized. Both the images and text used in each message are typically randomized or obfuscated in an attempt to defeat both signature-based and heuristics-based spam filtering techniques. Additionally, the use of networks of botnets allows image-based spam to be sent from an ever-changing or "rotating" set of IP addresses. Many of the nodes in a botnet have no reputation rating with the leading reputation services -- either positive or negative -- and are able to end messages in such a way that they avoid detection by reputation-based anti-spam solutions.
New Proofpoint Technologies for Fighting Image-based Spam
Proofpoint MLX provides outstanding accuracy against all types of spam by examining more than 200,000 structural, reputation and content attributes using a combination of advanced statistical analysis engines, powered by patent-pending machine learning techniques. Traditional anti-spam solutions evaluate only a limited number of attributes and are unable to decisively classify spam, leading to low effectiveness and a high number of misclassified messages ("false positives"). The advanced methods used in Proofpoint MLX are superior to simple statistical techniques such as Bayesian filtering and signature- or fingerprint-based techniques, which are easily fooled by spammers.
Proofpoint continues to be at the forefront in the battle against image-based spam -- from both primary research and practical development perspectives. The latest generation of Proofpoint MLX machine learning technology applies both artificial intelligence and advanced image analysis methods to the problem of correctly identifying image-based spam. Just a few of the new analysis techniques used by Proofpoint MLX to combat image-based and botnet-delivered spam include:
-- Automated image extraction threshold analysis: Proofpoint's backend
systems automatically detect images being used in new spam campaigns by
examining high frequency variations across images.
-- Fuzzy matching for obfuscated images: Proofpoint MLX detects obfuscated
spam images by using techniques that mimic the way human beings
perceive spam. Proofpoint has developed a variety of highly-effective-
but minimally compute intensive-techniques that "see through"
obfuscation tricks used by today's image spammers.
-- Animated GIF spam detection: In one of the newest spammer tricks, an
image-based spam payload is "hidden" in a single frame of an animated
GIF. Proofpoint MLX analyzes the structural and temporal attributes of
animated images to identify those with spam characteristics.
-- Dynamic botnet protection: Proofpoint MLX Dynamic Reputation
continually profiles IP-level connections and source IP addresses,
monitoring for activity characteristic of botnets. When botnet IPs are
detected, Proofpoint MLX automatically rejects image-based and other
types of spam from those sources.
-- Predominant correlation: Proofpoint uses a machine learning technique
known as information gain to identify the very best attributes (or
clues) to use in detecting spam versus valid mail. From the millions of
available attributes, information gain selects those that are most
valuable. Proofpoint has taken this technique a step further with the
introduction of predominant correlation-based attribute selection. This
new technique allows Proofpoint MLX to identify attributes that are
redundant and automatically remove them, ensuring that only the most
effective indicators of spam are considered. This intelligent approach
to attribute analysis maximizes effectiveness (the system's ability to
accurately detect spam) and performance (the system's ability to
rapidly process messages) at the same time.
-- URL analysis techniques: Proofpoint's backend systems perform
statistical analyses of URLs from Proofpoint honeypots and customer
sites, coupled with correlative analysis of URLs and the IP addresses
hosting them. By using advanced network analysis techniques, Proofpoint
MLX can determine if a sending IP address is associated with a known
malicious URL or suspicious ISP and use these associations as a strong
indicator of spam.
These image-specific techniques work hand-in-hand with the hundreds of thousands of other message attributes analyzed by Proofpoint MLX. As Proofpoint's automated machine learning systems and Proofpoint Attack Response Center staff identify new image-based spamming techniques and other threats, MLX engine updates are delivered to customers' local Proofpoint servers. These updates are automatically and immediately available -- without requiring any administrator intervention, manual updates or system upgrades -- ensuring that Proofpoint customers are always protected against the latest threats.
New Proofpoint MLX Performance Enhancements
In addition to its new image-based spam fighting capabilities, the performance of Proofpoint MLX has been increased, making spam analysis up to 40% more CPU efficient. These performance enhancements allow Proofpoint software and appliances to better handle the increased demands of today's high volume email environments.
Availability
The enhanced Proofpoint MLX anti-spam engine is now available as part of the Proofpoint 4 family of messaging security solutions. Current customers of the Proofpoint Spam Detection(TM) module -- using Proofpoint Protection Server software Proofpoint Messaging Security Gateway appliance versions 3.0 and higher -- will automatically benefit from the enhanced protection against image-based spam through regular spam engine updates provided through the Proofpoint Dynamic Update Service(TM).
"One of the unique benefits of Proofpoint's modular messaging security platform is that customers benefit from new spam-detection technologies as soon as Proofpoint introduces them," said Vaughan. "Proofpoint MLX spam engine updates are automatically deployed to customer sites without requiring software updates, system upgrades or administrator intervention."
Learn More about Image-based Spam in Proofpoint's Free Web Seminar
Proofpoint is holding a free, educational web seminar about image-based spam and the new technologies available to combat this growing threat. On Tuesday, December 12 at 2:00 pm ET / 11:00 am PT, Proofpoint product experts will explain the origins of image-based spam, the various techniques spammers use to disguise image-based spam and the steps your organization can take to stop it.
To register, please visit:
http://www.proofpoint.com/image-based-spam .
About Proofpoint, Inc.
Proofpoint provides messaging security solutions for large enterprises to stop spam, protect against email viruses, ensure that outbound messages comply with both corporate policies and external regulations and prevent leaks of confidential information via email and other network protocols. The company's flagship products, the Proofpoint Messaging Security Gateway(TM) and Proofpoint Protection Server(R) provide future-proof messaging security using Proofpoint MLX(TM) technology, an advanced machine learning system developed by Proofpoint scientists and engineers. Proofpoint was founded by technology visionary and former CTO of Netscape Communications, Eric Hahn. The Cupertino, California-based company is funded by investors including Benchmark Capital, Bridgescale Partners, Inventures Group, JAFCO Ventures, Meritech Capital, Mohr, Davidow Ventures, and RRE Ventures. For more information, please visit http://www.proofpoint.com .
NOTE: Proofpoint, Proofpoint MLX, Proofpoint Protection Server, Proofpoint Messaging Security Gateway, Proofpoint Spam Detection, Proofpoint Virus Protection, Proofpoint Zero-Hour Anti-Virus, Proofpoint Content Compliance, Proofpoint Digital Asset Security and Proofpoint Regulatory Compliance are trademarks, registered trademarks or licensed trademarks of Proofpoint, Inc. All other trademarks contained herein are the property of their respective owners.