28 August 2016 - by Thom Hooker
SmartRules® – Your Email Swiss Army Knife
This month we continue to see strong interest in SMX's content control and data loss prevention engine, SmartRules®.
SmartRules is an engine that SMX developed to co-exist alongside our base filtering service. It is designed and built in New Zealand by SMX's team of talented software developers and email engineers, and since 2008 SmartRules has been helping our enterprise and Government customers enhance their email security. All of the functionality described below originated as feature requests from SMX customers, a recent example being the SmartRules whaling module which came about as a result of some of our customers being the target of whaling attacks.
We alerted our customer base a couple of weeks back about some ongoing CryptoLocker attacks using macro-enabled Word document files and how SmartRules is capable of detecting and blocking these types of files. Since this alert went out the response from our customer base has been phenomenal, with many customers unaware of the extra layers of protection that SmartRules can add to their email security service.
For those customers still considering implementing SmartRules but who don't see the need to enhance their current email security, I'd like to go over some of the key benefits. One of the main reasons customers choose SMX for their email security in general is because of the fully-managed nature of the service. SMX currently employs almost 40 staff in NZ to ensure our customers' email continues to flow regardless of the type of email attack they may be under, the volume of incoming email, or the time of day or night. This strategy means our customers are able to focus on their business rather than on the drudgery of email security.
The last few weeks have been very busy for the SMX operations and support teams, with several serious incidents affecting some of our commercial engines. Fortunately, for the majority of customers, SMX's engineers were able to work around theses issue as they arose with no impact to their email flow. This same proactive management of our customers’ email security also occurs in the SmartRules product. For customers that have deployed our pre-built system rules, SMX admins are able to make adjustments to their SmartRules as new threats emerge. This ability is enabled through the use of our system lists architecture, which enables the SMX support team to make changes to the entire SmartRules user base en masse.
We find that customers usually deploy SmartRules for a specific task but once your organisation has subscribed to the SmartRules service you're able to make use of all the features SmartRules provides.
As there have been some significant additional features developed for SmartRules recently, here’s a summary of some of the common tasks customers are using the SmartRules engine for:
We help our customers in the banking and finance industries to maintain their PCI DSS (Payment Card Industry Data Security Standard) compliance. PCI DSS states that credit card information must not be sent via email and we have a bunch of banks and financial institutions that have deployed SMX's SmartRules with the built-in credit card detection routines. This routine detects credit card details in attachments as well as the body of emails and ensures that our customers who need to be PCI DSS compliant are neither sending nor receiving credit card information.
SMX has a large number of customers in the health sector. Many of these have deployed SmartRules checking for National Health Identifier (NHI) numbers. SmartRules has a proprietary NHI detection routine that we've developed for our health sector customers. Once this rule is deployed customers can be assured that emails or documents containing confidential patient health information aren't being sent out of their organisation.
Some of our SmartRules customers are using it to block certain types of inappropriate content from entering or leaving their site. SmartRules includes system rules (essentially templates) which are paired with a system list, the content of which is managed by SMX's support team. These system lists cover adult, profane, racial and sexually discriminatory language as well as our multimedia lists (covering image, audio and movie file types). Taken to extremes, some of our customers implement our common and MS attachment type rules which allow only common MS Office documents file types plus a few other common file types but denying all other files. This default deny policy is in keeping with Internet security best practice and allows customers to augment these lists as new file types are required to be allowed into the business over time.
SMX recently launched our whaling module which relies heavily on email header inspection. This feature of SmartRules allows customers to restrict the number of addresses senior executives (i.e. Whales) are able to send email from. The SmartRules whaling module looks for emails that are spoofing (forging) nominated executive names and if the reply-to or from headers aren't from allowed addresses it sidelines or rejects the email.
SmartRules supports regular expressions so you can define your own regex to detect certain content. The options here are pretty much limitless and allows customers to create complex rules defining the type of content to detect and block.
We have a bunch of enterprise and government customers utilising our ActiveSMX daemon to integrate their on-premise AD with their SmartRules configuration. Typically, customers use ActiveSMX to synhcronise their AD groups with SmartRules so that as group membership changes at their site SmartRules is seamlessly kept up to date. ActiveSMX runs inside your network on a machine with connectivity to your AD environment so you retain control over when and how often this data is synchronised.
As mentioned above many of our customers use SmartRules as a further layer of protection to detect and block new attacks as they evolve.
As always the SMX helpdesk can provide guidance on how you'd deploy any of the above features of SmartRules for your site. Please contact the SMX helpdesk via email, or phone 0800 769769, select option 1.
If you’d like to discuss SmartRules for your company, get in touch with our sales team via email or phone 0800 769 769, select option 2.