As New Zealand’s state-funded and largest broadcaster, TVNZ plays the leading role in reflecting and fostering New Zealand society and culture on screen.

A high profile target for malicious email, TVNZ in August 2004 established that close to three quarters of its 1.1 million monthly emails was spam. The huge volume of spam was clogging its email infrastructure and contaminating personal email accounts with often offensive email.

Partnering with New Zealand IT and consulting company Fujitsu, TVNZ has implemented an IronPort email gateway security appliance ported with Symantec’s Brightmail AntiSpam. This has enabled TVNZ to stop spam and other email threats at the corporate gateway, saving the organisation an estimated $700,000 annually.

A rising tide of email threats
The challenge with spam is protecting users from having to manage it themselves, but not setting security levels so high that legitimate email doesn’t get through.

TVNZ’s antispam software was struggling to cope with the growing number of email threats. Its system filtered only known spammer addresses, which meant a huge number of illicit emails were able to permeate TVNZ’s email infrastructure. In a single month TVNZ could receive up to 775,000 spam emails.

The situation came at a cost: the huge volume of spam was eating up network resources and clogging email infrastructure; and users were distracted from their work by the effort required to sift legitimate email from junk and having to create individual filtering rules within Outlook. What’s more, the false positives TVNZ engineers had to investigate was taking a lot of time.

TVNZ Technology Group manager Mary Brawn says spam needed to be stopped before it actually got inside the email infrastructure, but not at the expense of getting legitimate email to intended recipients.

“The solution we had in place at the time was not robust and we were getting a lot of false positives. So we evaluated a number of different solutions and thought the combination of IronPort and Brightmail stacked up in terms of robustness, simply because it screened spam before it entered the email infrastructure and all but eliminated false positives.”

Changing the battlefield
By deploying an IronPort email gateway security appliance, TVNZ gets the very best in antispam detection technology and a platform that deploys filters to keep threats outside the email infrastructure.

“The idea behind this solution is to stop malicious emails getting into our email infrastructure. The IronPort appliance actually stops malicious emails getting into our system at all,” Brawn says.

A core function is IronPort’s reputation filter, called SenderBase, which performs a threat assessment of the sender. The assessment returns a reputation score that allows IronPort to apply mail flow policies, as specified by the administrator. More suspicious senders are throttled or eventually blocked, whereas recognised senders, such as customers and suppliers, are given access. SenderBase also integrates with active directory, intercepting email sent to users who don’t exist in the organisation, effectively combating dictionary attacks.

In tandem, IronPort’s Virus Outbreak Filters (VOF) detect new virus outbreaks in real-time. IronPort’s approach to virus detection with VOF does not follow methodologies used by other vendors, Fujitsu IronPort email gateway specialist, Keith Mataranglo, says.

“Other vendors typically cannot delete suspicious email or attachments before they have affected the network. This is analogous to placing the ambulance at the bottom of the cliff.” IronPort quarantines suspicious email, allowing the antivirus vendor time to discover and identify the virus and create an antidote to that condition. “In this way, IronPort provides an effective and extremely complimentary approach to virus detection and prevention at the corporate gateway.”

Prevention better than cure
Since go-live, calls to TVNZ’s Service Desk have reduced significantly. What was between ten and thirty weekly spam related calls has fallen to just a few, indicating a high degree of filtering accuracy. Moreover, TVNZ’s Service Desk hasn’t received a single request to investigate email that users suspect has been quarantined.

This has been a huge time saver, because each user query took approximately two hours for a technology engineer to resolve. Spam is no longer a problem. The distractions of sifting inboxes bursting with spam and managing Outlook filtering are problems of the past. Spam is now controlled though a quarantine server, where it is analysed by a Brightmail antispam rules engine, so only legitimate email enters TVNZ’s email infrastructure.

“The system is extremely accurate. It learns all the time, so we encounter very little trouble,” Brawn says. “There have so far been no reported false positives.”

Payback has been extremely rapid. TVNZ has put an annual figure of $700,000 on the cost of spam – a function of technology engineering support and wasted use of infrastructure and impaired staff productivity.

“Fujitsu worked closely with us to ensure implementation was easy and trouble free. It is very much like a set and forget system – very black box, which is a good thing in technology because it reduces our need to manage and maintain it,” Brawn says. “In our assessment this is the best performing product available. The combination of IronPort and Brightmail is extremely effective.

FOR MORE INFORMATION//

FUJITSU NEW ZEALAND
+64 9 921 8093
www.fujitsu.co.nz