The State of Email Security 2018 Report
The latest threats, confidence killers and bad behaviors—and a cyber resilience strategy to fix them
Transnet is a diversified organisation whose sole shareholder is the South African government. It operates and controls the major transport infrastructures within South Africa, affirming Transnet as the biggest player in the Southern African transport arena.
With an excess of over R70 billion in assets. Transnet is uniquely positioned to play a substantial role in the future development of the region. As part of an endeavour to increase the competitiveness of the South African economy, Transnet is committed to delivering integrated, seamless transport solutions to their customers in the bulk and manufacturing sector.
As a public service company, email is absolutely critical to the Transnet group as a whole. The group is a large organization with a high staff complement and large volumes of critical email being sent between suppliers, partners and stakeholders on a daily basis. The nature of its business exposes the company to public liability, with email correspondence clearly increasing this exposure.
Transnet’s subsidiary companies (12 in total), each have their own domain, with MX records pointing to one of two email systems. One system included Trend Micro, a well known anti-virus vendor and the other a Linux-based Sendmail system with additional Trend Micro systems. Mail would flow from the Internet to one of the mail systems, where it would either be deleted based on attachment type or the presence of a virus, or passed onto the internal Exchange clusters. The outbound mail route followed the same path in reverse.
Transnet did not have an anti-spam solution in place, which meant an increasing number of spam emails were getting through and interfering with productivity. Transnet, as with all companies, was concerned about taking on a quarantine-based system due to manageability issues experienced with their current anti-virus solution.
Emails containing viruses or disallowed attachment types were automatically deleted without regard for business content due to administrative overheads. Transnet was concerned about the legal ramifications of this practice, as well as the impact the lost communication could have on its business. As a high profile company it is imperative that Transnet is seen to be applying best practice across all areas of the business.
Transnet’s email infrastructure is a complex environment and troubleshooting problems in a system of this complexity was incredibly difficult due to low levels of visibility across their broader email environment. Afundamental requirement was to obtain granular information on every aspect of the email system, combined with a better ability for identifying and solving any problems that could arise.
The Mimecast converged platform offered Transnet an unsurpassed set of benefits as well as a cost-effective solution to the challenges it faced. The first of which was its unique ability to comply with ECTAct requirements through its connection-based approach to anti-virus and anti-spam, available through the security module. Mimecast’s archiving functionality provided the capability for the storage and recovery of emails and associated data, while the Marketing Advantage module enabled Transnet to both manage email disclaimers and leverage their corporate identity.
Transnet requested that Mimecast provide a proof of concept (POC) to stress test the service across all companies within the group and to access its ability to deliver on the stated functionality and low management overheads. Based on sizing criteria supplied by Transnet, Mimecast prepared and delivered a POCsystem well within the project timelines (24 hours). The POCran successfully for a period of 3 months during which all aspects of the converged platform were thoroughly tested before officially going into production.
At the POCstage, Mimecast created visibility on important email architectural issues that were previously hidden to Transnet. Mimecast reporting highlighted that a significant volume of emails were being delivered to previously decommissioned domains and competed for limited resources. In addition, some obscure shortfalls in the email security architecture were exposed. Mimecast removed a number of outbound viruses not detected by the current anti-virus systems, which would have been damaging to the group’s external reputation.
Worldwide virus outbreaks such as the sober.u variant event brought traditional anti-virus systems to their knees as general email volumes increased ten-fold and slowed the delivery of email over the internet. This event had zero effect on Transnet’s email systems however as Mimecast’s ARMed SMTP(Advanced Reputation Management) technology shielded Transnet from the attack and the outbreak went by unnoticed.
Mimecast also quickly exposed email usage patterns that showed high levels of personal emails with large multimedia attachments clogging already limited and expensive bandwidth and in the process identifying email bottlenecks. Following successful completion of the proof of concept, the Mimecast service went live.
Mimecast has successfully delivered on its undertaking to supplying a low management and compliant perimeter email protection service. Transnet’s 16,500 users have seen a total eradication of spam with no false positives and no quarantine folders to babysit. At the same time potential privacy concerns have been eliminated. Administrators are now able to identify email-related problems promptly, which when matched with the improved visibility into email architectures, has simplified general system management, reduced costs and administrative overheads.
Using Mimecast’s granular policy management system, business unit managers have been able to effectively enforce email usage policies and gain better insights into divisional email communications, even identifying email misuse. Users are able to successfully request the recovery of lost and deleted email and to track delivery of email to outside parties.
This aspect of the technology also includes an invaluable real-time email continuity feature which provides access to both new and historical emails during an email server or site outage. This is possible due to Mimecast’s ability to act as a live standby mail server at the perimeter and enables business to continue functioning when it would otherwise stall until repairs were complete.
As a converged service, Mimecast has taken over the role of a number of inadequate systems, saving Transnet on unnecessary product license fees, freeing up hardware for redeployment and protecting Transnet from unquantifiable legal risk of false-positives. Mimecast has also vastly increased visibility and management of the email environment. Reduced management overhead has freed up administrators to focus on other projects and outsourced partners have been able to improve service levels to Transnet.
Many organizations think their current email security systems are up to the task of protecting them. In …
Using Microsoft Office 365™ or snapshots from backup or storage solutions for protection and recovery? You …
Email is the number-one application that organizations depend on for communications. Unfortunately, it is also …