The Asia Video Industry Association’s (AVIA) Future of Video India conference opened to a full house with a keynote conversation with Shri Apurva Chandra, Secretary, Ministry of Information and Broadcasting (MIB). Secretary Chandra stated that with OTT (over-the-top), Indian content has become more accessible and more acceptable to a global audience. “Quality of content has always been very good in India, but now it is easier for Indian content to travel across the world. OTT has helped it in a big way,” said Chandra. He also reiterated the need for OTT to continue with a soft touch approach, as the three tier self-regulatory system has been working well. While there were concerns that light touch regulation has led to less desirable content, he remained of the view that the industry needed to be more self-aware so that the government need not step in. Chandra also shared that a National Broadcasting Policy has been in the works, as the industry was becoming more fragmented. However, this would take time in order to balance the conflicting interests of all the disparate parties.
Meltwater, a global leader in media intelligence and data analytics, today announced the availability of Meltwater Enterprise Intelligence Suite, a comprehensive offering that promises vital insights and transformative impact to enterprise clients.
5G will account for over two-fifths (41%) of mobile connections in the Asia Pacific (APAC) region by 2030, up from 4% in 2022, according to the GSMA's Mobile Economy APAC 2023 Report.
Meltwater empowers companies with a suite of solutions that spans media, social, consumer and sales intelligence by analyzing ~1 billion pieces of content each day and transforming them into vital insights. Now, the company announces new AI-powered product innovations across multiple solutions that allow customers to surface insights, boost efficiency, and generate content.
A new study from Juniper Research forecasts that the greatest merchant losses to fraud will be via remote physical goods purchases, with losses reaching $5.1 billion across emerging markets in 2028, up from $1 billion in 2023.
Media placement and creative work hand in hand when it comes to effective advertising strategies. A new study by MAGNA Media Trials and Yahoo set out to understand the role that creative quality plays in ad effectiveness, and the elements that contribute to quality creative. Creative, the Performance Powerhouse found that while media placement helps marketers find consumers where they are, creative quality was responsible for 56% of purchase intent, illustrating the strong performance of both tactics as they work together. The study suggests that marketers can greatly benefit from making small improvements to their creative in order to optimize ad performance, while also driving brand quality and trust.
Akamai Technologies, Inc. announced entering into a definitive agreement to acquire Neosec, an API detection and response platform based on data and behavioral analytics.
Microsoft has released its fourth edition of Cyber Signals, highlighting a surge in cybercriminal activity around business email compromise (BEC), the common tactics employed by BEC operators, and how enterprises can defend against these attacks.
Cryptocurrencies can be notoriously volatile. With prices fluctuating rapidly and without warning, a single tweet can shift a token price by 40%, only to see the price plummet in a matter of hours. While fluctuations are expected within crypto currency, you need to be able to spot the difference between what is a normal event, and what is a scam.
The democratization and acceleration of generative Artificial Intelligence (AI) originated in the business-to-consumer (B2C) market with the release of popular applications like ChatGPT and Stable Diffusion. But the B2C market will barely scratch the surface of generative AI’s potential economic value.
IBM announced plans to expand its relationship with Amazon Web Services to help more mutual clients operationalize and derive value from generative artificial intelligence.
At its Experience ‘24 conference, Medallia, Inc. announced four ground-breaking innovations that will fundamentally alter the way organizations can personalize customer and employee experience
New research commissioned by IBM found that about 42% of enterprise-scale organizations (over 1,000 employees) surveyed have AI actively in use in their businesses. Early adopters are leading the way,
Zendesk, Inc. today released its annual Customer Experience(CX) Trends Report, the findings of which signal a rapid transition towards intelligent CX. In this era, the shift to AI-driven service will
Google and the Cyber Security Agency of Singapore (CSA) announced a strategic collaboration to bolster Singapore’s cyber resilience. This partnership covers four key pillars: threat intelligence
Yahoo Advertising announced a new integration with Twilio Segment Customer Data Platform (CDP) to drive greater advertising reach and relevance, without relying on third-party cookies.
October marks Cybersecurity Awareness Month and with online safety being top of mind, Google has launched new products and features to help people everywhere. These releases include in-built features
In less than a decade, email has become a critical and in most instances, the primary communication medium for business.
Currently, around 250 billion emails are sent daily. This is estimated to grow to over 500 billion by 2013. However, the increased popularity of email has been mirrored by an increase in the amount and sophistication of unwanted or spam messages. Today, viruses and spam account for over 85% of all worldwide email traffic.
Many businesses have invested in infrastructure to block unwanted email and protect the corporate network, however, the complexity of the threat landscape continues to evolve as those sending spam and viruses develop new approaches to make their messages indistinguishable from legitimate email and bypass tests used by security vendors. This dynamic is forcing security vendors and IT administrators to continually make their security systems more aggressive.
For enterprises and service providers alike, the “holy grail” in messaging management is to deliver a high quality service as economically as possible. For those responsible for email administration, key objectives include:
Ensuring rapid delivery of all legitimate email
Producing the fewest errors (‘false positives’) possible
Blocking as much unwanted and malicious email as possible
Minimizing (indeed eliminating) support calls and user complaints
Email administrators are often forced to make tradeoffs between these objectives. As yet, no email filtering vendor has produced a perfect solution which eliminates the need to make these tradeoffs. While most filters can block the majority of viruses and spam, they also unintentionally block legitimate email. This is because most filters make use of probabilistic techniques such as content analysis, ‘key word’ filters and real-time IP block lists to make decisions about which messages should be rejected and which should be delivered.
Content filters have been proven to be inaccurate predictors of spam, particularly for emails containing languages other than just English. Further, the growing adoption of IPv6 will render
IP block lists significantly less effective since spammers will have the ability to continually change the sending IP addresses.
Another more serious consequence of using these techniques is that messages from legitimate correspondents including customers, suppliers and partners can be and are regularly misclassified and thus are incorrectly blocked or quarantined as spam (“false positives”).
Email filtering vendors often under-play the loss of legitimate emails as being ‘collateral damage’ and so negligible as to be insignificant. However independent studies conclude otherwise. These studies show that while solutions are often able to meet the spam catch rate standard, they consistently fail to meet their own publicly stated accuracy standards when it comes to false positives, some by a significant margin.
While the false positive rate varies from vendor to vendor, it ranges between 0.5% and 2% of legitimate email. Statistically, this failure results in over 100 million emails every day that are not being delivered to end users.
This is a serious issue for the underlying business processes which rely on email. For enterprise and government in particular, this error rate is unacceptable because it results in operational failures and vulnerabilities. At their true incidence rate, this loss of email poses a real and quantifiable risk to businesses. Today, many business owners still remain unaware of just how vulnerable their business processes are rendered due to the above failure in their messaging infrastructure.
The mean false positive rate across the vendors surveyed is 0.65%. This equates to a failure rate of 1 in 150 legitimate emails which are not being delivered. This figure is 2500 times greater than Gartner’s best practice of 1 in 400,000.
This failure results in a typical 1,000 user organization losing approximately 1,500 legitimate emails every month due to misclassification. This represents a significant operational vulnerability and an increased risk to any business processes which rely on email to communicate between entities.
Sender Reputation and Authentication Provides a Way Forward
A more sophisticated approach to messaging management is to prioritize the identity and delivery of legitimate email ahead of ‘blocking spam’. This switches the paradigm from one of blocking unwanted email to one of ‘filtering in’ email from legitimate senders first and only then filtering out unwanted messages. Using sender reputation and authentication allows trusted senders to be identified accurately and their email ‘fast tracked’ through the filtering process.
This approach is similar to automated clearance systems used at certain airports. Passengers use a combination of their passport (used to establish identity and for reputation checking) and their fingerprint, iris or face (used for authentication) to get ‘fast tracked’ through the immigration clearance process. Such an approach requires a robust and accurate means of identifying and authenticating senders. Implementing such a technique would enhance the integrity of email communications and is considered as the next generation approach to filtering emails.
How to Select Secure E-Mail Gateway Functionality
E-mail administrators face a bewildering array of features and functionality choices when evaluating secure e-mail gateways. Use enterprise-specific criteria to develop requests for proposals (RFPs) and shortlist vendors.
Key Findings
The ability to identify and remove unwanted e-mail (spam) is the key selection criterion for any secure e-mail gateway. A best-of-breed gateway should deliver a minimum 99.5% spam-detection rate, with fewer than one in 400,000 “false positives.”
Reduced administration overhead is the next-most-important concern of e-mail administrators. An effective, task-oriented graphical user interface (GUI) and comprehensive management interface will offer lower total cost of ownership (TCO).
Data loss prevention (DLP) and encryption functionality represent the greatest differentiators among vendors’ offerings.
Recommendations
Use the advanced functional capabilities that Gartner has identified to develop a secure e-mail gateway RFP, and shortlist vendors for testing on a production corpus of e-mail. Create a list of the top 10 to 20 most-common or critical tasks and use it as a guideline for comparison-testing and demonstration. Note 1: Common tasks might include message tracing; customizing a report; saving and scheduling it for distribution or alert; adding a backup server to a cluster; creating a custom outbound or inbound content filtering rule; and creating a policy for directory synchronization (and so on).
What you need to know
A wide array of secure e-mail gateway functionality is available with significant differentiation among vendors, and particularly among “best of breed” and “good enough” product vendors. No single vendor leads in all functional areas, so buyers must prioritize their requirements to address their specific business, technical and regulatory needs. Gartner recommends end-user testing of several key components of a secure e-mail gateway.
Analysis
Context
The market for secure e-mail gateway products offers significant differentiation among vendors and their offerings. An in-depth understanding of gateway functionality – and an extensive evaluation of capabilities against enterprise –specific needs – is essential.
Analysis
The functionality required in a secure e-mail gateway will vary widely, depending on the enterprise’s technical resources, business needs and other factors. The functional capabilities to be considered are as follows:
Anti-Spam Functionality
The ability to identify and remove unwanted e-mail (spam) is the No. 1 concern of e-mail administrators, and is a key selection criterion for a secure e-mail gateway. A best-of-breed gateway should deliver a minimum 99.5% spam-detection rate, with fewer than one in 400,000 “false positives.” The only valid way to evaluate anti-spam effectiveness is in a production environment, but there are certain capabilities to look for in vendors’ claims, including:
The ability to rapidly detect and react to new spam campaigns that may evade filters
Note2: An effective way to determine a gateway’s spam-detection capabilities is to ask the vendor for a “honeypot” graph for the previous 12 months, and then look for deep or wide valleys.
A real-time reputation system that silently drops at least 75% of spam at the SMTP connection – at the extended Hello (EHLO) command – or 90% or more for a best-of breed solution
A local SMTP connections management capability that can seek out “spambots” and throttle, block or increment the spam scores of suspected spam
Intelligent SMTP error-message handling – for example, the ability to send invalid-recipient non-delivery reports (NDRs) to legitimate senders, while silently dropping invalid-recipient spam and silently inbound spoofed NDRs – that is, NDRs sent from other message transfer administrators in response to spam with spoofed “from” addresses
An attachment scanning capability (with a broad range of attachment types that can be scanned) to detect file-based spam messages
An image-based spam detection capability (ideally via fuzzy matching, not exact-image matching)
Multiple-language spam detection (a more urgent concern for multinational enterprises, but an increasingly important issue for predominantly “anglophone” enterprises as spam goes global)
Spam detection capabilities that don’t require custom administrator-created spam rules (which sometimes may be necessary to identify unwanted e-mail that’s specific to the enterprise – for example, activist e-mail addressed to executives)
The ability to fine-tune spam and connections management elements via broad numeric thresholds, rather than via binary on/off
DomainKeys Identified Mail (DKIM) and Sender Policy Framework (SPF), which may be useful in limiting phishing, but don’t significantly improve spam detection
Antivirus (AV) Functionality
Virus detection and removal capabilities at the e-mail gateway remain a key enterprise concern. Secure e-mail gateway functionality in this area includes:
Signature-based virus analysis, preferably with more than one choice of signature engine, to avoid excessive reliance on the incumbent PC AV vendor (preferably in a solution capable of running multiple, simultaneous AV engines for enterprises with particularly rigorous security requirements, or simply as a means of testing AV effectiveness)
Real-type file attachment analysis (not file-extension-based) to detect file type by file characteristics, rather than by file-name extensions, which can be changed
Proactive virus detection methods that don’t rely on signatures (a significant differentiator, because few vendors offer this capability)
A database of known or suspect security-risk URLs, which are reliable indicators of spam, malware and phishing attacks
The ability to identify, unpack, and recursively unpack compressed or zipped files, and identify password-protected or encrypted files
Separate suspected-virus quarantine and multiple disposition options (for example, attachment stripping, delivery of notices to senders or recipients, quarantine file and deletion) based on file-infection type
Management Capabilities
Reduced administration overhead is the No. 2 concern of e-mail administrators. An effective task-oriented GUI and comprehensive management interface will offer lower TCO. Gartner recommends creating a list of the 10 to 20 most-common or critical tasks to use as a guideline for comparison testing and demonstration of solutions. Required management capabilities will depend heavily on enterprise-specific needs and available technical skills.
Advanced capabilities include:
A “wizard”-type installation mechanism that provides optimal default settings for different size environments (and sometimes for appliances that are preconfigured by vendors)
A task-based (not feature-based) management GUI, which simplifies management by hiding complexity, but also gives more-skilled users the ability to drill down into granular detail
Note 3: A task-based system can be evaluated by creating a list of common tasks and comparing the number of steps required to complete each task.
Native active/active clustering within and across LANs, and automatic active/standby failover
Automatic configuration and policy synchronization among boxes in multibox deployments
Centralized quarantines for multibox deployments
Corporate allow-and-deny databases (white lists and blacklists) that can accept exact or “wild card” e-mail address, domain name or IP address matches
Native message tracing capability with granular, but nontechnical, results that enable first-line help desk personnel to trace missing messages (including inbound messages dropped by reputation or connections management filters and encryption results) and understand what happened to them
Automatic synchronization on schedule with multiple, disparate directories, each with their own policy options
Alerting capabilities, including e-mail, Short Message Service (SMS) and SNMP
Granular role-based administration, ideally with predefined roles and the capability to customize and add or remove options
The ability to create different management GUI work-space views (for example, administrator or help desk view), with a user ability to adjust default views as a benefit
Outbound or inbound mail-processing queue view to enable rapid troubleshooting of slowdowns, and a queue release option
A task-based help function with recommendation settings for mail configuration options
Optional vendor remote monitoring of appliance parameters (for example, CPU load, disk errors, fans or power supply)
Simple “one click” software updates (with a rollback option in case things go wrong)
Configuration backup and configuration preservation between upgrades
Reporting Capabilities
Administrators should look for reporting capabilities that are appropriate to their enterprises’ needs. Advanced tools may include:
A real-time graphical and table-based dashboard with click-through, drill-down detail (using percentage-based metrics, not definitive totals)
The ability to create custom reports (in HTML, XML and PDF output types), save them and schedule them for distribution
The ability to create consolidated reports from multiple boxes
The ability to report on the number of “spam/not-spam” selections that end users make to report false positives and false negatives
A database that enables fast report queries and the ability to hold historic data for long-term storage in a standard format
Group- and domain-based reporting limitations
The capability to incorporate log or alert thresholds with security information management systems or other reporting systems
End-User Controls
The degree of control given to end users will depend heavily on the enterprise’s policies. These controls – which may, at minimum, enable administrators to spend less time dealing with false positives and more time satisfying demands from the executive suite – may include:
Language support (at least in the geographies where employees are working (double-byte character support remains rare)
Active quarantine summary digests, with buttons and click boxes that enable the user to release e-mail, report false positives, add senders to allow-or-block lists and direct links to Web quarantine views
Spam category threshold adjustments that enable users to set their own tolerances (for example, pornography or moneymaking); threshold adjustments are based on personal preference or job function
Personal allow-and-block lists (comparable to the corporate allow-and-deny lists discussed above)
Microsoft Outlook, Novell GroupWise or Lotus Notes client plug-ins (or, preferably, server-side capabilities) for reporting false positives and false negatives, and for blocking senders
Search-and-sort options to enable users to find particular e-mails in large queues
E-mail address (alias) consolidation into a single quarantine (rather than a separate quarantine for each address)
Automatic out-of-office quarantine purge hold
Multiple quarantines – that is, the capability to set up multiple, custom quarantines for outbound and inbound e-mail, or delegated quarantines – ideally in the form of a simple view filter on a centralized quarantine that enables virtually any quarantine to be set up
Workflow capabilities for special compliance officer quarantine (for example, the ability to save multiple messages relating to an investigation, to annotate messages, modify disposition options or release with comments)
Policy Interface
A secure e-mail gateway’s policy interface should be user-friendly and intuitive for nontechnical personnel
Note 4: An enterprise’s policy interface – like its policies – should be chosen fundamentally to address the needs of the business. Excessively complex and technical policy interfaces and reporting will force the IT organization to interpret and implement business policy, increasing the workload and the potential for errors and miscommunication. A policy interface should be intuitive and usable by nontechnical business personnel (for example, human resources and legal staff). A good way to test the usability of an interface is to give such personnel an opportunity to test it.
An easy-to-read, printable policy summary for audit purposes
Reusable policy objects (for example, dictionaries, templates and disposition actions) to enable the creation of a scalable policy environment.
Note 5: Reusable policy objects are critical to the creation of a scalable policy environment. Objects such as dictionaries should be separate, referenced databases, files or subroutines so that they can be reused in multiple policies, but updated centrally. Policies that use hard-coded objects require administrators to update multiple policies just to make a simple change.
The ability to combine multiple Boolean operators and regular expressions
The ability to run reports on hit rates for each policy and to prioritize policy execution
Numerous predefined disposition actions (for example, quarantine, alert, append disclaimer, alert sender, alert recipient, log, delete, allow, self-authorize, append subject line and add x-header), as well as the ability to create new disposition actions
The ability to have multiple, outgoing disclaimers for specific groups or users
Near-instantaneous policy implementation that doesn’t require a reboot
DLP (Data Loss Prevention)
This ability to monitor and manage potentially inappropriate e-mail traffic, and to prevent the loss of sensitive data (inadvertently or through deliberate misuse of systems), is an increasingly important concern for enterprises. The functions and functional capabilities that may help in this effort include:
Large, predefined dictionaries and lexicons (for example, lists of racist or sexist terms, obscenities or terminology that’s specific to healthcare, financial or other high-risk areas)
Dictionaries that assign weightings to specific words, wild-card operators and case-sensitivity/insensitivity indicators
Predefined number templates (for example, credit card numbers) and the ability to create enterprise-specific number templates (for example, customer IDs)
“Smart” number identifiers (for example, the ability to recognize that “999 999 999” isn’t a valid credit card number)
The ability to search for registered data (for example, database data) or specific files by name, hash marks or watermarks, and to detect partial-file-content matches
The ability to “deep inspect” a large number of file types for content matches
Support for more than e-mail channels, such as instant messaging (IM) and other Web or network communication protocols
Encryption
Secure e-mail gateways typically include some type of encryption – most often opportunistic server-to-server Transport Layer Security (TLS) encryption – as a standard feature. Multiple encryption options – for example, Secure Multipurpose Internet Messaging Extensions (S/MIME), OpenPGP or Web-based push-pull) are more-advanced offerings and usually cost extra, but they offer the ability to protect enterprise investments by adding encryption to the infrastructure. Specific capabilities and issues to consider include:
Integrated on-box capability with a dedicated box option for larger deployments
Solutions that don’t include an embedded solution should integrate well with best-of-breed players
Integrated logs that include encryption status on message tracing
The potential benefits of dealing with a single vendor, rather than multiple vendors
Form Factor
The form factor of a secure e-mail gateway will depend on the enterprise’s technical resources and business needs. The four basic choices are:
Service offering (multi-tenancy or hosted)
Appliance
“Bare metal” software (software plus operating system)
Virtual appliance (for example, VMware)
We expect to see hybrid solutions emerging by 2009. These will include an on-premises appliance and an “in the cloud” (hosted) service, with a single management interface and the ability to seamlessly migrate specific functions, or the complete solution, from one to the other as needs change.
Integration with Other Solutions
Integration with other components of the e-mail and messaging infrastructure, although not critical, may offer significant, strategic benefits by reducing management complexity, lowering TCO and providing better protection for the enterprise’s overall infrastructure investment. The components with which integration may be desirable include:
Web gateways
DLP solutions
IM hygiene functionality
Archiving systems
Service and Support
These are essential concerns for secure e-mail gateways, just as they are for any business-critical technology. Capabilities to consider include:
Dedicated support resources or direct access to Level 2 support
Evidence of extended tenure of the support staff
Vendor willingness to agree to high service-level agreements (SLAs) for call-back and e-mail support
Support resources, including user forums, best-practice guidance and white papers
Installation assistance and training
Key Facts
A best-of-breed gateway should deliver a minimum 99.5% spam-detection rate, with fewer than one in 400,000 “false positives.”
A real-time reputation system that silently drops at least 75% of spam at the SMTP connection – at the EHLO command – or 90% or more for a best-of breed solution – to accommodate growing spam volumes.
Category: Apr–June 2023 - Artificial Intelligence (AI) in Marketing
The marketing data and analytics company, Kantar, revealed the winners of the 2023 Creative Effectiveness Awards in Southeast Asia, recognizing the most impactful ads of last year.
Category: Apr–June 2023 - Artificial Intelligence (AI) in Marketing
Organizations in Singapore are increasing their reliance on the cloud. Nearly nine in ten organizations in the country are using cloud services, with about 70% taking a hybrid cloud approach.
Category: Apr–June 2023 - Artificial Intelligence (AI) in Marketing
Akamai Technologies, Inc. announced entering into a definitive agreement to acquire Neosec, an API detection and response platform based on data and behavioral analytics.
Category: Apr–June 2023 - Artificial Intelligence (AI) in Marketing
Dalet, a leading technology and service provider for media-rich organizations, announced the release of Dalet Cut, the cloud-native, real-time, lightning-fast multimedia and multiplatform editor fully integrated within the Dalet ecosystem.
MediaBUZZ is the first ‘pure’ digital publisher in the region, making an impact in Asia Pacific since 2004. Designed to empower marketers in the vibrant, ever-changing electronic marketing environment, its publication Asian eMarketing covers the digital age and zooms in on the most valuable and indispensable tools of today’s marketers. Circulated weekly to more than 60,000 top management and marketing decision-makers, the useful and informative articles support e-marketers in finding a sound marketing strategy, vital for their growing business success.