On Monday, VeriSign announced the rollout of a new anti-phishing service. Called “Email Security Services,” the new offering is designed to dovetail with the VeriSign Intelligence and Control Services to help businesses combat spam, e-mail viruses and phishing, a type of online scam that has become increasingly popular over the past year.
Phishing attacks use social engineering tactics to convince consumers to submit sensitive information, such as account numbers, passwords or social security numbers, to Web sites or e-mail addresses that appear to be legitimate.
These sites are actually clever forgeries run by hackers or criminal organizations. In the last year, phishing attacks targeted 57 million Internet users, according to VeriSign.
Falling Victim to Fraud
According to VeriSign, 3 to 5 percent of all individuals who receive a phishing e-mail fall victim to the fraud, which represents exposure for the financial institutions, e-commerce sites, hospitals and other organizations whose customers are usually the targets of such attacks.
Preventing such attacks is difficult because it requires the ability not only to monitor activity within an enterprise’s IT environment, but also to monitor activity across the Internet as a whole.
The new anti-phishing service becomes available July 12, 2004. However, customers can sign up for a free trial on VeriSign’s Web site before that time.
“With a service-oriented approach, enterprises can easily obtain comprehensive e-mail protection in a matter of hours, without deploying any software or hardware,” said VeriSign executive vice president Judy Lin.
Impacting Network Traffic
According to VeriSign, the software component of the service can be installed in under an hour. The company pledges high levels of filtering accuracy, and claims that the new service will provide automatic, rapid updates of heuristics and signatures to reduce the spam and phishing burden on an IT department.
Enterprise Strategy Group senior analyst Jon Oltsik told CRM Buyer that the general consensus is that 50 to 60 percent of e-mail traffic is spam, which significantly impacts the network traffic for an enterprise.
“Filtering e-mail frees up resources and reduces operational issues,” Oltsik said. “The best of these tools can eliminate 90 percent of spam, just like the Yahoo’s bulk-mail folder does,” he added.
Oltsik said he thinks that the midsize market is more likely to opt for an outsourced anti-phishing or spam system than a large company because large companys typically already have the infrastructure in place to add a product and manage it.
‘Give It to Me’
Dr. Katherine Jones, managing director of enterprise business applications at Aberdeen Group, told CRM Buyer that her initial reaction to the new VeriSign service was “I need this — give it to me right away.” But she noted that, from the enterprise perspective, IT departments might see a difference between a service like this and a product that a company would purchase, install and own.
“IT departments usually have a sense of ‘proprietariness’ over e-mail servers,” Jones continued. “They want to maintain their sense of control over the network and they know what anything touching their e-mail server does, and how it does it.”
Jones acknowledged that dealing with resistance at the enterprise IT level to this kind of semi-outsourced service might be just a short-term issue for VeriSign.
According to Jones, a larger problem is dealing with the issue of deleting pieces of e-mail that the user might not want deleted just because the service is filtering it out. Losing a customer order or response won’t be acceptable to any company.
VeriSign’s Mid-Market Strategy
Oltsik said that, from the business perspective, VeriSign’s strategy is to move into areas that are emerging, particularly areas where the players are smaller. According to him, the company seems to be looking for business areas where the VeriSign name might be more attractive. Oltsik went on to say that the company might find good use for its new service as a loss leader or even a service-bundling opportunity.
According to a VeriSign spokesperson, pricing for VeriSign Email Security Service will vary by customer, depending on the number of seats and type of service deployed. Larger customers can expect their price per seat to fall into the US$1 to $3 range.
Andrew Braunberg, senior analyst for security at Current Analysis said that he sees managed e-mail gaining a lot more attention.
“But most of the players are in the consumer or SOHO market, so it will be interesting to see if VeriSign is really looking to enterprises for its service,” he told CRM Buyer.