IS infrastructure today needs to handle threats to information at various levels and from various directions. Gone are the days when security meant setting up a firewall at the Internet gateway. If we try to categorize threats into types, we find the following:

• Intrusion threats: these are modelled along the lines of Black-Hats sitting in dimly lit rooms halfway across the world, trying to break into the enterprise network using every technical trick known. The classic case studies of Clifford Stoll's "Cuckoo's Egg" and Tsutomu Shimomura's "Takedown" fall into this pattern. They are almost two decades old, but remain relevant.

  Today's Black Hats have become much more dangerous and effective. They have almost completely stopped trying to break through corporate firewalls using direct intrusion methods. They now try to attack the weakest link in the corporate IS infrastructure: the desktop computer's operating system. Botnets with tens of thousands of computers are controlled remotely and testify to the success of this approach.

• Information theft: this is an increasing area of concern for companies, specially large trading houses which handle price critical information, services companies like law firms, and those which deal with large intellectual property investments, e.g. pharmaceutical companies.

  Information theft from corporate environments rarely happens due to pure intrusion by outsiders. It usually happens due to information leakage by insiders. Therefore, audit and control are the key tools for the IS infrastructure managers to pin down such possibilities. It is important that your IS infrastructure provides you with the tools to both control as well as audit information flow.

• Accidental data loss: this is usually not considered a security issue, but we integrate it into a larger perspective of information protection. Information can be lost as much due to accidents as due to deliberate malafide intent. Protecting information against accidents sometimes contributes towards building a more robust information infrastructure which is harder to subvert for malafide intent.

  Replication is the most basic mechanism to protect information against accidental data loss. Traditional IS practices used to take backups on removable media, most commonly magnetic tape. Current practices make this difficult, primarily because of more widespread storage of data and cost pressures on IS departments to cut down labour intensive manual practices. Robotic tape libraries are only cost-effective for the largest and most critical backup scenarios. Disk-to-disk backups are automated easily and are more reliable than tape. Automation also opens up many possibilities for intelligent multi-site or cross-backups, optimising storage space and combining data protection with high availability strategies.

  Protection of the backed up data is an area where sufficient attention has often not been paid. This leaves data open to theft possibilities and accidental damage or corruption. Processes for information protection are as important as technological components. Merce brings some recommended best practices to the table to assist in improving these areas.

Merce attempts to address all these fronts by deploying a varied arsenal of tools and mechanisms to protect your information assets:

• Virus filters: Merce applies virus filters on all emails flowing in and out of a mail server. It offers the option of using a built-in and powerful open source anti-virus engine which can download new signature databases every few hours. It can also integrate with other commercial server based virus filters.

  Virus filters are essential in today's context because information theft, identity theft, and external intrusion all enter through infected messages which try to infect desktop computers. These infected documents and messages carry worms, spyware, and backdoors, all of which are starting points for more serious intrusion into the corporate network.

• Spam filters: Merce can apply spam filters on emails coming into the enterprise. Spam today has reached the point where it is no longer just an irritant. Spam assaults launched from worldwide botnets can bring down an enterprise email gateway, sometimes for periods exceeding 24 hours, due to sheer volumes of spam messages. This can lead to very serious damage to client relationships and business productivity.
• Controls on email flow: Merce allows the administrator to control email flow, by restricting which users can send to or receive from which other users. This can be used to allow only a subset of users access to external email, thus restricting the number of employees who can send email to outsiders. This can in some cases have a direct bearing on information leakage from within the office. Merce also allows a silent system-level copy to be made of all emails flowing through the mail server, and this copy can be marked to a specific recipient. This allows monitoring of specific types of mail flow.
• Controls on Web access: Merce allows advanced controls on Web access. Users can be clustered into groups, and access control rules can be applied to select groups based on times of day, days of week, or even locations at which rules are applied. Also, all accesses are recorded, processed, and reported to the admistrator. This allows easy analysis of access trends, access to unusual Websites, and so on. Access to free Web-based email sites can be specially monitored since these accesses can indicate information leakage.
• AutoD2D: Merce servers can work on a pair of internal disks and mirror all data from the primary disk to the standby disk periodically. This allows data protection. In some cases, it provides a window of opportunity for an administrator to retrieve data from the standby disk to the primary disk in case there is accidental deletion of information and is noticed immediately.
• Email archiving: Merce mail servers are usually configured to store one copy of all incoming and outgoing messages in a special account. This copy of the messages is outside the control of end-users, and therefore will be retained irrespective of any deletion performed by end-users. This allows post facto or ongoing audit checks on the content of messages and acts as an effective deterrent against information leakage by email. It also acts as a very valuable backup archive of communication between correspondents in case email records are needed to trace back old cases.

Merce thus provides protection for valuable information assets at various levels, taking a more comprehensive view of information security than the limited mechanisms of firewalls and content filters.