Case study: security
Nottingham University Hospitals can the spam
January 2008
| In a nutshell |
| Organisation: |
Nottingham University Hospitals NHS Trust |
| Problem: |
Need to block spam and malicious email content, allow
appropriate content, and reduce workload on ICT staff |
| Solution: |
MailMarshal |
| Supplier: |
Marshal |
| Benefits: |
Over 97% of spam blocked Malware contained within
incoming attachments blocked
Up to 50 hours work a week saved for the ICT team |
Nottingham University Hospitals NHS Trust (NUH) was formed in
2006 from the merger of the Queen's Medical Centre and Nottingham
City Hospital. The Trust has 2,200 hospital beds and an annual
budget of £500m. It has a team of five ICT administrators who
maintain the hospital’s IT network and infrastructure, supporting
10,000 end users spread between the two hospital sites.
The spam challenge
With a small ICT team supporting such a large number of end users,
the challenge was to provide a robust external email filtering service
which would filter out spam and inappropriate content whilst still
ensuring that medical-related emails were not falsely blocked (known as
'false positives'). The ICT team also needed to ensure that any inbound
attachments were free from viruses and malicious content.
Using an early version of Mimesweeper to scan and filter incoming
emails, the ICT department at NUH was receiving one or two complaints a
week about offensive and sometimes pornographic material getting through
to employees’ mailboxes.
“We also had a problem with the current software triggering false
positives on a lot of medical related emails and it became a very manual
process to check through the block list, looking for potentially
legitimate emails which needed to be released,” reports Jonathan
Phillips, NUH ICT Systems Administrator.
“Unsolicited incoming offensive and pornographic emails were becoming
a real problem within the organisation. The previous system was labour
intensive as it required constant monitoring to prevent false
positives.”
The ICT team began to look for a more sophisticated content filtering
solution to replace the existing product. Phillips and colleague
Elizabeth Mackman undertook a comprehensive review of anti-spam products
and chose MailMarshal from integrated email and Internet content security provider
Marshal.
Phillips reports that security software distributor Vigil Software
was extremely helpful during the selection and implementation process.
Vigil not only helped to install the software, but is also assisting
Nottingham University Hospitals Trust with the planned upgrade of its
infrastructure and the installation of the latest MailMarshal upgrades.
Implementation
Prior to roll out, MailMarshal was run in monitoring-only mode and
new rules were turned on gradually, to allow Phillips and his team to
check the effect the rules had on email flow. If any issues were
detected the rules were turned off and altered in order to not cause
problems.
“MailMarshal offered us really granular control over incoming and
outbound emails to enable us to specify different policies and rule sets
across the organisation as required. It was really easy to reapply rules
in a similar way to Outlook rule sets and we were able to tweak these to
allow us to have the maximum filtering benefit, with the minimum number
of false positives,” says Phillips.
The software was rolled out at the Queen's Medical Centre and
Nottingham City Hospital campuses. At the time the two email systems
operated independently from each other, handling two separate external
email domains. It took just two days to complete the installation.
At the time of the implementation, the NHS relay service required
eSMTP authentication for external email and MailMarshal did not directly
support this type of authentication. This issue was overcome by
implementing a standard Microsoft SMTP service to relay the messages
between MailMarshal and the NHS relay service.
Key benefits
Employees are now alerted when an email has been blocked due to a
rule being triggered and the code they are emailed allows the ICT
department to quickly locate and release the required email.
The ICT staff can create automated 'whitelists' of acceptable email
addresses, to both reduce the amount of spam and false positives. NUH
keeps two whitelists, one for outgoing email and one for incoming
emails. “MailMarshal automatically updates its whitelist with email
addresses mailed out from the Trust, because we can assume that these
are legitimate. For incoming emails, we maintain a whitelist of NHS
addresses which we check once a month to ensure that there are no
updates or data-entry errors,” Phillips explains.
As MailMarshal rules are very similar to Microsoft Outlook rules,
Phillips reports that creating and maintaining rule sets is very easy
and does not require additional training. “It’s possible to create and
implement new rules within minutes. Members of staff are now able to
spend more time dealing with other work instead of spending on average 2
hours out of a working day looking at the blocked emails,” he says.
Future plans
Tthe ICT team is planning to refresh the hardware and reconfigure the
MailMarshal environment for the Trust. The plan is to merge the servers
to bring the two separate systems into a true single email domain,
allowing centralised management of the rule sets within the product and
failover. The Trust will also use this upgrade as an opportunity to
install updated software releases.
Deployment of the MailMarshal spam self-release website is also
planned, to enable employees to manage and maintain their own
‘blacklist’ and ‘whitelist’ for external email, while the ICT department
will still maintain overall control over the system.
|