Bank of China Steps Up Email Security

Bank of China, the fifth largest bank in the world, is deploying an email security appliance and software from Proofpoint on its U.S. email servers. "Like other financial institutions, we're targeted by spammers and people who send us spearing attacks," said Kostas Georgakopoulos, head of information security, Bank of China, in an interview with Bank Systems & Technology last week. "Our concern is to protect the integrity of our data, our customers' confidential information, and the availability of our systems."

The new software is replacing an existing spam filter. "We needed something that would scale, that would provide additional capabilities, for example to help us meet regulatory concerns such as Gramm Leach Bliley," Georgakopoulos says. He also liked Proofpoint's reputation service, which detects IP addresses and routines that fit certain suspect patterns and drops them.

The software provides a dashboard that lets security and privacy analysts monitor emails being sent in and out of bank and identify activities that don't meet the bank's policy or regulatory standards. "We don't want to be looking at every single email that's going through; that's not feasible at any level," Georgakopoulos says. Proofpoint uses mathematical algorithms to detect patterns, words, and phrases within emails or attachments that could present a problem, either before an email is sent (and automatically blocking it if need be) or afterward. For instance, the software can detect personally identifiable information such as Social Security numbers.

Georgakopoulos' main concern is spam and viruses. "Spam is a high concern because it impacts the business," he says. "The overwhelming number of messages you can get if you don't have an appropriate solution can be detrimental to the bank's operations."