April 2, 2014 Leave a Comment
Avatar
Inside Cisco IT

Improving Email at Cisco Part 1 – The IT Technology Side

My personal email has 4 characteristics that drive me crazy:

  • I get way too much email
  • Most of my emails are a waste of time
  • Emails carry the risk of, very rarely, nasty virus payloads (or link you to sites that have worse)
  • Despite all this, I can’t live without email

I work at Cisco, where everyone relies on email. I get close to 200 emails every work day, and I gather that’s close to the average. But Cisco IT and I have an agreement: together we will try to reduce our shared email pain and improve our productivity. Notice that it takes both of us – both good IT technology and good employee practices to reduce the inevitable pain of email.

These two blogs will share six specific ways that Cisco IT and I have agreed to try to make life easier for everyone. This first blog focuses on two ways that IT technology help me, while the second blog focuses on four ways I can help reduce the pain of email for everyone else.

Email Pain Reduction Step 1: Taking out the Garbage

At home, despite spam filters on my person email system, I’d guess that about 70% of my email is some form of spam. At work, almost no spam gets through. Almost 2/3 of the email that gets sent to me from outside of Cisco doesn’t get forwarded on to me, and for that, I’m extremely grateful. Cisco IT supports the Email Security Appliance (ESA), which sits between the internet gateway and our Exchange mail server. (Cisco also sells Cloud Email Security, which is the same service in the cloud; but Cisco IT put ESA in before the web service was around… and once in, things are harder to change!)

Cisco gets an unbelievable 134 million emails per month, and the ESA, thankfully, blocks 86 million of these for a variety of reasons. About 94% of them are blocked because of the reputation of the sender; spammers develop a bad reputation quickly. Some (almost 6%) are blocked because of spam content. A few (0.7%) are blocked because the recipient email address was invalid. And a very few bud deadly 5,300 per month (0.01%) are blocked because they contain a virus or other malware. The following table shows data averaged over a 2 year period (Feb 2012-2014) at Cisco.

Email Data Average (Feb 2012-2014)
Email data averaged over a 2 year period (Feb 2012-2014) at Cisco.

Still, some spam gets through. I do get some legitimate marketing email – invitations to tech seminars or white papers – clearly marked [MARKETING] or occasionally marked [SUSPECTED SPAM]. ESA does that too, to about 20% of all the mail it lets through.

This table makes it look like the average Cisco employee only gets 17 emails per day delivered, which doesn’t match my experience of more than 200 per day. That’s because of two things:

  • I get most of my email from inside Cisco, which isn’t screened by ESA; and
  • Emails, both internal and external, usually have multiple recipients, and that creates a large multiplier effect

Email Pain Reduction Step 2: Keeping the Garbage Out

The emails that pass through may not carry malware, but they can still point you to tempting websites carrying hidden malware traps. Cisco IT has set up the Web Security Appliance (and is piloting the Cloud Web Security for our mobile smartphones and tablets), and you’d be surprised at the amount of trouble we’ve been spared.

Based on one week of WSA data I was able to get hold of, Cisco employees visit around 350 million websites per day and are blocked from about 2%: that is, blocked from 6.5 million visits per day. Of these sites blocked – and you get an ominous white page with some warning language coming up on your screen when you get blocked – the WSA blocks most of these sites (93.5%) based on their reputations, and another 4.5% based on some Cisco-chosen URLs. There’s also the 2% that are blocked because there was malware detected on the web stream headed toward Cisco machines.

Just to drill down for a moment on those 2% of sites blocked because of malware: in one typical day, WSA blocked:

  • 441K sites – Trojan Horse
  • 61K sites – Other Malware
  • 29K sites – Encrypted Files (monitored, decrypted, and blocked)
  • 16.4K sites  – Adware Messages
  • 1K sites– Trojan Downloaders
  • 55 sites – Phishing URLs
  • 22 sites – Commercial System Monitors
  • 5 sites – Worms
  • 3 sites – Dialers

Any one of these would have created a pretty ugly mess inside Cisco if it had made it onto someone’s machine.

Those are two areas where IT technology makes my life easier – cutting the number of emails I get by about 2/3, and pretty much dropping the number of dangerous emails, or dangerous websites my emails might send me to, down to zero.

But there’s a lot more I can do to make my own email experience, and everyone else’s better and more secure – some of it with a little help from Cisco IT. That’s for the next blog: Improving Email at Cisco Part 2 – The Employee Process Side.