Reputation.

We all base so many interactions on it, both personal and professional, but it remains an elusive concept for some. After all, what does it matter what others think about you, right?

People always make assumptions about others that are based on ignorance or rumor. Often, these can be dispelled, but when it comes to businesses, the same can't be said.

How can a company ensure that its reputation is sound in an environment where anyone can be anybody?

The reputation that businesses often try to build and maintain can easily be damaged if they are associated with an attack against a third party, or worse, a competitor. So the challenge becomes, what if some other entity pretends to be me in the form of phishing or other kinds of activities rooted in malware? What if it's used against a competitor and makes my company look like we've done something malicious? How can a company ensure that its reputation is sound in an environment where anyone can be anybody?

As many of you know, one of my biggest pet peeves is the sheer amount of phishing emails and spam today. We shouldn't have to rely on perimeter security to address this. And how nice it would be to identify this stuff before it even reaches that perimeter?

Recently, Dr. Phyllis Schneck, Vice President of Research Integration for Secure Computing Corporation, walked me through the TrustedSource Portal and the entire TrustedSource concept. It was developed, in part, to help enterprises protect their reputation.

When companies earn reputations as being security risks or locations where bad emails originate, it can hurt business prospects in the long run. How can other companies and individuals be sure that emails are from the true source and can be trusted? Even more so, what about emails from unknown sources?

This is where the TrustedSource Portal comes into play.

How It Works

Imagine a credit score for an entire company, but instead of judging its financial smarts, TrustSource offers a glimpse at its approach to online security.

In essence, the TrustSource project gathers information from over 7,000 sensors in 68 countries (these results are from more than 110 billion messages per month and millions of URLs, tracked by the TrustedSource Portal). With this amount of data, it can help validate a company's reputation online and prove whether they are trustworthy or not, as well as help companies keep their good reputations intact.

They can also learn whether they have potential avenues that can be used against them or others and then address those. And thanks to over 5 years of data collection, they are able to predict potential attacks and their sources. Criminals, it turns out, are often habitual types, repeating the same kinds of attacks from different locales.

One of the cornerstones of TrustedSource is its focused attention on security and reputation on the Internet as a whole. When we gain the ability to identify known, trusted sources versus malicious or criminal hotspots, then we can protect ourselves better.

Consider this: if an employee uses a Blackberry or other mobile device, they may have an avenue into the corporate environment that bypasses simple perimeter security. As a result, they end up spamming both internal and external sources. But if the network appliances are tied to the TrustSource portal, then they can detect the potential flood and stop it from making worse a situation that could ding a company's reputation.

I like that companies are stepping up to the plate to finally address the concern over outside forces affecting the bottom line and the overwhelming amount of spam and other questionable content that chokes mail servers and inboxes. To have to deal with spam rates of over 90 percent (depending to whom you talk) isn't acceptable. With TrustedSource I can at least verify where the email has come from and the likelihood of it originating from a valid and trustworthy source.

As an experiment I decided to check out Antionline.com and EnterpriseITPlanet.com as well as my personal site, http://www.msmittens.com at http://www.trustedsource.org. All these sites came back as neutral (meaning there were no bad messages nor known good activity from these sites - they just exist). Checking http://www.microsoft.com did earn a "Trusted" rating which means that anything that comes from Microsoft in the form of messages or emails should be trusted as being from that source.

And we're not just talking domains here. It actually lists the IP addresses associated with that domain so I can further break it down as needed. I can check that the IP address is, in fact, a match.

Looking at an address like 65.78.169.170 (a known Storm infected site as of this writing) and we see it listed as malicious. Looking under Threats and Trends we can see where questionable activity is occurring and block those sites from affecting our networks—well before the perimeter if we want to.

Even if you don't have TrustedSource appliances you can still take a look into the individual company search to see if they are trustworthy, or as an individual, use the toolbar option in Outlook to see if emails come from trusted sources. It's very quick at identifying untrustworthy sources and that means that you can easily eliminate potential espionage or criminal activities before they even enter your environment.

The fact that TrustedSource can be and has been used as a way of limiting the effects of online organized crime means that we can reduce the viability and profitability of phishers and malware pushers.

In the end it comes down to this: Can I trust you? And how do I know I can trust you online when I'm not sure who you are? TrustedSource gives me a place to check and verify that your source is a trustworthy source.

Have you earned a reputation that I should be worried about?

This article was first published on EnterpriseITPlanet.com.