IronPort Email Security Products

IronPort Email Security Products
PROTECTING OVER 300 MILLION EMAIL BOXES WORLDWIDE
Mirko Schneider, IronPort Systems
„I need to say that the appliance is the best system that I‘ve
tested for our magazine since 2003. I need to find a way to bring
it out objectively. Otherwise nobody will believe me... “
(an editor of a German IT magazine, Feb 2006)
Who is IronPort?
• Founded by Email pioneers
from in 2000 from Hotmail and
Yahoo
• idea: building the fastest and
strongest gateway appliance
• based in USA, California,
Silicon Valley
• Investors:
–
General Motors, Chevron-Texaco, NTT,
Menlo Ventures, Allegis Capital
• raised over 90 million USD
• Worldwide 400+ employees
• 45 in Europe (UK, Germany,
Sweden, France, Spain, Italy)
The Principles of Industry Leadership
• Analyst Leadership
–
Recognized as the leader by Gartner,
Meta, Radicati, IDC, Forrester, Bloor
• Customer Leadership
–
–
–
38 of the World’s Largest 100 Companies
8 of the 10 largest ISPs
US Armed Forces
• Technology Leadership
–
–
–
First with custom, high performance MTA
First with Reputation Filtering
First with Virus Outbreak Filters
• Global Leadership
–
–
–
Operations in 25 countries
600+ partners
IronPort infrastructure currently operating in
75+ countries
IronPort: Technology Leadership
Magic Quadrant
for E-Mail Security
Boundary 2005
Source: Gartner RAS Core Research
You need that competitive
analysis?
Mail me at
[email protected]!
IronPort Email Security Appliances
• High Performance Email Security
Appliances Stopping Spam, Viruses, and
Enforcing Compliance
IronPort X1000
IronPort C10
IronPort C300/C600
IronPort SenderBase Network
®
Global Reach Yields Benchmark Accuracy
The Dominant Force in Global
Email and Web Traffic Monitoring…
…Results in Accuracy and
Advanced Protection
Spam Caught by Reputation
80%
IronPort
CipherTrust
50%
BorderWare 40%
Network Reach (Contributing Networks)
IronPort
CipherTrust
BorderWare
120,000
4,000
8,000
Virus Protection Lead
• 5B+ queries daily
• 150+ Email and Web parameters
• 25% of the World’s Email Traffic
Source: www.ciphertrust.com and www.borderware.com, August 6, 2006
IronPort
13 hours*
McAfee, Trend, Symantec, Sophos, CA, F-Secure
* 6/2005 – 6/2006. 175 outbreaks identified. Calculated as publicly published signatures from the listed
vendors.
Leading Edge Technology
Reputation Filtering Sets off Industry Scramble
February 16, 2003
November 9, 2004
IronPort SenderBase™
Proofpoint MLX Dynamic
Reputation™
July 21, 2003
May 23, 2005
IronPort Reputation
Filters™
2003
Tumbleweed Recurrent
Pattern Detection™
2004
2005
June 14, 2005
June 4, 2004
CipherTrust
TrustedSource™
June 28, 2004
Symantec
Brightmail
Reputation
Service
Trend Micro
Acquires
Kelkea Reputation
Product
Product Consolidation at
the Network Perimeter
For Security, Reliability and Lower Maintenance
Before IronPort
After IronPort
Internet
Firewall
Internet
Firewall
MTAs
Anti-Spam
Anti-Virus
IronPort Email Security Appliance
Policy Enforcement
Mail Routing
Groupware
Users
Groupware
Users
IronPort Architecture for
Multi-Layered Email Security
MANAGEMENT TOOLS
SPAM
DEFENSE
VIRUS
DEFENSE
POLICY
ENFORCEMENT
EMAIL
AUTHENTICATION
THE IRONPORT ASYNCOS™ EMAIL PLATFORM
IronPort AsyncOS™
Unmatched Scalability and Security
MANAGEMENT TOOLS
SPAM
DEFENSE
VIRUS
DEFENSE
POLICY
ENFORCEMENT
EMAIL
AUTHENTICATION
THE IRONPORT ASYNCOS™ EMAIL PLATFORM
• AsyncOS scalable and secure OS optimized for messaging
• Advanced Email Controls protect reputation and downstream systems
• Standards-based Integration replaces legacy systems with ease
IronPort AsyncOS™
Revolutionary Email Platform
Traditional Email Gateways
And Other Appliances
200
Incoming/Outgoing
Connections
Single Queue
For all Destinations
Low Performance/
DoS Potential
Queue Backup
Delays All Mail
IronPort Email Security Appliance
10,000
Incoming/Outgoing
Connections
Per-Destination
Queues
High Performance/
Sure Delivery
Fault-Tolerance
and
Custom Control
Advanced Email Controls
Only Available from IronPort
Virtual Gateway™ Technology
Destination Controls
?
163.24.127.3
Internet
163.24.127.3
Internet
New Company
Bounces
•
•
•
Protect Your Groupware Servers
Rate Limit Mail Sent Per
Destination
Enforce TLS Encryption PerDestination
•
•
•
163.24.127.4
163.24.127.5
Safeguard Your Reputation
Send Different Types of Mail Via
Separate IPs
IronPort Patent Pending
Technology
Multi-layer Spam Defense
Best of Breed
MANAGEMENT TOOLS
SPAM
DEFENSE
VIRUS
DEFENSE
POLICY
ENFORCEMENT
EMAIL
AUTHENTICATION
THE IRONPORT ASYNCOS™ EMAIL PLATFORM
• IronPort Reputation Filters – the outer layer defense
• IronPort Anti-Spam - stops the broadest array of threats – spam, phishing, fraud
Multi-Layered Security
Preventive + Reactive = Defense in Depth
Preventive
Layer
+
Reactive
Layer
Immediate Reaction
to Threats
Adapts Over Time
Extremely High
Performance
Computationally
Intensive
Coarse Outer Layer
Fine-grained Inner Layer
Blocks or Rate Limits
Delete or Quarantine
IronPort SenderBase Network
®
First, Biggest, Best Reputation System
Global Email and Web Traffic Monitoring
Over 120,000 contributing networks
Over 20M IP addresses tracked globally
View into 25 - 30% of email traffic
Over 110 parameters tracked
IronPort SenderBase
®
Data Makes the Difference
150 Parameters
Threat Prevention in Realtime
• Complaint Reports
• Spam Traps
• Message
Composition Data
• Global Volume Data
• URL Lists
• Compromised
Host Lists
• Web Crawlers
• IP Blacklists
& Whitelists
• Additional Data
SenderBase
Data
Data Analysis/
Security Modeling
SenderBase
Reputation Scores
-10 to +10
A Broad Data Set Drives Accuracy
IronPort Reputation Filters Stop
80% of Hostile Mail at the Door….
• Known good
is delivered
Reputation
Filtering
Anti-Spam
Engine
• Suspicious
is rate limited
& spam filtered
Incoming Mail
Good, Bad, and “Grey”
or Unknown Email
• Known bad is
deleted/tagged
• Reputation Filters is a switch point
• IronPort uses identity & reputation to apply policy
• Sophisticated response to sophisticated threats
Reputation-Based Filtering:
A Powerful Technique
•
•
•
Beyond blacklisting—a granular view of behavior
Scores calculated in real-time
Pre-configured policies applied dynamically
IronPort Reputation Filters
Dell Case Study
• Dell’s challenge:
– Dell currently receives 26M messages per day
– Only 1.5M are legitimate messages
– 68 existing gateways running Spam Assassin
were not accurate
• IronPort solution:
– Reputation Filters block over 19M messages per day
– 5.5M messages per day scanned by
anti-spam engine
– Replaced 68 servers with 8 IronPort C60s
•
•
•
Accuracy of spam filtering increased 10x
Servers consolidated by 70%
Operating costs reduced by 75%
“IronPort has
increased the
quality and
reliability of
our network
operations,
while
reducing our
costs.”
-- Tim Helmsetetter
Manager, Global
Collaborative Systems
Engineering and
Service Management,
DELL CORPORATION
IronPort AntiSpam Broadens the
Context with Web Reputation
Effectiveness
TODAY
Where? Web Reputation
Where does the call to action take you?
Who? Email Reputation
Who is sending you this message?
How? Message Structure
How was this message constructed?
What? Message Content
What content is included in this message?
Time
•
Content filtering techniques alone are inadequate
•
Email reputation systems improved protection
•
Combating new attacks demands Web reputation
Customer Benefits
Advantages Over Traditional Anti-spam Solutions
Higher
Employee
Productivity
• 10X lower false-positive rate than competing solutions
• Eliminates need for quarantines or junk folders
Lower Cost
of Admin
• 100,000 rule updates per day
• Prevents admins from “tweaking” the filters to catch spam
• Low FP rate stops help desk calls; whitelist maintenance
Enhanced
Security
• Industry’s first web reputation system
• Stops identity theft due to phishing & spyware
Lower
CapEx
• 2X higher throughput than any enterprise-class antispam solution
• Reduces ongoing hardware and maintenance costs
Multi-layer Virus Defense
Best of Breed
MANAGEMENT TOOLS
SPAM
DEFENSE
VIRUS
DEFENSE
POLICY
ENFORCEMENT
EMAIL
AUTHENTICATION
THE IRONPORT ASYNCOS™ EMAIL PLATFORM
• IronPort Virus Outbreak Filters stop outbreaks 13 hours ahead of signatures
• Sophos Anti-Virus signature based solution with industry leading accuracy
IronPort Virus Outbreak Filters™
First Line of Defense
Early Protection
with
IronPort Virus
Outbreak Filters
IronPort SenderBase Network
®
First, Biggest, Best Reputation System
Global Email and Web Traffic Monitoring
What is going on
RIGHT NOW?
Over 100,000 contributing networks
Over 20M IP addresses tracked globally
View into over 25% of email traffic
Over 110 parameters tracked
How IronPort Virus
Outbreak Filters Work
Dynamic Quarantine In Action
Messages
Scanned &
Deleted
T=0
T = 5 mins
T = 10 mins
T = 8 hours
–zip (exe) files
-zip (exe) files
-Size 50 to 55 KB.
–zip (exe) files
–Size 50 to 55KB
–“Price” in the
name file
–Release messages
if signature
update is in place
IronPort Virus Outbreak
Filters Advantage
Virus Name
Date
Virus Description
Lead Time
(hh:mm)
Kukudro-A
6/27/06
Virus that spreads via zipped word document.
3:38
Feebs.AG
6/21/06
Arrives as an email attachment claiming to be sent via
"Protected E-Mail service“.
17:46
Troj/Stinx-W
6/15/06
IRC backdoor Trojan.
11:12
Yabe.G
5/16/06
Trojan that attempts to download further malicious code.
13:09
Bagle-GT
4/21/06
Installs backdoor and communicates via HTTP, thus
bypassing firewall filters.
18:28
Mytob-HJ
4/19/06
Turns off anti-virus applications of infected PC to avoid
detection.
32:57
Nyxem-D (Kama Sutra)
1/16/06
Deletes most documents on third day of every month.
1:27
Looksky.G
1/6/06
Installs keystroke loggers onto infected PCs.
35:40
Average lead time*…………………………over 13 hours
Outbreaks blocked * ………………………175 outbreaks
Total incremental protection*…………….over 94 days
*June 2005 – July 2006. Calculated as publicly published signatures from the following vendors: Sophos, Trend Micro,
* June
2005 –July
2006.Symantec and McAfee. If signature time is not available, first publicly published alert time is used.
Computer
Associates,
F-Secure,
IronPort Outbreak Filters Protect
G2000 Company From MyDoom.BB
MyDoom Variant—MyDoom.BB (February 15, 2005)
G2000 Company Protected By IronPort’s Virus Outbreak Filters
IronPort Threat Level
Raised to 3 And Protection
Starts
18:08 GMT
First Anti-virus
Signature Published
22:54 GMT (Next Day)
28 hours 46 minutes
February 15, 2005
24:00
23:00
22:00
21:00
20:00
14:00
13:00
12:00
11:00
10:00
9:00
8:00
7:00
6:00
5:00
4:00
3:00
2:00
1:00
24:00
23:00
22:00
21:00
20:00
19:00
18:00
17:00
6503 files quarantined
February 16, 2005
Note: All times shown are in GMT
$65K saved @ $200/desktop, 5% infected
Sophos Anti-Virus Signatures
Second Line of Defense
• Integrated Sophos®
anti-virus engine
– High performance in-line
scanning
• Easy to deploy and
manage
– Intuitive user interface
– Single view with Mail Flow
Monitor
– Auto updates
– Lower TCO with
integrated solution
IronPort Policy Enforcement
Inbound/Outbound Content Filtering for Compliance
MANAGEMENT TOOLS
SPAM
DEFENSE
VIRUS
DEFENSE
POLICY
ENFORCEMENT
EMAIL
AUTHENTICATION
THE IRONPORT ASYNCOS™ EMAIL PLATFORM
• Flexible Policy Engine from Blocking Attachments to Enforcing Regulatory Compliance
• Compliance Solutions and Encryption keep communications private and secure
Flexible Policy Engine
From Blocking Attachments to Enforcing Compliance
• Graphical Representation of
Per-Recipient Policies
• LDAP Integration Reduces
Need for Repetitive
Modifications
• Customizable Notification
Templates
• Robust Conditions and Actions
Email Authentication
Superior Security and Identity Protection
MANAGEMENT TOOLS
SPAM
DEFENSE
VIRUS
DEFENSE
POLICY
ENFORCEMENT
EMAIL
AUTHENTICATION
THE IRONPORT ASYNCOS™ EMAIL PLATFORM
• DomainKey Signing - establishes and protects your identity on the Internet
• IronPort Bounce Verification – protects from misdirected bounce attacks
• Directory Harvest Attack Prevention –blocks attempts to steal email directory information
The Misdirected Bounce Threat
Makes Up 9% of all Internet Email*
Incoming
Gateway
“Zombies”
Recipients: [email protected],
[email protected]
Sender: [email protected]
RETURN TO
SENDER
yourcompany.com
Outgoing
Gateway
Millions of Misdirected Bounces
More
More than
than55%
55% of
ofF500s
F500shave
have experienced
experienceddisruption
disruptionof
ofservice
serviceor
or
aatotal
denial
of
service
due
to
misdirected
bounces
total denial of service due to misdirected bounces
*Source: IronPort Threat Operations Center,
INTERNET EMAIL TRAFFIC EMERGENCY: SPAM “BOUNCE” MESSAGES ARE COMPROMISING NETWORKS, April 2006.
IronPort Bounce Verification™
Protects Against Misdirected Bounce Attacks
BV
Internet
BV
+
•
All Outgoing Mail Stamped Allowing Legitimate Bounces to
be Identified on Return
•
Transparent to End Users, No Industry Adoption Required
•
Eliminates Help Desk Calls and End User Confusion
•
Another IronPort Technical “First"
Integrated DomainKeys
Protects Your Brand and Your Customers
Internet
private
ISPs
DNS
public
• 300M+ Email Accounts Use DomainKeys to Authenticate the
Email Sender
• Deploys in Five Minutes – No CA Issued Key Required
• Every enterprise needs to protect their brand with
authentication
Management for the
Largest Enterprises
MANAGEMENT TOOLS
SPAM
DEFENSE
VIRUS
DEFENSE
POLICY
ENFORCEMENT
EMAIL
AUTHENTICATION
THE IRONPORT ASYNCOS™ EMAIL PLATFORM
• Email Security Manager – unified policy management
• Email Security Monitor – enterprise-class reporting system
• Management Interfaces – simple integration and increased productivity
IronPort Email Security Manager™
Single view of policies for the entire organization
Categories: by Domain,
Username, or LDAP
• Allow all media files
• Quarantine executables
IT
• Mark and Deliver Spam
SALES
• Delete Executables
• Archive all mail
• Virus Outbreak Filters
disabled for .doc files
“Email Security Manager serves as a single,
versatile dashboard to manage all the
services on the appliance.” -- PC Magazine 2/22/05
LEGAL
IronPort Centralized Management
•
•
•
•
Log in anywhere, control everywhere
Interface assures configuration consistency
Apply changes to a machine, group, or cluster
Test on single system, “promote” to cluster
SJ1 Machine
SJ2 Machine
SJ3 Machine
Sofia Group
D2 Machine
D1 Machine
D3 Machine
Plovdiv Group
IRONPORT CLUSTER
T1 Machine
T2 Machine
T3 Machine
Varna Group
IronPort Email Security Monitor™
Advanced Reporting System
Integrated Real-Time
Graphical Reports
CSV Export
Scheduled Delivery
Search by Domain
Email Security Monitor™
System Monitoring
Easy Integration with Existing Processes
Alert Center
• Alert Subscriptions per Admin
• Distinct Areas of Management
Log Subscriptions
SNMP
• Exclusive IronPort MIB
• Integrates with any
SNMP-compatible tools
• 20+ Log Types Supported
• Transfer via FTP, SCP, Syslog
Enterprise Management
Cisco Case Study
• Cisco’s challenge
– 34,000 worldwide employees
– Unique filtering requirements
– Egress points in 8 places globally
• IronPort solution
– Email security manager keeps track of
filtering policies
– Clustering allows all systems to be
administered from San Jose
– Mail Flow Central provides a global view
“IronPort has
significantly
reduced our
administrative
burden, and
increased our
network
security.”
-- Bailey Szeto
Manager, Messaging
Systems,
CISCO SYSTEMS
IronPort Evaluation Policy
• Free evaluation for 30 days
– starts with activation of keys on unit
– can be extended on request
• any size and any way
– you get the right unit for your individual needs
– different ways of testing (life/ stealth, parallel, offline)
– full support, full functionality
• About 75% of users who evaluate become happy
customers!
Get In Contact
Mirko Schneider
Channel Manager
Eastern Europe & Russia
IronPort Systems
Bretonischer Ring 13
D-85630 Grasbrunn/ Munich
Germany
Tel: +49 - 89 - 45 22 27 32
Fax: +49 - 89 - 45 22 27 10
Mobile: +49 - 172 - 83 96 04 7
Web: www.ironport.com
Email: [email protected]
languages:
German
Russian
English