IronPort Email Security Products
Transkript
IronPort Email Security Products
IronPort Email Security Products PROTECTING OVER 300 MILLION EMAIL BOXES WORLDWIDE Mirko Schneider, IronPort Systems „I need to say that the appliance is the best system that I‘ve tested for our magazine since 2003. I need to find a way to bring it out objectively. Otherwise nobody will believe me... “ (an editor of a German IT magazine, Feb 2006) Who is IronPort? • Founded by Email pioneers from in 2000 from Hotmail and Yahoo • idea: building the fastest and strongest gateway appliance • based in USA, California, Silicon Valley • Investors: – General Motors, Chevron-Texaco, NTT, Menlo Ventures, Allegis Capital • raised over 90 million USD • Worldwide 400+ employees • 45 in Europe (UK, Germany, Sweden, France, Spain, Italy) The Principles of Industry Leadership • Analyst Leadership – Recognized as the leader by Gartner, Meta, Radicati, IDC, Forrester, Bloor • Customer Leadership – – – 38 of the World’s Largest 100 Companies 8 of the 10 largest ISPs US Armed Forces • Technology Leadership – – – First with custom, high performance MTA First with Reputation Filtering First with Virus Outbreak Filters • Global Leadership – – – Operations in 25 countries 600+ partners IronPort infrastructure currently operating in 75+ countries IronPort: Technology Leadership Magic Quadrant for E-Mail Security Boundary 2005 Source: Gartner RAS Core Research You need that competitive analysis? Mail me at [email protected]! IronPort Email Security Appliances • High Performance Email Security Appliances Stopping Spam, Viruses, and Enforcing Compliance IronPort X1000 IronPort C10 IronPort C300/C600 IronPort SenderBase Network ® Global Reach Yields Benchmark Accuracy The Dominant Force in Global Email and Web Traffic Monitoring… …Results in Accuracy and Advanced Protection Spam Caught by Reputation 80% IronPort CipherTrust 50% BorderWare 40% Network Reach (Contributing Networks) IronPort CipherTrust BorderWare 120,000 4,000 8,000 Virus Protection Lead • 5B+ queries daily • 150+ Email and Web parameters • 25% of the World’s Email Traffic Source: www.ciphertrust.com and www.borderware.com, August 6, 2006 IronPort 13 hours* McAfee, Trend, Symantec, Sophos, CA, F-Secure * 6/2005 – 6/2006. 175 outbreaks identified. Calculated as publicly published signatures from the listed vendors. Leading Edge Technology Reputation Filtering Sets off Industry Scramble February 16, 2003 November 9, 2004 IronPort SenderBase™ Proofpoint MLX Dynamic Reputation™ July 21, 2003 May 23, 2005 IronPort Reputation Filters™ 2003 Tumbleweed Recurrent Pattern Detection™ 2004 2005 June 14, 2005 June 4, 2004 CipherTrust TrustedSource™ June 28, 2004 Symantec Brightmail Reputation Service Trend Micro Acquires Kelkea Reputation Product Product Consolidation at the Network Perimeter For Security, Reliability and Lower Maintenance Before IronPort After IronPort Internet Firewall Internet Firewall MTAs Anti-Spam Anti-Virus IronPort Email Security Appliance Policy Enforcement Mail Routing Groupware Users Groupware Users IronPort Architecture for Multi-Layered Email Security MANAGEMENT TOOLS SPAM DEFENSE VIRUS DEFENSE POLICY ENFORCEMENT EMAIL AUTHENTICATION THE IRONPORT ASYNCOS™ EMAIL PLATFORM IronPort AsyncOS™ Unmatched Scalability and Security MANAGEMENT TOOLS SPAM DEFENSE VIRUS DEFENSE POLICY ENFORCEMENT EMAIL AUTHENTICATION THE IRONPORT ASYNCOS™ EMAIL PLATFORM • AsyncOS scalable and secure OS optimized for messaging • Advanced Email Controls protect reputation and downstream systems • Standards-based Integration replaces legacy systems with ease IronPort AsyncOS™ Revolutionary Email Platform Traditional Email Gateways And Other Appliances 200 Incoming/Outgoing Connections Single Queue For all Destinations Low Performance/ DoS Potential Queue Backup Delays All Mail IronPort Email Security Appliance 10,000 Incoming/Outgoing Connections Per-Destination Queues High Performance/ Sure Delivery Fault-Tolerance and Custom Control Advanced Email Controls Only Available from IronPort Virtual Gateway™ Technology Destination Controls ? 163.24.127.3 Internet 163.24.127.3 Internet New Company Bounces • • • Protect Your Groupware Servers Rate Limit Mail Sent Per Destination Enforce TLS Encryption PerDestination • • • 163.24.127.4 163.24.127.5 Safeguard Your Reputation Send Different Types of Mail Via Separate IPs IronPort Patent Pending Technology Multi-layer Spam Defense Best of Breed MANAGEMENT TOOLS SPAM DEFENSE VIRUS DEFENSE POLICY ENFORCEMENT EMAIL AUTHENTICATION THE IRONPORT ASYNCOS™ EMAIL PLATFORM • IronPort Reputation Filters – the outer layer defense • IronPort Anti-Spam - stops the broadest array of threats – spam, phishing, fraud Multi-Layered Security Preventive + Reactive = Defense in Depth Preventive Layer + Reactive Layer Immediate Reaction to Threats Adapts Over Time Extremely High Performance Computationally Intensive Coarse Outer Layer Fine-grained Inner Layer Blocks or Rate Limits Delete or Quarantine IronPort SenderBase Network ® First, Biggest, Best Reputation System Global Email and Web Traffic Monitoring Over 120,000 contributing networks Over 20M IP addresses tracked globally View into 25 - 30% of email traffic Over 110 parameters tracked IronPort SenderBase ® Data Makes the Difference 150 Parameters Threat Prevention in Realtime • Complaint Reports • Spam Traps • Message Composition Data • Global Volume Data • URL Lists • Compromised Host Lists • Web Crawlers • IP Blacklists & Whitelists • Additional Data SenderBase Data Data Analysis/ Security Modeling SenderBase Reputation Scores -10 to +10 A Broad Data Set Drives Accuracy IronPort Reputation Filters Stop 80% of Hostile Mail at the Door…. • Known good is delivered Reputation Filtering Anti-Spam Engine • Suspicious is rate limited & spam filtered Incoming Mail Good, Bad, and “Grey” or Unknown Email • Known bad is deleted/tagged • Reputation Filters is a switch point • IronPort uses identity & reputation to apply policy • Sophisticated response to sophisticated threats Reputation-Based Filtering: A Powerful Technique • • • Beyond blacklisting—a granular view of behavior Scores calculated in real-time Pre-configured policies applied dynamically IronPort Reputation Filters Dell Case Study • Dell’s challenge: – Dell currently receives 26M messages per day – Only 1.5M are legitimate messages – 68 existing gateways running Spam Assassin were not accurate • IronPort solution: – Reputation Filters block over 19M messages per day – 5.5M messages per day scanned by anti-spam engine – Replaced 68 servers with 8 IronPort C60s • • • Accuracy of spam filtering increased 10x Servers consolidated by 70% Operating costs reduced by 75% “IronPort has increased the quality and reliability of our network operations, while reducing our costs.” -- Tim Helmsetetter Manager, Global Collaborative Systems Engineering and Service Management, DELL CORPORATION IronPort AntiSpam Broadens the Context with Web Reputation Effectiveness TODAY Where? Web Reputation Where does the call to action take you? Who? Email Reputation Who is sending you this message? How? Message Structure How was this message constructed? What? Message Content What content is included in this message? Time • Content filtering techniques alone are inadequate • Email reputation systems improved protection • Combating new attacks demands Web reputation Customer Benefits Advantages Over Traditional Anti-spam Solutions Higher Employee Productivity • 10X lower false-positive rate than competing solutions • Eliminates need for quarantines or junk folders Lower Cost of Admin • 100,000 rule updates per day • Prevents admins from “tweaking” the filters to catch spam • Low FP rate stops help desk calls; whitelist maintenance Enhanced Security • Industry’s first web reputation system • Stops identity theft due to phishing & spyware Lower CapEx • 2X higher throughput than any enterprise-class antispam solution • Reduces ongoing hardware and maintenance costs Multi-layer Virus Defense Best of Breed MANAGEMENT TOOLS SPAM DEFENSE VIRUS DEFENSE POLICY ENFORCEMENT EMAIL AUTHENTICATION THE IRONPORT ASYNCOS™ EMAIL PLATFORM • IronPort Virus Outbreak Filters stop outbreaks 13 hours ahead of signatures • Sophos Anti-Virus signature based solution with industry leading accuracy IronPort Virus Outbreak Filters™ First Line of Defense Early Protection with IronPort Virus Outbreak Filters IronPort SenderBase Network ® First, Biggest, Best Reputation System Global Email and Web Traffic Monitoring What is going on RIGHT NOW? Over 100,000 contributing networks Over 20M IP addresses tracked globally View into over 25% of email traffic Over 110 parameters tracked How IronPort Virus Outbreak Filters Work Dynamic Quarantine In Action Messages Scanned & Deleted T=0 T = 5 mins T = 10 mins T = 8 hours –zip (exe) files -zip (exe) files -Size 50 to 55 KB. –zip (exe) files –Size 50 to 55KB –“Price” in the name file –Release messages if signature update is in place IronPort Virus Outbreak Filters Advantage Virus Name Date Virus Description Lead Time (hh:mm) Kukudro-A 6/27/06 Virus that spreads via zipped word document. 3:38 Feebs.AG 6/21/06 Arrives as an email attachment claiming to be sent via "Protected E-Mail service“. 17:46 Troj/Stinx-W 6/15/06 IRC backdoor Trojan. 11:12 Yabe.G 5/16/06 Trojan that attempts to download further malicious code. 13:09 Bagle-GT 4/21/06 Installs backdoor and communicates via HTTP, thus bypassing firewall filters. 18:28 Mytob-HJ 4/19/06 Turns off anti-virus applications of infected PC to avoid detection. 32:57 Nyxem-D (Kama Sutra) 1/16/06 Deletes most documents on third day of every month. 1:27 Looksky.G 1/6/06 Installs keystroke loggers onto infected PCs. 35:40 Average lead time*…………………………over 13 hours Outbreaks blocked * ………………………175 outbreaks Total incremental protection*…………….over 94 days *June 2005 – July 2006. Calculated as publicly published signatures from the following vendors: Sophos, Trend Micro, * June 2005 –July 2006.Symantec and McAfee. If signature time is not available, first publicly published alert time is used. Computer Associates, F-Secure, IronPort Outbreak Filters Protect G2000 Company From MyDoom.BB MyDoom Variant—MyDoom.BB (February 15, 2005) G2000 Company Protected By IronPort’s Virus Outbreak Filters IronPort Threat Level Raised to 3 And Protection Starts 18:08 GMT First Anti-virus Signature Published 22:54 GMT (Next Day) 28 hours 46 minutes February 15, 2005 24:00 23:00 22:00 21:00 20:00 14:00 13:00 12:00 11:00 10:00 9:00 8:00 7:00 6:00 5:00 4:00 3:00 2:00 1:00 24:00 23:00 22:00 21:00 20:00 19:00 18:00 17:00 6503 files quarantined February 16, 2005 Note: All times shown are in GMT $65K saved @ $200/desktop, 5% infected Sophos Anti-Virus Signatures Second Line of Defense • Integrated Sophos® anti-virus engine – High performance in-line scanning • Easy to deploy and manage – Intuitive user interface – Single view with Mail Flow Monitor – Auto updates – Lower TCO with integrated solution IronPort Policy Enforcement Inbound/Outbound Content Filtering for Compliance MANAGEMENT TOOLS SPAM DEFENSE VIRUS DEFENSE POLICY ENFORCEMENT EMAIL AUTHENTICATION THE IRONPORT ASYNCOS™ EMAIL PLATFORM • Flexible Policy Engine from Blocking Attachments to Enforcing Regulatory Compliance • Compliance Solutions and Encryption keep communications private and secure Flexible Policy Engine From Blocking Attachments to Enforcing Compliance • Graphical Representation of Per-Recipient Policies • LDAP Integration Reduces Need for Repetitive Modifications • Customizable Notification Templates • Robust Conditions and Actions Email Authentication Superior Security and Identity Protection MANAGEMENT TOOLS SPAM DEFENSE VIRUS DEFENSE POLICY ENFORCEMENT EMAIL AUTHENTICATION THE IRONPORT ASYNCOS™ EMAIL PLATFORM • DomainKey Signing - establishes and protects your identity on the Internet • IronPort Bounce Verification – protects from misdirected bounce attacks • Directory Harvest Attack Prevention –blocks attempts to steal email directory information The Misdirected Bounce Threat Makes Up 9% of all Internet Email* Incoming Gateway “Zombies” Recipients: [email protected], [email protected] Sender: [email protected] RETURN TO SENDER yourcompany.com Outgoing Gateway Millions of Misdirected Bounces More More than than55% 55% of ofF500s F500shave have experienced experienceddisruption disruptionof ofservice serviceor or aatotal denial of service due to misdirected bounces total denial of service due to misdirected bounces *Source: IronPort Threat Operations Center, INTERNET EMAIL TRAFFIC EMERGENCY: SPAM “BOUNCE” MESSAGES ARE COMPROMISING NETWORKS, April 2006. IronPort Bounce Verification™ Protects Against Misdirected Bounce Attacks BV Internet BV + • All Outgoing Mail Stamped Allowing Legitimate Bounces to be Identified on Return • Transparent to End Users, No Industry Adoption Required • Eliminates Help Desk Calls and End User Confusion • Another IronPort Technical “First" Integrated DomainKeys Protects Your Brand and Your Customers Internet private ISPs DNS public • 300M+ Email Accounts Use DomainKeys to Authenticate the Email Sender • Deploys in Five Minutes – No CA Issued Key Required • Every enterprise needs to protect their brand with authentication Management for the Largest Enterprises MANAGEMENT TOOLS SPAM DEFENSE VIRUS DEFENSE POLICY ENFORCEMENT EMAIL AUTHENTICATION THE IRONPORT ASYNCOS™ EMAIL PLATFORM • Email Security Manager – unified policy management • Email Security Monitor – enterprise-class reporting system • Management Interfaces – simple integration and increased productivity IronPort Email Security Manager™ Single view of policies for the entire organization Categories: by Domain, Username, or LDAP • Allow all media files • Quarantine executables IT • Mark and Deliver Spam SALES • Delete Executables • Archive all mail • Virus Outbreak Filters disabled for .doc files “Email Security Manager serves as a single, versatile dashboard to manage all the services on the appliance.” -- PC Magazine 2/22/05 LEGAL IronPort Centralized Management • • • • Log in anywhere, control everywhere Interface assures configuration consistency Apply changes to a machine, group, or cluster Test on single system, “promote” to cluster SJ1 Machine SJ2 Machine SJ3 Machine Sofia Group D2 Machine D1 Machine D3 Machine Plovdiv Group IRONPORT CLUSTER T1 Machine T2 Machine T3 Machine Varna Group IronPort Email Security Monitor™ Advanced Reporting System Integrated Real-Time Graphical Reports CSV Export Scheduled Delivery Search by Domain Email Security Monitor™ System Monitoring Easy Integration with Existing Processes Alert Center • Alert Subscriptions per Admin • Distinct Areas of Management Log Subscriptions SNMP • Exclusive IronPort MIB • Integrates with any SNMP-compatible tools • 20+ Log Types Supported • Transfer via FTP, SCP, Syslog Enterprise Management Cisco Case Study • Cisco’s challenge – 34,000 worldwide employees – Unique filtering requirements – Egress points in 8 places globally • IronPort solution – Email security manager keeps track of filtering policies – Clustering allows all systems to be administered from San Jose – Mail Flow Central provides a global view “IronPort has significantly reduced our administrative burden, and increased our network security.” -- Bailey Szeto Manager, Messaging Systems, CISCO SYSTEMS IronPort Evaluation Policy • Free evaluation for 30 days – starts with activation of keys on unit – can be extended on request • any size and any way – you get the right unit for your individual needs – different ways of testing (life/ stealth, parallel, offline) – full support, full functionality • About 75% of users who evaluate become happy customers! Get In Contact Mirko Schneider Channel Manager Eastern Europe & Russia IronPort Systems Bretonischer Ring 13 D-85630 Grasbrunn/ Munich Germany Tel: +49 - 89 - 45 22 27 32 Fax: +49 - 89 - 45 22 27 10 Mobile: +49 - 172 - 83 96 04 7 Web: www.ironport.com Email: [email protected] languages: German Russian English