1 / 32

IronPort Email Security Products

IronPort Email Security Products. PROTECTING OVER 300 MILLION EMAIL BOXES WORLDWIDE . Mirko Schneider, IronPort Systems.

delores
Download Presentation

IronPort Email Security Products

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. IronPort Email Security Products PROTECTING OVER 300 MILLION EMAIL BOXES WORLDWIDE Mirko Schneider, IronPort Systems „I need to say that the appliance is the best system that I‘ve tested for our magazine since 2003. I need to find a way to bring it out objectively. Otherwise nobody will believe me... “ (an editor of a German IT magazine, Feb 2006)

  2. Who is IronPort? • Founded by Email pioneers from in 2000 from Hotmail and Yahoo • idea: building the fastest and strongest gateway appliance • Investors: • General Motors, Chevron-Texaco, NTT, Menlo Ventures, Allegis Capital • raised over 90 million USD • Worldwide 400+ employees • 45 in Europe (UK, Germany, Sweden, France, Spain, Italy) • partner in BG: Escom Bulgaria

  3. The Principles of Industry Leadership • Analyst Leadership • Recognized as the leader by Gartner, Meta, Radicati, IDC, Forrester, Bloor • Customer Leadership • 38 of the World’s Largest 100 Companies • 8 of the 10 largest ISPs • US Armed Forces • Technology Leadership • First with custom, high performance MTA • First with Reputation Filtering • First with Virus Outbreak Filters • Global Leadership • partners in 25 countries, units in 75+ • 600+ partners

  4. IronPort: Technology Leadership Magic Quadrant for E-Mail Security Boundary 2005 Source: Gartner RAS Core Research You need that competitive analysis? Mail me at mschneider@ironport.com!

  5. IronPort Email Security Appliances • High Performance Email Security Appliances Stopping Spam, Viruses, and Enforcing Compliance IronPort X1000 IronPort C10 IronPort C300/C600

  6. Before IronPort After IronPort Internet Internet Firewall Firewall MTAs Anti-Spam Anti-Virus Policy Enforcement Mail Routing IronPort Email Security Appliance Groupware Groupware Users Users Product Consolidation at the Network PerimeterFor Security, Reliability and Lower Maintenance

  7. IronPort Architecture for Multi-Layered Email Security MANAGEMENT TOOLS SPAM DEFENSE VIRUS DEFENSE POLICY ENFORCEMENT EMAIL AUTHENTICATION THE IRONPORT ASYNCOS™ EMAIL PLATFORM

  8. IronPort AsyncOS™Unmatched Scalability and Security MANAGEMENT TOOLS SPAM DEFENSE VIRUS DEFENSE POLICY ENFORCEMENT EMAIL AUTHENTICATION THE IRONPORT ASYNCOS™ EMAIL PLATFORM • AsyncOS scalable and secure OS optimized for messaging • Advanced Email Controls protect reputation and downstream systems • Standards-based Integration replaces legacy systems with ease

  9. 200 Incoming/Outgoing Connections Low Performance/DoS Potential High Performance/Sure Delivery 10,000Incoming/Outgoing Connections Single Queue For all Destinations Fault-ToleranceandCustom Control Queue BackupDelays All Mail Per-DestinationQueues IronPort AsyncOS™Revolutionary Email Platform Traditional Email GatewaysAnd Other Appliances IronPort Email Security Appliance

  10. Multi-layer Spam DefenseBest of Breed MANAGEMENT TOOLS SPAM DEFENSE VIRUS DEFENSE POLICY ENFORCEMENT EMAIL AUTHENTICATION THE IRONPORT ASYNCOS™ EMAIL PLATFORM • IronPort Reputation Filters – the outer layer defense • IronPort Anti-Spam - stops the broadest array of threats – spam, phishing, fraud

  11. Blocks 80% of spam at the gateway Multi-Layered SecurityPreventive + Reactive = Defense in Depth Preventive Layer Reactive Layer + Immediate Reaction to Threats Extremely High Performance Coarse Outer Layer Blocks or Rate Limits Adapts Over Time Computationally Intensive Fine-grained Inner Layer Delete or Quarantine

  12. IronPort SenderBase®NetworkFirst, Biggest, Best Reputation System Global Email and Web Traffic Monitoring Over 120,000 contributing networks Over 20M IP addresses tracked globally View into 25 - 30% of email traffic Over110 parameters tracked

  13. Threat Prevention in Realtime SenderBaseReputation Scores -10 to +10 Data Analysis/ Security Modeling SenderBase Data IronPort SenderBase®Data Makes the Difference 150 Parameters • Complaint Reports • Spam Traps • MessageComposition Data • Global Volume Data • URL Lists • Compromised Host Lists • Web Crawlers • IP Blacklists & Whitelists • Additional Data A Broad Data Set Drives Accuracy

  14. IronPort Reputation Filters Stop 80% of Hostile Mail at the Door…. • Known good is delivered • Suspicious is rate limited & spam filtered Reputation Filtering Anti-Spam Engine Incoming Mail Good, Bad, and “Grey” or Unknown Email • Known bad is deleted/tagged • Reputation Filters is a switch point • IronPort uses identity & reputation to apply policy • Sophisticated response to sophisticated threats

  15. IronPort Reputation FiltersDell Case Study • Dell’s challenge: • Dell currently receives 26M messages per day • Only 1.5M are legitimate messages • 68 existing gateways running Spam Assassinwere not accurate • IronPort solution: • Reputation Filters block over 19M messages per day • 5.5M messages per day scanned byanti-spam engine • Replaced 68 servers with 8 IronPort C60s • Accuracy of spam filtering increased 10x • Servers consolidated by 70% • Operating costs reduced by 75% “IronPort hasincreased thequality andreliability ofour networkoperations,whilereducing ourcosts.” -- Tim HelmsetetterManager, GlobalCollaborative SystemsEngineering andService Management,DELL CORPORATION

  16. IronPort AntiSpam Broadens the Context with Web Reputation Where?Web Reputation Where does the call to action take you? Who?Email Reputation Who is sending you this message? How?Message Structure How was this message constructed? What?Message Content What content is included in this message? Effectiveness TODAY • Content filtering techniques alone are inadequate • Email reputation systems improved protection • Combating new attacks demands Web reputation Time

  17. 100,000 rule updates per day • Prevents admins from “tweaking” the filters to catch spam • Low FP rate stops help desk calls; whitelist maintenance • Industry’s first web reputation system • Stops identity theft due to phishing & spyware • false positive rate 1/1.000.000 = 10X lower than competing solutions • Eliminates need for quarantines or junk folders • 2X higher throughput than any enterprise-class anti-spam solution • Reduces ongoing hardware and maintenance costs Higher Employee Productivity Lower Cost of Admin Enhanced Security Lower CapEx Customer BenefitsAdvantages Over Traditional Anti-spam Solutions

  18. Multi-layer Virus DefenseBest of Breed MANAGEMENT TOOLS SPAM DEFENSE VIRUS DEFENSE POLICY ENFORCEMENT EMAIL AUTHENTICATION THE IRONPORT ASYNCOS™ EMAIL PLATFORM • IronPort Virus Outbreak Filters stop outbreaks 13 hours ahead of signatures • Sophos Anti-Virus signature based solution with industry leading accuracy

  19. IronPort Virus Outbreak Filters™ First Line of Defense Early Protection with IronPort Virus Outbreak Filters

  20. IronPort SenderBase®NetworkFirst, Biggest, Best Reputation System Global Email and Web Traffic Monitoring What is going onRIGHT NOW? Over 100,000 contributing networks Over 20M IP addresses tracked globally View into over 25% of email traffic Over110 parameters tracked

  21. How IronPort Virus Outbreak Filters WorkDynamic Quarantine In Action Messages Scanned & Deleted • T = 0 • zip (exe) files • T = 5 mins -zip (exe) files-Size 50 to 55 KB. • T = 10 mins • zip (exe) files • Size 50 to 55KB • “Price” in the name file • T = 8 hours • Release messages if signature update is in place

  22. IronPort Virus OutbreakFilters Advantage Average lead time*…………………..over 13 hours Outbreaks blocked * ………………………175 outbreaks Total incremental protection*…………….over 94 days *June 2005 – July 2006. Calculated as publicly published signatures from the following vendors: Sophos, Trend Micro, Computer Associates, F-Secure, Symantec and McAfee. If signature time is not available, first publicly published alert time is used. * June 2005 –July 2006.

  23. Email AuthenticationSuperior Security and Identity Protection MANAGEMENT TOOLS SPAM DEFENSE VIRUS DEFENSE POLICY ENFORCEMENT EMAIL AUTHENTICATION THE IRONPORT ASYNCOS™ EMAIL PLATFORM • DomainKey Signing - establishes and protects your identity on the Internet • IronPort Bounce Verification – protects from misdirected bounce attacks • Directory Harvest Attack Prevention –blocks attempts to steal email directory information

  24. BV BV Internet RETURN TO + SENDER The Misdirected Bounce ThreatMakes Up 9% of all Internet Email* Incoming Gateway “Zombies” joe1@enterprise.com,jane88@enterprise.com billing@yourcompany.com Recipients: Sender: yourcompany.com Outgoing Gateway Millions of Misdirected Bounces *Source: IronPort Threat Operations Center, INTERNET EMAIL TRAFFIC EMERGENCY: SPAM “BOUNCE” MESSAGES ARE COMPROMISING NETWORKS, April 2006.

  25. Internet private ISPs DNS public Integrated DomainKeysProtects Your Brand and Your Customers • 300M+ Email Accounts Use DomainKeys to Authenticate the Email Sender • Deploys in Five Minutes – No CA Issued Key Required • Every enterprise needs to protect their brand with authentication

  26. Management-Tools MANAGEMENT TOOLS SPAM DEFENSE VIRUS DEFENSE POLICY ENFORCEMENT EMAIL AUTHENTICATION THE IRONPORT ASYNCOS™ EMAIL PLATFORM • Email Security Manager – unified policy management • Email Security Monitor – enterprise-class reporting system • Management Interfaces – simple integration and increased productivity

  27. Install Wizzardon-box “set and forget” Easy Install Wizzard – Easy Configurationsetup your IronPort in 10 minutes Single License Agreement Visual Configuration Email Security Configuration

  28. IT SALES LEGAL IronPort Email Security Manager™Single view of policies for the entire organization Categories: by Domain, Username, or LDAP • Allow all media files • Quarantine executables • Mark and Deliver Spam • Delete Executables • Archive all mail • Virus Outbreak Filters disabled for .doc files “Email Security Manager serves as a single,versatile dashboard to manage all theservices on the appliance.” -- PC Magazine 2/22/05

  29. Integrated Real-TimeGraphical Reports Alert Center CSV Export SNMP SJ1 Machine SJ2 Machine D2 Machine D1 Machine T1 Machine T2 Machine SJ3 Machine D3 Machine T3 Machine Sofia Plovdiv Varna Clustering Email Security Monitor™ Monitoring and Reporting in Depth

  30. Enterprise ManagementCisco Case Study • Cisco’s challenge • 34,000 worldwide employees • Unique filtering requirements • Egress points in 8 places globally • IronPort solution • Email security manager keeps track of filtering policies • Clustering allows all systems to be administered from San Jose • Mail Flow Central provides a global view “IronPort hassignificantlyreduced ouradministrativeburden, andincreased ournetworksecurity.” -- Bailey SzetoManager, MessagingSystems, CISCO SYSTEMS

  31. Why not... ... a standard PC hardware? • it is not manufactured for 24x7x365 running • it has no redundancy and poor support • it is made for the other purposes ... a standard Linux or Windows OS? • it is not hardened for email purposes • it is a bottleneck • it is suspectible to DoS and other attacks ... an open source AntiSpam or AntiVirus? • it has NO preventive layer, you accept any mail and scan it • it has poor or no support • it has a poor catch rate and high false positives • it requires training for AntiSpam • it has rare updates for AntiVirus and AntiSpam

  32. IronPort Evaluation Policy  • Free evaluation for 30 days • starts with activation of keys on unit • can be extended on request • any size and full support • you get the right unit for your individual needs • different ways of testing (life/ stealth, parallel, offline) • full support, full functionality • About 75% of users who evaluate become happy customers! Благодаря!

More Related