310 likes | 532 Views
Henrik Davidsson Nordic & Baltic Territory Manager. Securing your corporate Email. The 25 year old security infrastructure problem. IronPort Systems: The New Leader in Email Security. Industry-leading technology AsyncOS, powers the world’s fastest Messaging Gateway Appliance
E N D
Henrik Davidsson Nordic & Baltic Territory Manager Securing your corporate Email. The 25 year old security infrastructure problem
IronPort Systems: The New Leader in Email Security • Industry-leading technology • AsyncOS, powers the world’s fastest Messaging Gateway Appliance • SenderBase, the world’s first & largest email traffic monitoring network • Industry-leading customers • 1400+ customers • Over 50% of the world’s largest ISPs, media & technology companies choose IronPort • Industry-leading partnerships • Symantec, Sophos, PGP, Veritas, BlueCoat and more IronPort C-SeriesEmail Security Appliance
Fixing Email • Email - Where Are We Now? • The Current State of Messaging (Security) • Top Enterprise Email Threats & The Cost to Corporations • Where Is The Industry Going? • Reactive Point Solutions • Proposed Email Identity Standards • How does IronPort Address these Issues? • Identity, Reputation, Policy Control & Enforcements • Unique solutions available now
The Mission-Critical App Is Collapsing • Email Is The Form Of Business Communication • 80% Of Businesses Consider Email More Important Than Phones • Usage has heavily increased, both in terms of number of accounts, penetration and size of messages • Email Is No Longer Reliable • Spam, False-Positives, Viruses, Forgery And Other Threats Make Email Unreliable • Users Are Rapidly Losing Trust In Email 52% Say They Trust Email Less 25% Have Reduced Email Use —Pew Internet Life Project —
Some Email Statistics • United States • South Korea • China • Canada • Ukraine • Spain • Brazil • France • UK • Hong Kong • 18B message per day (68% of which is SPAM) • Message volume increase by 2B monthly since January • 8B messages coming for “Zombie” hosts • Infected hosts tracked every week • 15,000+ compromised zombie networks • 75% of all Viruses are deployed via an email • Phishing scam’s accounted for 1% of SPAM • Top countries sending SPAM …….. Source: Senderbase network – got to www.ironport.com/toc
Today’s Top Enterprise Email Threats It’s only going to get worse!
Spam Will cost corporate users over USD18B in the US alone.1 Overall cost of spam between USD18B and USD120B, or USD80 to USD2,500 per worker per year.2 Costly downtime Costs from USD85 to USD150 for companies, depending on email platform.3 Corporations Pay the Consequences • Viruses • Sobig virus cost more than USD160M.4 • Disaster recovery costs increased by 23% in 2003 to almost USD150,000 per organization per virus outbreak.5 • Confidential information • Difficult to estimate • Devastating impacts 3. Radicati Group 4. Computer Economics 5. ICSA Labs’ Prevalence Survey 1. Ferris Research 2. Pew Internet and American Life Project
It Takes Two: Senders and Receivers • We Are All Email Senders And Email Receivers • Solving Receiver Problems Means Addressing Sender Issues And Vice Versa • The Solution To Fixing Email Is NOT One-sided • A Healthy Email System Requires Feedback Loops • Integrating complaint and other corrective data back into the system is a fundamental requirement
Email Gateway Infrastructure Issues On top of all the Security vulnerabilities, the infrastructure itself is at breaking point….. • Bespoke deployments • Complexity • Performance issues & bottlenecks • Reliability of the solutions • Huge Admin Overhead • Limited visibility or control • Managing the escalating costs $$$
Fixing Email • Email - Where Are We Now? • The Current State of Messaging (Security) • Top Enterprise Email Threats & The Cost to Corporations • Where Is The Industry Going? • Reactive Point Solutions • Proposed Email Identity Standards • How does IronPort Address these Issues? • Identity, Reputation, Policy Control • Unique solutions available now
The Industry “Reacts” • Solutions are reactive – NOT proactive • Point solution approach • Content-based filtering band-aids • Cat and mouse game – its never going to end! • New filter, new threat, new filter, new threat, new filter, new threat, new filter There is some good news! >>>>
Industry Adopts Identity • Sender-ID/SPF • Technical Solution For Sender Address Forgery • Yahoo! Domain Keys • Authenticating Entire Email Message Based On Sender Domain There are limitations to this “partial” solution.
Fixing Email • Email - Where Are We Now? • The Current State of Messaging (Security) • Top Enterprise Email Threats & The Cost to Corporations • Where Is The Industry Going? • Reactive Point Solutions • Proposed Email Identity Standards • How does IronPort Address these Issues? • Identity, Reputation, Policy Control • Unique solutions available now
“Fixing E-mail” • The vulnerability exposed by spam, viruses, phishing is inherent to the email protocol, SMTP • Reputation services are a critical component of the solution: 1 Advanced authentication standards IDENTITY 2 A holistic view of a sender’s trustworthiness REPUTATION 3 Intelligently apply filtering techniques based on the apparent threat POLICY
AsyncOS™ Revolutionary MTA Platform WITHOUT IRONPORT C-SERIES WITH IRONPORT C-SERIES Single Queue - 200 - 300 connections Up to 30,000 Messages per Hour Queue per destination - 10,000 connections Up to 500,000 Messages per hour • All mail delayed by 1 slow domain • Deliverable mail backed up • Poor scalability for future volume • No delay if a domain goes down • Deliverable mail cleared Real Time • Highly scalable, low appliance count
SenderBase:Leading Reputation Service • 75,000 contributing organizations • 4-5 billion queries daily • >25% of world’s Internet email SpamCop,SpamHaus (SBL), NJABL Extensive network of “invalid”accounts SpamCop, ISP abuse data, BondedSender abuse data Spamtraps & Complaint Data Blacklists 3rd party email accreditation Message size, number of attachments, attachment types Message Composition Data Open Proxy Data SORBS, OPM, DSBL… Fortune 1000 status, length of sending history, location, whether domain accepts email, etc. Global Volume Data Other Data 75,000 organizations (25% of all email) -10 +10 Authenticated Unknown Sender Reputation Established
IronPort Reputation Filters Stops 75% of Hostile Mail at the Door…. +10 Trusted Policy Accepted Policy Untrusted Policy Rejected Policy -10 • IronPort uses identity & reputation to apply policy • Trusted Known senders are delivered • Suspicious and Unknown senders are throttled & controlled • Hostile senders are rejected or deleted Sophisticated Response to Email Threats
Prevention: Temporary Quarantine Bagel.AI +30,000 files Quarantined 100% capture Outbreak Rules TemporaryQuarantine Virus Filter • Pulls outbreak rules for all incoming email attachments • Triggers automated quarantine for suspicious attachments • Releases messages for rescanning through standard filters Closes the Reaction Gap
Email Security Manager Tailor policy by group or individual • Block media files • Quarantine executables ENGINEERING • Mark and Deliver Spam • Executables Deleted SALES • Archive all mail • No VOF for .doc files LEGAL Point and Click User Interface Apply policy by domain,email address, or LDAP Group
IronPort Content Scanningfor Regulatory Compliance IronPort Content Scanning Engine Encrypt Archive BCC to Compliance Officer Notify Legal Personnel Remove Attachment Return to Sender Bounce Email Drop Email HighPerformance Flexible Fine Grained Incoming / Outgoing Mail Customer Specific Filters Pre- defined HIPAA, GLB, SOX Filters LDAP Server Queries
Simple and Powerful Custom Content Filters • Custom content filters to meet the needs of any business • Supports scanning in international character sets • Easy-to-use GUI flexible and fast • Integrated Administrator quarantine for content review
IronPort Consolidates the Email Perimeter BEFORE IRONPORT AFTER IRONPORT Revolutionary MTA Platform for High Availability & Performance Exclusive Preventive Filters IronPort Reputation Filters™ IronPort Virus Outbreak Filters™ Best of Breed Reactive Filters Symantec Brightmail Anti-Spam™ Sophos Anti-Virus™ IronPort Content Policy Engine PGP Encryption Real-time Mailflow visibility & access control
Carrier-Proven Technology & Enterprise Class Solutions 6 of the 10 Largest ISPs The World’s Largest Enterprises
Intelligent Protection for Dell • Dell’s challenge: • Dell currently receives 26M messages per day • Only 1.5M are legitimate • Spam Assassin on 68 gateways was not accurate • IronPort solution: • Reputation filters block over 19M messages per day • C-Series sends 5.5M messages per day through Brightmail content filtering • IronPort replaced 68 servers with 8 IronPort C60 appliances Accuracy of spam filtering increased 10x Servers consolidated by 70% Operating costs reduced as much as 75% “IronPort has increased the quality and reliability of our network operations, while reducing our costs.” —Tim HelmstetterManager, Global Collaborative Systems Engineering and Service Management, Dell Corporation
Case Study: “I just wanted to let you know that the penny has finally dropped with regards to the Ironport and message flow!!! I now understand exactly what, how and where things are going and I must say the power of the technology has blown me away. This thing is awesome, so good in fact that I would recommend every company in the world gets one or (two)…!!” IT Operations Manager 13th Jan 2005
Any Questions? Thank you for listening – For more info visit www.ironport.com www.senderbase.org Henrik Davidsson +46 701 90 11 00 henrik@ironport.com To win the Enigma Machine Book Question: Which country is the source for the SECOND highest volume of SPAM on a global basis? SOUTH KOREA