330 likes | 1.04k Views
Cloudmark and Openwave Messaging Anti-Abuse Name Date Cloudmark Company overview Technology leadership: Headquarters: Founded: Products: Email statistics: Subscribers protected: Customers: Strategic partners: Anti-spam, anti-phishing and anti-virus San Francisco, CA, USA 2001
E N D
Cloudmark Company overview Technology leadership: Headquarters: Founded: Products: Email statistics: Subscribers protected: Customers: Strategic partners: Anti-spam, anti-phishing and anti-virus San Francisco, CA, USA 2001 Desktop, Server, Gateway and Data Services Processes over 1 billion messages per day Over 100 million mailboxes Service providers (fixed-line & mobile), small to large enterprises and consumers Openwave, Sendmail, Bizanga, PayPal, CommuniGate Systems and Secure Computing Over 160 countries Ignition Partners, FT Ventures, Sumitomo Corp International presence: Investors:
Industry leaders chose Cloudmark SERVICE PROVIDERS FINANCIAL TEXT TEXT TEXT TECHNOLOGY GOVERNMENT EDUCATION HEALTH MEDIA
Rising cost of spam/phishing for service providers • Increased network storage costs • Decreased customer satisfaction • Spam cited as one of top reasons for subscriber churn (Ferris Research) • Phishing threats target ISP credentials posing a security threat • Fixed-line spam • Costs U.S. & European service providers $500M / year (Ferris Research) • Mobile spam • Some service providers charge a toll to both sender and recipient • Costs end users 3 cents per message to download an unsolicited text message (Ferris Research) Ferris Research, Anti-Spam for Businesses and ISPs: Market Size 2003-2008
Openwave Cloudmark Solutions • Complete protection against messaging abuse • Spam • Phishing • Viruses : First line of defense against e-mail borne viruses • Anti-Spam and Anti-Phishing solutions can be licensed separately • Value Added Services : Cloudmark Network Feedback System - Management reporting tool demonstrates filtering effectiveness • Mail Store Clean-Up Service: Unique solution to clear spam out of existing storage infrastructure (can be licensed separately and frees up approx. 15% of storage). • Always beat the competition on effectiveness, accuracy, performance and cost savings
Cloudmark Collaborative Security Network • Zero-hour response: real-time protection from all messaging threats • Blocks attacks between 20 seconds to 3 minutes • Cloudmark’s community of users vote in real time on the latest threats • World’s largest spam and phishing database • Up to 1 Billion reports per day • Feedback from 1.7 million Cloudmark Desktop customers, over 350,000 Vipul’s Razor installations and millions of enterprise & ISP users • Advanced fingerprinting algorithms • Precise identification of emails, users vote on messages reliably • Goal: identify all messages in an attack with a single fingerprint • Trust Evaluation System (TeS) • Tracks reputation of each reporter ensuring data integrity and accuracy • Determines when to mark a fingerprint as spam, phishing, virus or other
Cloudmark Authority E-mail protection • Cloudmark’s gateway anti-abuse product for service providers • Cloudmark Authority Engine extensions service for Openwave Email Mx • Cloudmark Anti Abuse extensions service for Openwave Edge Gx • Cloudmark Network Classifier • High performance classification engine designed for service provider scalability • Uses five fingerprinting algorithms and an in memory cache of known bad fingerprints kept up to date with the Cloudmark Service every minute • Tight integration into the Openwave messaging system • Runs on extensions server, configured through config.db and LDAP • Per class of service or system wide filtering • High message throughput with low resource utilization • Double the throughput of competing filters with lower CPU utilization • Allows for reduction in infrastructure and costs
Zero-hour response Desktop MS Outlook, Outlook Express Open Source Vipul’s Razor Handheld Mobile devices, cell phones Server MS Exchange, Lotus Notes Gateway Enterprises, Service Providers 20 Seconds Aggregate feedback from millions of users Trust Evaluation System Real-time content reputation Automated DataAnalysis Threat Detection Spam, Phishing, Viruses, Spyware Response
Cloudmark versus traditional approaches CloudmarkApproach BlockAttack Threat Detection: Real-time feedback from millions of users & trusted honeypots • Highly optimized fingerprints • Automatic analysis & updates * Zero hour response * Highest accuracy * No admin. intervention * Low TCO Traditional Approach Attack?? Test rules Deploy new rules/lists Analysis of new threat Write new rules Threat Detection: Honeypots - Hours/days delay before protection - administration intensive - outdated data
Anti-Spam, Anti-Phishing Protection for fixed-line and mobile environments • Industry-leading accuracy • Equally effective on both email and mobile spam messages • Proprietary fingerprinting algorithms allow extreme precision on small messages with “unintelligible” content • Real-time feedback from millions of users • Industry-leading throughput • 5 fingerprinting algorithms enable rapid processing of abuse • Competitive offerings process thousands of rules • Algorithms compute fingerprints on messages and match against local cache • Fingerprint updates automatically downloaded from Cloudmark Service • Deployed with major service providers worldwide • Integrates at SMTP MTA or at SMTP to SMS gateway • Mobile-to-mobile filtering • SDK available for SMSC and MMSC integration
Effective Defense against Phishing • Cloudmark Solutions • Broad collection of phishing reports • Automated real-time response to attacks • Dynamic reputation system • Reputation data adjusts dynamically without manual intervention • Advanced fingerprint algorithms • Characteristics of Phishing Attacks • Targeted • Attack specific groups based on harvested data • Transient • Attacks are short-lived (a few hours) • Dynamic • Phishing sites move across many compromised hosts • Coordinated and organized • Increasingly sophisticated micro economy has emerged • Costly TEXT TEXT TEXT TEXT
Protection from advanced threats • Phishing • Phishing is more advanced than spam: targeted, transient, organized • Cloudmark’s community enables the real-time response necessary to stop phishing before it costs users and degrades corporate brands • After testing several leading solutions, PayPal chose Cloudmark to protect their 50M+ customers from phishing • Viruses • Modern day worm email viruses can attack millions of users in minutes • Cloudmark provides the zero-hour protection to augment existing AV protection—filling the hole when new viruses begin propagating • Recent Kama Sutra Blocked first by Cloudmark within minutes. Legacy AV vendors took one day to provide fix!! • Future threats and delivery vehicles • Threats moving to new delivery vehicles: SMS, MMS, VoIP, IM, Blogs, Web, …
Results of 3 recent case studies • A large mobile operator (50M+ subscribers) realized: • 14.7% increase in filtered message rates for spam and phishing • 300% reduction in false positives and even greater reduction in false criticals • 87.5% filtration of viruses/worms • A broadband provider realized: • 14% increase in total filtered messages rate • 21% improvement in spam filtering accuracy • 475% reduction in false positives • 10-15% reduction in CPU utilization • Significant OPEX and CAPEX cost savings over existing solution • A large cable MSO (2M subscribers) realized: • 15% increase in filtered messages rate • Significant reduction in false positives (1/20th FP and 1/50th FC) Filtered messages rate: # of messages marked spam / total # of messages scannedSpam filtering accuracy: # of spam message caught / # of spam messages scanned False Positives:Legitimate newsletter archive summary emails Forwarded personal jokes or other chain messages Refers to the recipient by name False Criticals: Person to person email Important message,often business-related or personal in nature
Cloudmark / Openwave Mail Store Clean Up Service • Designed to measure and eliminate spam and phishing messages stored in the mail store • Professional service will scan messages on MSS for old spam missed by existing filter and never deleted by user • Multiple Options available • Messages can be deleted, moved or other action based on service providers policy • Different policies for which users to scan for can be implemented (All users, only inactive users, other?) • Different policies for which messages to scan for can be implemented (Only unread, only messages in certain folders?) • Reduces storage, system administration & data processing costs • Typically reduces volume of messages by approx 70% and storage space by 15%
Cloudmark Network Feedback System Reporting Reports for service provider: • Immediate view of system accuracy • Every piece of feedback is used and tracked • Email subscription & search features Reports for user: • Webmail integration • Show users value provider is giving • Users gain sense of community & value their contribution
Client solutions for service providers • Cloudmark Desktop • Microsoft Outlook or Outlook Express toolbar • Out of the box spam and phishing protection • Easier feedback mechanism for POP users • Cloudmark Anti-Fraud Toolbar • Microsoft Internet Explorer toolbar • Blocks phishing and pharming attacks • Cloudmark Desktop SDK • Integrate Cloudmark anti-abuse and reporting technology into existing applications • Business models • Revenue sharing • Bulk licensing • White labeling
Key benefits for service providers • Zero-hour response to messaging threats • Fastest possible response: 20 seconds to 3 minutes • High performance • High msg/sec rate • Lower CPU utilization than competing solutions • Industry-leading accuracy • Cloudmark solutions consistently rank as the most accurate • Draws on data collected from real users in real time • Easily integrated into existing network infrastructure • Can be deployed at internal MTA, Edge and SMSC/MMSC • Higher end-user satisfaction • Participates in the solution, feeling enabled to fight back • Less spam in Inbox • Protected from phishing scams • First line protection from viruses
Business value to service providers Lowest TCO • Reduced infrastructure costs • Significant storage and network resource reduction • Lowest CPU utilization (less computing power) • Easy to maintain • Automatic updates • No rules and lists • Reduced customer support calls and costs • Real-time feedback improves customer satisfaction • Less strain on customer service • Significant storage savings from cleaning up current mail store Revenue generator • Cloudmark Desktop & Anti-Fraud Toolbar distribution (can be branded) • Attractive revenue-sharing programs