1 / 41

Ed Macnair Director Content Security

Ed Macnair Director Content Security. Spam and beyond…. Agenda. Messaging Attacks Spam Phishing DOS Other Internet Attacks Spy-ware Legal Compliance External & Internal Content Security How can NetIQ help?. Email becoming important Volumes growing A desktop experience

blair-gibbs
Download Presentation

Ed Macnair Director Content Security

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Ed Macnair Director Content Security

  2. Spam and beyond….

  3. Agenda • Messaging Attacks • Spam • Phishing • DOS • Other Internet Attacks • Spy-ware • Legal Compliance • External & Internal Content Security • How can NetIQ help?

  4. Email becoming important Volumes growing A desktop experience Virus/Spam annoyance Plaintext email Basic archiving Downtime common Evolution of Email Mid to Late 90’s Today Tomorrow • More important than phone • Volumes growing faster • Desktop + mobile • Viruses can shut down businesses • Rich email, large attachments • Policy & regulatory compliance • High availability expected but operations are complex & costly • Cornerstone of collaboration • Volumes growing exponentially • Any networked device • Viruses impacting devices beyond server & PC • Integrated communications • Ubiquitous privacy, security & compliance requirements • High availability with simplified operations & reduced costs

  5. Growth of Spam • Still the No1 driver for Content Security • From 8 % of all Email in 2001 to 60%+ of all Email in 2004 • Average of 60% of all company Email is Spam • Some companies as high as 95.8% • NetiQ receives up to 9.2 Million Email per 24hrs • 69% Spam, 4% Virus infected • Today 40% of all Spam sent by Zombie PC’s • SoBig, MyDoom, Bagle all contained code

  6. Worldwide Spam breakdown… Top 10 Spam Countries 1. United States 2. China 3. South Korea 4. Taiwan 5. Canada 6. Brazil 7. Russia 8. Japan 9. Hong Kong 10. Argentina ***Source NetIQ Analysis

  7. 2001 Spam…

  8. 2005 Spam…

  9. Isn’t That Enough Bad News?

  10. Spam Has Evolved, We Must Evolve Too… Best solution • Multi Layered approach using a selection of good techniques • Detect and block as early as possible • If Quarantined, quarantine at the perimeter • Provide users with selection of useful but simple tools • Ability to exchange secure Email with more business partners to reduce likelihood of False Positives • Product that is more than just Spam to provide greater chances of evolving further in future • Also protects against other Email borne attacks

  11. DMZ Perimeter deployment

  12. Simple End User tools…

  13. Some Spam Detection Techniques… • Bayesian • Fingerprinting Database • Lexical Analysis • Heuristics • Grey-Listing • Optical Character Recognition • Sender-ID Framework (Spam Prevention) • Domain Keys (Spam Prevention)

  14. Bringing it all together – Multi Pronged Technical Solution + End User Education Industry Self Regulation + Legislation + + International Co-operation = Problem Solved???

  15. Spam is a problem BUT there is a lot more you need to worry about!

  16. Phishing – Disguised URL

  17. Phishing – Over writing URL Malicious Java application over writing address bar

  18. United Kingdom is not exempt!

  19. Phishing – What next? • Worm applications controlling browser behavior • Layered Anti Virus Protection • In-depth desktop scanning • Internal user identity theft emerging • Review your remote access technologies • User Education • Users divulging confidential data • User Training • In-depth Content Security Protection

  20. Phishing – How do I protect myself? • Heuristics Testing • Optical Character Recognition • suRBL Lookups • Comparison & Testing of URL links • User Education!!!

  21. Other Internet Attacks…

  22. What is Spy-ware? • Hacker Tools • defined as programs that are intentionally run by a hacker, usually in the hacker's machine. All such tools have interfaces through which the hacker interacts with the program • Key Loggers • Application running in the background recording all the keystrokes • Remote Administration Tools • A Remote Administration Tool, or RAT, is a Trojanthat when run, provides an attacker with the capability of remotely controlling a machine via a "client" in the attacker's machine, and a "server" in the victim's machine • Spy-ware • Any product that employs a user's Internet connection in the background without their knowledge, and gathers/transmits info on the user or their behavior • Spy-ware Cookies • Any cookie that is shared among two or more unrelated sites for the purpose of tracking a user's browsing and/or gathering and/or sharing information which many users regard as "private. • Trojans • Unwanted software which runs in a user's machine, as an agent of the attacker, without user awareness • Worms • A program that propagates by attacking other machines and copying itself to them

  23. How do I Stop Spy-ware?

  24. Denial of Service • NETIQ bought two new companies to complement the Web Trends business - Web Position and First Place software in May. • IT migrated from an old Unix based system (that did include Marshal - but all mail was handle by Unix mail gateways 1st) to 3 dual proc Windows 2003 servers running Marshal 6.0 • The "business" was anxious that both these companies were integrated into the NETIQ mail system before the start of the next calendar month (June). This migration would involve changing their MX records to point to NETIQ.

  25. Denial of Service • Our mail volume increased immediately after integration but just before month end First Place got hit by email "storm". • In 24hrs we processed over 11 million messages, stayed up(!) and got through month end. If email had gone deals could not have been closed !!! (the process in SAP is reliant on an automated email process - no rev rec otherwise).

  26. Denial of Service • When we had previously been targeted by email "storm" (prior to the installation of Marshal) we had to ask our ISPs to stop sending us mail while we rebuilt out trashed systems. Don't have a financial impact of that episode but our CIO did change a few months later ;-).

  27. Viruses, viruses, viruses!!! • The virus problem remains • W32/Netsky.P-mm • W32/Zafi.B-mm • W32/Netsky.Z-mm • W32/Bagle.Z-mm • W32/Netsky.Q-mm • W32/NetSky.D-mm • W32/Mydoom.M-mm • W32/Lovgate.W-mm • W32/Netsky.C-mm • W32/Netsky.B-mm

  28. Legal Compliance

  29. Controlling Confidential Data 1. All Confidential Documents forwarded to Fingerprint Store X 2. Confidential Documents recognized by checking finger print from store, report and block or allow depending on policy

  30. Legal Compliance • ISO 17799 / BS 7799 • International Standards for the protection of Data • Legal Admissibility and Evidential Weight • Standards for how electronic documents should be managed and stored for legal admissibility and evidential weight • Litigation/Discovery Support Costs • Rapidly getting more expensive, major disincentive against taking legal action • Data Protection Act 1998 • This act demands that any personal information is kept securely and not retained for longer than is necessary, also individuals can ask for any information that may mention them • Regulation of Investigatory Powers Act 2000 • This act allows employers to monitor messaging content • Freedom of Information Act – Jan 2005 • Allows anyone to request information from public sector, Police etc • Securities and Exchange Commission (SEC) • Coming to Europe

  31. External and Internal Content Security

  32. Are all the Villains on the outside? • Competition • User Ignorance • User grievances • Legal Compliance • Requirement for Internal Content Security will increase

  33. Email threats • Oracle facing £370,000 sex discrimination claimIT saleswoman says it went on 'at the highest level'http://newsletters.silicon.cneteu.net/t/38899/534480/15383/0/

  34. So how can NetIQ help? • MailMarshal 6.0 for SMTP • External Content Security • MailMarshal 5.1 for Exchange • Internal Content Security • WebMarshal 3.5 • Internet Access Control

  35. 2005 Reviews SC Magazine - NetIQ has a long and successful name in email security so it is no surprise to see it dominating this group test with MailMarshal. IDG - Net IQ MailMarshal wins due to first-rate performance and few weaknesses Redmond Magazine - MailMarshal has an exceptional reporting system and its spam identification attributes were the best of the group

  36. Market Overview • 2004 – Spam was major market driver • Phishing became prevalent • Virus outbreaks continued to proliferate • Spyware is seen as an Enterprise threat • Appliances- the rise of the machines!

  37. Market Direction ’05,‘06 • Spam is still a driver……. • but most Enterprises have solutions • Mobile spam, PDA’s, etc • VOIP vulnerable • Regulatory Compliance • Sarbanes Oxley • Basle II • HIPPAA • And more to come

  38. Market Direction • Legal Liability will start to bite • Cases becoming common • Encryption re-emerges • Spyware • Needs definition • Layered approach • Email Management • Content Security • Intelligent routing • Archival and storage • All need to be integrated

  39. Market Direction • Vendor consolidation • Fragmented market approaches • Greater degree of market segmentation • Enterprise class solutions • Differing solutions for different threat levels • Managed Services • Battle for SME space

  40. Useful Links… NetIQ Marshal Content Security Information http://www.netiq.com/solutions/security/contentsecurity.asp Microsoft Sender-ID Framework http://www.microsoft.com/mscorp/twc/privacy/spam_senderid.mspx Microsoft’s Spam Page http://www.microsoft.com/mscorp/twc/privacy/spam.mspx Grey-listing information http://projects.puremagic.com/greylisting/ Anti-Phishing Working Group http://www.antiphishing.org/index.html Singapore Anti-Spam Research Centre http://www.antispam.org.sg/

  41. Questions?

More Related