270 likes | 477 Views
IDC eGovernment. The Future of Email Security. John Ryan Operations Director Entropy. Fixing Email. Email - Where Are We Now? The Current State of Messaging (Security) Top Enterprise Email Threats & The Cost to Corporations Where Is The Industry Going? Reactive Point Solutions
E N D
IDC eGovernment The Future of Email Security John Ryan Operations Director Entropy
Fixing Email • Email - Where Are We Now? • The Current State of Messaging (Security) • Top Enterprise Email Threats & The Cost to Corporations • Where Is The Industry Going? • Reactive Point Solutions • Proposed Email Identity Standards • New Technologies to Address these Issues? • Identity, Reputation, Policy Control • Unique solutions available now
The Mission-Critical App Is Collapsing • Email Is The Form Of Business Communication • 80% Of Businesses Consider Email More Important Than Phones • Email Is No Longer Reliable • Spam, False-Positives, Viruses, Forgery And Other Threats Make Email Unreliable • Users Are Rapidly Losing Trust In Email 52% Say They Trust Email Less 25% Have Reduced Email Use —Pew Internet Life Project —
Challenges of E Mail Today! • E mail has become a mission critical communications vehicle • E mail has become a major delivery mechanism for marketing messages…SPAM! • Most of these marketing messages are unsolicited and unwanted • Spam is perceived as the most significant problem of enterprise. Source: Osterman Research
Some Email Statistics • United States • China • South Korea • Poland • France • Great Britain • Germany • Brazil • Spain • Japan • 18B message per day (73% of which is SPAM) • Message volume has increased by 2B in January • 9.4B messages coming for “Zombie” hosts • 290,000 infected hosts tracked last week alone • 15,000+ compromised zombie networks • 75% of all Viruses are deployed via an email • Phishing scam’s accounted for 1% of SPAM • Top countries sending SPAM …….. Source: Senderbase network – go to www.ironport.com/toc
Spam Will cost corporate users over £10B in the US alone.1 Overall cost of spam between £10B and £87B, or £50 to £1400 per worker per year.2 Set to get worse Corporate spam traffic will rise from 44 billion messages per day in 2006, to 83 billion messages per day in 2009.3 Corporations Pay the Consequences • Viruses • Sobig virus cost more than £1B.4 • Disaster recovery costs increased by 23% in 2003 to almost £100,000 per organization per virus outbreak.5 • Confidential information • Difficult to estimate • Devastating impacts 1. Ferris Research 2. Pew Internet and American Life Project 3. Radicati Group 4. Computer Economics 5. ICSA Labs’ Prevalence Survey
It Takes Two: Senders and Receivers • We Are All Email Senders And Email Receivers • Solving Receiver Problems Means Addressing Sender Issues And Vice Versa • The Solution To Fixing Email Is NOT One-sided • A Healthy Email System Requires Feedback Loops • Integrating complaint and other corrective data back into the system is a fundamental requirement
Email Gateway Infrastructure Issues On top of all the Security vulnerabilities, the infrastructure itself is at breaking point….. • Bespoke deployments • Complexity • Performance issues & bottlenecks • Reliability of the solutions • Huge Admin Overhead • Limited visibility or control • Managing the escalating costs $$$
Fixing Email • Email - Where Are We Now? • The Current State of Messaging (Security) • Top Enterprise Email Threats & The Cost to Corporations • Where Is The Industry Going? • Reactive Point Solutions • Proposed Email Identity Standards • New Technologies to Address these issues? • Identity, Reputation, Policy Control • Unique solutions available now
The Industry “Reacts” • Solutions are reactive NOT proactive • Point solution approach • Content-based filtering band-aids • Cat and mouse game – its never going to end! • New filter, new threat, new filter, new threat, new filter, new threat, new filter There is some good news! >>>>
Industry Adopts Identity • Sender-ID/SPF • Technical Solution For Sender Address Forgery • Yahoo! Domain Keys • Authenticating Entire Email Message Based On Sender Domain There are limitations to this “partial” solution.
Fixing Email • Email - Where Are We Now? • The Current State of Messaging (Security) • Top Enterprise Email Threats & The Cost to Corporations • Where Is The Industry Going? • Reactive Point Solutions • Proposed Email Identity Standards • New technologies to Address these Issues? • Identity, Reputation, Policy Control • Unique solutions available now
Critical Components of a Complete Solution • The vulnerability exposed by spam, viruses, phishing is inherent to the email protocol, SMTP • Reputation services are a critical component of the solution: 1 Advanced authentication standards IDENTITY 2 A holistic view of a sender’s trustworthiness REPUTATION 3 Intelligently apply filtering techniques based on the apparent threat POLICY
SpamCop, SpamHaus (SBL), NJABL Spamtraps Blacklists Extensive network of “invalid" accounts 3rd party email accreditation SpamCop, ISP abuse data, BondedSender abuse data Global Complaint Data Open Proxy Data SORBS, OPM, DSBL… Fortune 1000 status, length of sending history, location, whether domain accepts email, etc. Global Volume Data Other Data 30,000 organizations (25% of all email) Authenticated Unknown Sender Reputation Established SenderBase: Leading Reputation Service • 75,000 contributing organizations • 4 billion queries daily • >25% of world’s Internet email -10 +10
Email Security Appliances:Enforcing Policy • IronPort Appliances Use Identity And Reputation To Apply Policy • Trusted Known Senders Bypass Spam Filters • Suspicious Unknown Senders Are Throttled And Filtered • Hostile Senders Are Deleted Or Tagged • Known good is delivered • Suspicious is throttled & spam filtered Anti-Spam Email Appliance • Known bad is deleted/tagged
Virus Date Virus Threat Level Raised First Anti-virus Signature Available Outbreak Filter Lead Time Mydoom.bb 15 Feb 05 18:08 22:54 Next Day 28:46 hours Goldun.H 15 Feb 05 23:04 16:17 17:13 hours Sober.J 30 Jan 05 23:01 09:21 10:20 hours Cidra-D 3 Dec 04 3:11PM 7:58 PM 4:47 hours Outbreak Filter Advantage
Prevention: Temporary Quarantine MyDoom.bb 6503 files Quarantined 100% capture Outbreak Rules TemporaryQuarantine Virus Filter • Pulls outbreak rules for all incoming email attachments • Triggers automated quarantine for suspicious attachments • Releases messages for rescanning through standard filters Closes the Reaction Gap
Consolidation of the Email Perimeter BEFORE AFTER Email Appliance
Summary • Security spend has to increase to meet the ever increasing business demands • Email is now THE critical communications system • Our email systems are under attach and straining to deliver • We need to re-think our approach to email delivery and invest in new technology