240 likes | 251 Views
Explore the evolution of content security from email virus scanning to modern-day threat protection. Learn the current threats and what's needed for tomorrow's security challenges. Discover how Marshal addresses these issues effectively.
E N D
Content Security, Its history and relevance for the security threats of tomorrow… Bradley Anstis Director of Product Management bradley.anstis@marshal.com
Agenda • Content Security, what is it and where did it come from? • The reality of today • What will you need tomorrow? • How is Marshal addressing this? • So who is Marshal? Marshal Confidential
What is Content Security? The Airport Analogy • Firewall Security • Like Immigration at an Airport • Controls who is permitted to enter or leave • Content Security • Like Customs at an Airport • Controls what is permitted to enter or leave Marshal Confidential
Where did it come from? • Initial products deployed for Email Virus scanning • Needed to unpack messages • Limitations of the then mainly ‘Signature’ based AV solutions caused file type detection, initially by extension • Then by actual file type • Then Text scanning • Then Spam… Marshal Confidential
The Reality of Today Marshal Confidential
Today’s Messaging Requirements Inbound ThreatsDenial of Service AttacksUnacceptable ImagesPhishingSpamVirus’sSpywareDirectory Harvest AttacksIn-bound Content Security Email &Instant Messaging InternalRequirements • Archiving • Confidentiality • Compliance Requirements • Acceptable Use Policies • Management • Content Filtering Outbound ThreatsData LeakageOutbound SpamOutbound Virus’sOut Bound Content Security Are you going to use Point solutions for everything??? Marshal Confidential
Today’s Browsing Requirements Outbound ThreatsData LeakageOutbound Virus’sOut Bound Content Security InternalRequirements Inbound ThreatsVirus’sHTTP ContentHTTPS ContentP2PFTPPhishingInappropriate ImagesSpyware Caching Acceptable Use Policies Compliance Requirements Management Content Filtering Can you use a URL Filtering product to do all of this??? Marshal Confidential
But what will you need tomorrow??? Marshal Confidential
Today’s Internet Threat Vectors • Email Messaging • Instant Messaging • Web Browsing • VOIP *Future Functionality Marshal Confidential
How is Marshal addressing this? Marshal Confidential
Required Functionality Areas Inbound & Outbound Content Security Threat Protection Data Leakage Enterprise Management Secure Messaging & Browsing Compliance & Regulation Marshal Confidential
Inbound & Outbound Content Security • Organizations today are aware of the issues caused by incoming inappropriate content, but it is perhaps the issues caused by Outgoing content that have the most potential for damage… • Marshal Servers at the Perimeter to scan for… • Detection of File Types, analysis of actual file structure • 177 native file types and ability to add custom types • Recursive Archive un-packing • Text analysis and recognition • Perform complex lexical analysis on text strings • A script can include many conditions. Each condition is based on words or phrases combined using Boolean and proximity operators. • Deep Image Analysis – Inappropriate Image Detection & Control • Whether it is coming in or going out… Marshal Confidential
Threat Protection • Multi-layered threat protection offering services from Marshal TRACE Team such as:- • SpamCensor (Heuristic Spam Detection) • RBL Support • URLCensor (suRBL) • OCR for Image Based Spam* • 10 Supported AV Scanners • 2 Supported Spyware Scanners • SPF / DKIM Support * • Email Host Reputation Service * • Proactive threat notification and remote threat avoidance rule deployment * • URL Filtering List Integration * • Extensive live threat update and protection services to protect against inbound threats such as:- • Spam • Phishing • Spyware • Virus’s • Denial of Service Attacks • Directory Harvest Attacks • Inappropriate Images • Customer site data returned to Marshal to show:- • Missed Spam * • False Positives * • URL’s visited * *Future Functionality Marshal Confidential
Threat Protection • Threat Website* • Marshal Trace Team (Threat Research and Content Engineering) to report on all issues that may enter a company through Messaging, Web or IM • Threat website to immediately report on all found issues, vulnerabilities, Virus’s and any other updates • Analyst Login to provide further source data & figures • Automated notifications with set severity levels and pushed to Marshal Today Page as a tickertape • Issue alerts pushed to Marshal Today Page detailing severity and linking to detailed information – Scrolling list • Customer login to access detailed information and sample Marshal policy to provide workaround and then fix for issue • Ability for TRACE team to automatically push policy to Marshal customers to immediately protect them for example by temporally quarantining suspect attachments, denying file type download etc • Powered by RSS feeds from partner Vendors & Industry sources • Remote Protection Policy Deployment to Customers *Future Functionality Marshal Confidential
Compliance & Regulation • Research • What applies to us? • Definition • How will it apply and where? • Control points defined • Planning • Minimal Disruption • Policy & Rule Creation • Compliance Toolkits • Deployment to control points • Internal Email • External Email • Instant Messaging • Web Browsing • Retrospective Scanning? • Inspect • Enforcement of Policy • Report • Violations • Archive • Record Discovery • Intelligent Retention Control • Auditing • Immediate Expiry • Audit Review • Ensure Coverage of rules • Policy Testing • Effectiveness • Security • Review • New Legislation Research Marshal Confidential
Data leakage • Image and Document Flow Management • Ability to create Chinese walls not only externally but internally as well • Protect your IP from leaking out of your company • Control this information at any Marshal End Point using:- • OCR –Use to enable text searching / matching of content • For example, catching print screen capture of confidential documents • Advanced Attachment / Text Fingerprinting • Based on plagiarism detection technology • Percentage based matching, is this more than 70% the same as this for example • Confidential document tracking and distribution control Marshal Confidential
Secure Messaging & Browsing • Providing Secured Communications for End users but also allowing full Content Inspection by Company • Email • TLS • PGP • Marshal Secure Email Client • Zero download client for B to C and like environments, using SSL • Ability to control what can be done with any attachments, i.e. Printing, saving etc • Audited and confirmation back to sending company • Web Browsing • HTTPS Browsing inspection Marshal Confidential
Enterprise Management • Centralized Management for Policy Configuration • Control Content Security whether inbound or outbound by content type no matter what the delivery vector • Delegated Administration • By policy container, company hierarchy or geographic location • Unified Reporting Console • Across all vectors • Scheduled Reported • Automatic posting • Advanced Clustering Support • Native fail-over file system for quarantine folders • Extended Microsoft OS clustering support • MOM Management Packs Marshal Confidential
Complete Messaging Management Internal & External Email Archiving Management Threat Protection Compliance Secure Messaging Content Filtering Data Leakage InstantMessaging Policy Management Inbound & Outbound Marshal Confidential
Who is Marshal? Marshal Confidential
Marshal History 1997 Developed MailMarshal following a request by a transport company in New Zealand. Were 2nd in entering market with email content control software. Subsequent realise of WebMarshal, MailMarshal for Exchange, MailMarshal Secure and imMarshal 1999 -2000 Expanded across Australia, New Zealand and into Europe 2001-2002 Expanded into US market 2000 Marshal listed as fastest growing company in ANZ region by Deloitte 2002 Acquired by NetIQ Corp 2005 Spun out of NetIQ through MBO. Independent company with HQ in Basingstoke (UK) EMEA: Paris, Johannesburg Americas: Houston, Atlanta Asia Pacific: Auckland, Sydney 2006 Launch of new company, new brand, new products Marshal Confidential
What We Do Secure Integrated Email and Internet Management Marshal provide Email and Internet management solutions that integrate • Content filtering • Compliance • Secure messaging • Archiving We enable organizations to: • Secure your IT universe from abuse and external threats such as viruses, spam and malicious code • Protect your networks, your employees, your business assets and your corporate reputation • Comply with corporate governance legislation - such as email retention and management Marshal Confidential
Who we do it for… • Global Fortune 500 • 40% are Marshal customers and we have • 64% of the Europe Top 50 • 45% of the USA Top 170 • 42% of the Asia Top 50 **allowed for external use** Marshal Confidential