Presentation is loading. Please wait.

Presentation is loading. Please wait.

IronPort Email & Web Gateway Security Solutions PROTECTING OVER 300 MILLION EMAIL BOXES WORLDWIDE Frederic Benichou Director, South Europe, Middle-East.

Similar presentations

Presentation on theme: "IronPort Email & Web Gateway Security Solutions PROTECTING OVER 300 MILLION EMAIL BOXES WORLDWIDE Frederic Benichou Director, South Europe, Middle-East."— Presentation transcript:

1 IronPort & Web Gateway Security Solutions PROTECTING OVER 300 MILLION BOXES WORLDWIDE Frederic Benichou Director, South Europe, Middle-East & Africa IronPort Systems

2 IronPort Consolidates the Perimeter Anti-Spam Anti-Virus Policy Management Mail Routing Before IronPort Internet Firewall MTAs Groupware Users IronPort Security Appliance After IronPort Internet Users Groupware Firewall

3 IronPort: Industry Leadership Global Leadership –Founded in 2000, based in San Bruno, CA –35 offices in 25 countries –Approx 380 people Analyst Leadership –Recognized as leader by Gartner, Meta, IDC, Forrester, Bloor Customer Leadership –About 3000 customers in 75 countries –8 of the 12 largest ISPs –20%+ of the largest Enterprises (Global 2000) –300+ millions mail boxes protected –US Armed Forces & Government Technology Leadership –First with custom, high performance MTA –First with Reputation Filtering (SenderBase) –First with Virus Outbreak Filters

4 Sample customers in France MACSF 10,000 bal 1,000 bal Cipa Comexpo SNC Gestor

5 Case Study: Société Générale

6 Multi-Layered Security Preventive + Reactive = Defense in Depth Reactive Layer Preventive Layer + Immediate Reaction to Threats Extremely High Performance Coarse Outer Layer Blocks or Rate Limits Adapts Over Time Computationally Intensive Fine-grained Inner Layer Delete or Quarantine

7 SenderBase ® / Threat Operations Center SenderBaseTOC Team of security experts Global volume data Message composition data Spam traps, complaints Blacklists, whitelists Compromised host lists Open proxy lists Offline data (F500, ISP, NSP, govt.)… Sender Reputation Score 90+ Parameters Web Reputation Score URL blacklists and whitelists HTML Content Data Domain Registrar Information Compromised Host Lists Network Owners Known Threats URLs Web Site History… 45+ Parameters

8 IronPort : Integrated Secured Gateways Security C Series Web Security S Series Security Management M Series

9 IronPort Security Appliances High Performance Security Appliances Stopping Spam, Viruses and Other Threats, Enforcing Policies, and Reducing Admin Costs for Enterprises and Service Providers IronPort C300/C600 IronPort C10 IronPort X1000


11 AsyncOS Unmatched Scalability and Security AsyncOS scalable and secure OS optimized for messaging Identity Protection secures enterprise identity Standards-based Integration replaces legacy systems with ease MANAGEMENT TOOLS DEFENSE AGAINST SPAMs CONTENT PROCESSING DEFENSE AGAINST VIRUS AUTHENTICATION ASYNCOS MTA PLATFORM

12 AsyncOS Revolutionary MTA Platform Traditional Gateways And Other Appliances IronPort Security Appliance 200 Incoming/Outgoing Connections Low Performance/ DoS Potential Single Queue For all Destinations Queue Backup Delays All Mail Per-Destination Queues Fault-Tolerance and Custom Control 10,000 Incoming/Outgoing Connections High Performance/ Sure Delivery

13 AsyncOS Advanced Identity Protection Directory Harvest Attack Prevention Virtual Gateway Technology Intelligent Bounce Handling Protects Against: Theft of your user database by spammers Unique Advantage: Integrates with SenderBase to track global attacks Protects Against: Inadvertent blockage of your corporate mail Unique Advantage: Provides up to 256 unique IP addresses per appliance Protects Against: Blacklisting of your IPs from intentional NDRs Unique Advantage: Distinct IPs for NDRs, In-conversation recipient checking

14 AsyncOS Standards Based Integration LDAP DNS Advanced Networking Essential Mail Operations Integrates with all standard LDAP servers including Active Directory Carrier-class client and cache on-box High performance client resolves millions of record per hour Configure separate DNS servers per domain 802.1Q VLAN Tagging for network security NIC failover for redundancy Loopback interfaces for load balancer integration Alias, masquerade, and routing tables Powerful header operations Store tables on box or in LDAP directory


16 IronPort Reputation Filters Stop 80% of Hostile Mail at the Door…. Known good is delivered Suspicious (ex. Score = -4 to -1): limit the rate & pass thru Anti-Spam filter Known bad (ex. Score = -10 to -4): connection rejected IronPort uses identity & reputation to apply policy Sophisticated response to sophisticated threats Anti-Spam Engine Incoming Mail Good, Bad, and Grey or Unknown Reputation Filtering Senderbase

17 A wide sample of parameters, for a reliable assessment of Reputation Good Reputation Average Reputation System Tolerant of Anomalies Blacklisted Good Sending History Only Sending to Valid Recipients Reverse DNS Works Poor Reputation Volume Spike

18 Positive & Negative Reputation

19 Customer case – Marseille-Nice Universities 30,000+ users Universités Numériques Région PACA

20 IronPort Reputation Filters Dell Case Study Dells challenge: –Dell currently receives 26M messages per day –Only 1.5M are legitimate messages –68 existing gateways running Spam Assassin were not accurate IronPort solution: –Reputation filters block over 19M messages per day –5.5M messages per day scanned by Symantec Brightmail –Replaced 68 servers with 8 IronPort C60s Accuracy of spam filtering increased 10x Servers consolidated by 70% Operating costs reduced as much as 75% IronPort has increased the quality and reliability of our network operations, while reducing our costs. -- Tim Helmsetetter Manager, Global Collaborative Systems Engineering and Service Management, Dell Corporation

21 Leading Efficacy –CASE (Content Adaptive Scanning Engine) optimized for blended threats –Multiple sources Industry leading throughput Virtually Zero False Positives –Approx 1 in 1 million No administrative burden –Install and walk away –Automatic filter updates, no tuning required –System adapts to new threats without manual tweaking of rules IronPort Anti-Spam : High Performance, No Administration Score How? Structural Analysis What? Content Analysis Where? Web Reputation Who? Reputation IronPort CASE

22 IronPorts Context Adaptive Scanning Engine (CASE) IronPort Anti-Spam Competitive Solutions What? Message Content What content is included in this message? How? Message Structure How was this message constructed? Who? Reputation Who is sending you this message? Where? Web Reputation Where does the call to action take you?

23 New types of spam More difficult to detect URL Passage from a text book 100% legitimate content URL is not that of Red Cross

24 Recent trends in Spam Average Daily Spam Volume (billions msgs) +110% % Spam with an Embedded Image +421%

25 Image-based spams techniques « Polka dots » make every message appear unique to signature-based anti-spam filters images broke down in sub-parts and then reassembled IronPort has unique techniques to detect these spams, including: « MPR »: Multidimensional Pattern Recognition

26 LabTests results: Catch Rate Results

27 Termination of IP-Symc partnership Letter sent by IronPort to customers on Friday, Oct. 19 Almost all customers migrated to IPAS by now for quality reasons In Q3: 6% BM attach rate ; 91% IPAS attach rate IPAS technical superiority, as confirmed by the tests conducted by independent lab: « LabTests »

28 The IronPort Spam Quarantine (ISQ) and the M-Series appliance No helpdesk calls –Self-service end-user spam quarantine –Web UI, Digest , Advanced Search –Authenticate users with LDAP, AD, or IMAP/POP –Automatic disk space management Flexible deployment –On-box or centralized quarantine with IronPort M-Series appliance

29 Best of Breed, Multi-layer Virus Defense IronPorts Virus Outbreak Filters stop outbreaks 14 hours ahead of signatures Sophos AntiVirus signature based solution with industry leading accuracy MANAGEMENT TOOLS PLATEFORME ASYNCOS MTA PREVENTIVE REACTIVE ANTI-VIRUS DEFENSE ANTI-SPAM DEFENSE CONTENT PROCESSING AUTHENTICATION

30 Todays Anti-Virus Solutions Inadequate Capture Virus Sample Issue Customer Alert Analyze Virus Sample Release Signature Update Signature Millions of infections occur during this period. Generic signatures dont always work. Anti-Virus Signature Release Timeline See booklet « The New Anti-Virus Formula » by John Dickinson:

31 How Virus Outbreak Filters Work IronPort Threat Operations Center (TOC) Continuous monitoring & analysis –Real-time & historical data visualization –Automated alerts –Human verification The IronPort gateway downloads the updated rules from the TOC every 5 minutes,… …and puts the concerned messages in the Quarantine (queue in the MTA) INSIDE THE TOC Expert team of skilled analysts Staffed 24 x 7 x languages spoken Documented & verified processes State-of-the-art tools & techniques Manager, Threat Operations Center

32 How Virus Outbreak Filters Work Dynamic Quarantine In Action T = 0 –zip (exe) files T = 5 mins -zip (exe) files -Size 50 to 55 KB. T = 10 mins –zip (exe) files –Size 50 to 55KB –Price in the name file T = 8 hours –Release messages if signature update is in place Messages Scanned & Deleted

33 The Virus Outbreak Filters advantage Medium additional protection time……………….. 14 hours Out of a total of blocked attacks……………………175 outbreaks * Feb 2005 –January 2006 **GMT Virus NameDateIronPort Protection Starts** First Anti-virus Signature Available** Outbreak Filter Lead Time Looksky.G1/6/062:32 PM2:12 AM (two days later)35:40 hours Nyxem-D (Kama Sutra)1/16/062:36 PM3:22 PM1:27 hours Sober-Z11/21/058:07 PM12:45 AM (the next day)4:38 hours Mabutu-A11/17/0512:58 AM1:24 PM12:26 hours Zotob.C8/16/051:56 AM4:47 AM2:51 hours Sober-N5/5/053:58 PM5:19 PM1:21 hours MyTob.G3/24/0511:30 PM12:58 PM (the next day)13:28 hours Multiple Bagle variants2/27/0510:39 AM4:22 AM (2 days later!)41:43 hours Mydoom.BB2/15/056:08 PM10:54 PM (the next day)28:46 hours Wurmark-D1/10/05 10:02 AM6:09 AM (the next day)20:05 hours

34 Virus Outbreak Filters recent results: eWEEK Review: September, 2006 Review Overview 5 month test by eWEEK, large independent, weekly IT magazine 1217 virus positive s stopped before AV signatures were available 48 separate virus variants blocked 0 false positives reported Review Quotes We never saw a false positive (Virus Outbreak Filters) effectively blocked messages containing viruses for which signatures didn't already exist - Mike Caton, Technical Writer Viral Messages Stopped: By Month Viral Messages Stopped: By Variant VOF blocked 100% of the new virus outbreaks in the past 5 months

35 IronPort Content Scanning Inbound/Outbound Message Filtering for Compliance MANAGEMENT TOOLS SPAM DEFENSE CONTENT PROCESSING VIRUS DEFENSE AUTHENTICATION ASYNCOS MTA PLATFORM Content filtering Compliance (e.g. SOX) Digital Rights Management – information leakage prevention Rules per user groups Encryption: IronPort acquires PostX

36 PostX: One Platform, Three Solutions PostX Secure Secure Desktop Messaging Push 1 PostX SecureDocument Statements, Invoices, etc. 2 PostX MessageCentre Integrated Customer Service Communication 3 PostX Envelope Offline, Registered and signed PostX S/MIME or PostX OpenPGP Certificate based mail Pull PostX WebSafe Webmail PostX Messaging Application Platform

37 Authentication MANAGEMENT TOOLS DEFENSE AGAINST SPAMs CONTENT PROCESSING DEFENSE AGAINST VIRUS AUTHENTICATION ASYNCOS MTA PLATFORM DomainKey Signing – Protection of Corporate Identity IronPort Bounce Verification – protection against bounce redirection attacks Directory Harvest Attack Prevention

38 IronPort DomainKeys Protects domain identity and protects against phishing Ensures the proper identity of the source domain More than 200 million mail boxes use DomainKeys Easy deployment (private key & DNS-based public key) Internet ISPs private public DNS

39 IronPort Bounce Verification Protects against bounce-message attacks All outgoing messages are stamped. Legitimate bounce messages coming back are recognized by this stamp Transparent and autonomous BV Internet BV +

40 Management tools Reduction in admin costs MANAGEMENT TOOLS DEFENSE AGAINST SPAMs CONTENT PROCESSING DEFENSE AGAINST VIRUS AUTHENTICATION ASYNCOS MTA PLATFORM Security Manager for unified policy management Centralized Management manage units around the world Mail Flow Monitor real time reporting Mail Flow Central centralized reporting and tracking

41 IronPort Security Manager Single view of policies for the entire organization IT SALES LEGAL Mark and Deliver Spam Delete Executables Archive all mail Virus Outbreak Filters disabled for.doc files Allow all media files Quarantine executables Security Manager serves as a single, versatile dashboard to manage all the services on the appliance. -- PC Magazine 2/22/05 Categories: by Domain, Username, or LDAP

42 IronPort Centralized Management Log in anywhere, control everywhere Interface assures configuration consistency Apply changes to a machine, group, or cluster Test on single system, promote to cluster IRONPORT CLUSTER San Jose Group SJ1 Machine SJ2 Machine SJ3 Machine Dublin Group D1 Machine D2 Machine D3 Machine Tokyo Group T1 Machine T2 Machine T3 Machine

43 Mail Flow Monitor


45 Customer case – Comverse 6,000 users

46 Example of protection at Danone Attempted SMTP connections Same origin ? Same IP? Ironport chez Groupe DANONE

47 Zooming on the specific domain Informations from Reputation Filters and from SenderBase Ironport chez Groupe DANONE

48 Graphe A single IP address tried to send 130,450 messages 1 2 Administrator : check case to blacklist the IP Ironport chez Groupe DANONE

49 Reduction in admin costs at Danone Administration –Administration is reduced to alert monitoring and update follow-up –Fast Tracking to search for any message Ironport chez Groupe DANONE

50 Example of Tracking Result Ironport chez Groupe DANONE

51 IronPort : Integrated Secured Gateways Security C Series Web Security S Series Security Management M Series

52 Malware: exploding phenomenon Source: iDefense Labs, November 2005 Growth in Keyloggers Total Reported Source : State Of Spyware Report, 2006 Number of spyware (in thousands) Spywares, Keyloggers, Chevaux de Troie, Botnets & Zombies, etc. 65% growth in 2005 vs Cost of a malware : 150$+ per PC per year + commercial risk + legal responsability

53 IronPort S Series: Web protection at 3 levels Filters content against Spyware Web Filtre le Malware Prevents « phone- home » calls to hosts outside Blocks access to infected sites

54 Architecture for a multi-layer Web security MANAGEMENT TOOLS IronPort L4 Traffic Monitor IronPort Anti-Malware System IronPort Web Reputation Filters IronPort AsyncOS Web Security Platform IronPort Policy Filters

55 1. Blocks access to infected sites: Web Reputation Blocks connection - infected sites - phishing - etc. Allows connection (good sites) Anti- Malware scanning

56 2. Filters malicious content: IronPort Anti-Malware System Anti-malware engine DVS Engine, supporting multiple verdict engines –Webroot –others High accuracy level Very high performance for scanning on the fly (content streaming) Zero administration REPUTATION-BASED VERDICT CACHING VERDICT ENGINE 1 VERDICT ENGINE 2 IRONPORT DVS ENGINE IRONPORT DVS ENGINE VERDICT ENGINE N

57 3. Detects & Blocks communications to outsite host servers: L4 monitor Detects any spyware or keylogger activity to an outsite host (phone home) –On any of the 65,535 ports –Working around port 80 2 modes: monitor only or monitor & block L4 TRAFFIC MONITOR PROXY IronPort S-Series Firewall Internet Port 80 XX XX

58 IronPort : Integrated Secured Gateways Security C Series Web Security S Series Security Management M Series

59 Centralized Spam Quarantine Centralized statistics / reporting / tracking for C and S Series IronPort M Series : management for C and S Series

60 DO NOT BELIEVE OUR WORD… CHECK IT OUT BY YOURSELF !! Free evaluation in production Be informed of all new virus alerts by registering on: For all information: Questions - Answers

61 The IronPort advantage New generation MTA –Performance, robustness, intelligence, easy integration to architecture Multi-layer Anti-Spam Protection –Reputation Filters: 70% of traffic blocked before entering the network –Content-level AS : efficient; no False Positive; zero administration; efficient against image-based spams; advanced Web Reputation concept Preventive Protection against viruses –On average 14 hours additional protection ahead of AV Dramatic decrease in administration costs –Administrative costs typically divided by 10 Market leadership and continued innovation

Download ppt "IronPort Email & Web Gateway Security Solutions PROTECTING OVER 300 MILLION EMAIL BOXES WORLDWIDE Frederic Benichou Director, South Europe, Middle-East."

Similar presentations

Ads by Google