Infinigate Security Day September 9 th 2011 Marcel Kooring Business Development Manager
Agenda Introduction Statistics from our yearly Work/Life survey. Challenges on the Internet – Web 2.0/Social Media – Data Leakage Benefits of the Web Gateway Benefits of the Gateway
Web 2.0 / Social Media 2
Facebook users? Raise your hand if you have a Facebook account! 3
Social Media in Denmark According to the European Union Denmark has 2,566,060 Facebook users on a total population of 5,515,575 citizens! That is a 46,5% penetration rate. 4
Results from our work/life research 80% of managers see the business benefits of the new social Web. 48% of managers have identified Web 2.0 usage as an issue of concern at management level. 19% of markets in 2011 report that their companies are engaged in blocking, as opposed to 9% in 2010 There is widespread concern about Web 2.0 among managers, with 57% expressing security concerns, 48% worried about loss of confidential data via employees 5
Web 2.0 benefits Wide variety of useful tools and services that people use in domestic and business life Communication is the most common benefit expected Web-enabled devices and Cloud based services drive usage forward The growth of social media for marketing is accelerating 6 41%+ Tweets per day Monthly Signups 52% 104% increase in Android apps 600k developers 900k apps 13B api requests per day
On the downside… Virus proliferation is much higher on Web than on Popular websites offer a greater chance of malicious infection We need Web Security Solutions to allow us to benefit from the web in a save way! 7
Today's Challenges 8 Even (large) trusted websites are being exploited Large sites, with lots of traffic are the ideal way to spread malware. Dynamic content / Web 2.0/ Social Media Web content is not controlled by a single webmaster anymore, but comes from many sources, is user generated and changes rapidly! Preferred attack vector –The web is becoming the attack vector of choice. Challenges: Number and types of sites increasing dramatically Legitimate sites are used to embed spyware and malware Proxy avoidance used widely to avoid URL categorization Encrypted end-to-end content cant be inspected Mashups aggregate content from multiple sites Static URL databases are increasingly ineffective HTTPS is being adopted widely Challenges: Number and types of sites increasing dramatically Legitimate sites are used to embed spyware and malware Proxy avoidance used widely to avoid URL categorization Encrypted end-to-end content cant be inspected Mashups aggregate content from multiple sites Static URL databases are increasingly ineffective HTTPS is being adopted widely
Spam and Malware Short lived success for the good guys 9
Malware 10
Data Leakage 11
Data Leakage The 4 main reasons of data leakage are: 1.Accidentally publishing information through or Web. So make sure you check all web and traffic 2.Malware designed to steel information. Make sure you protect yourself from malware that is mainly distributed by web and . 3.Hackers who break there way into networks. 4.Employees steeling information for personal gain 12
Data Leakage It is a multi headed monster Do not try to solve everything in one go! Pure-play DLP solutions are often very expensive and very complex......and until today they have failed to proof their value! Start with the obvious and start protecting you Web and traffic. Clearswift has 20 years of experience in this area and is probably one of few companies that actually have very large, high security customers protecting their information with Clearswifts products on a daily basis! 13
SECURE Web Gateway
Technology Overview Unified Web and security that offers easier management, shared policy and enhanced reporting across all web and based communications SECURE Gateway SECURE Web Gateway Integrated AV/Malware & Anti-SPAM Automated on-box encryption HTML, Web 2.0 and HTTPS traffic Integrated Cache, URL filtering, Anti-Virus/Malware & SPYware Introduction to Clearswift 15
Clearswift SECURE Web Gateway 16 Easy to use & manage 100% web-based GUI. Graphical drill-down reporting. Automatic security software updates. Easy to install – Up and running in under an hour. – Pre-configured with Default Standard Policy. Secure and resilient platform –Pre-built and supplied on Dell hardware. –Deployed on own hardware or as VMware. –Optimisation of Linux OS tuned for web gateway.
INBOUND THREATS 17
Complete Web Gateway protection 18 Anti-spyware Spyware call home prevention Tracking Cookie detection/removal MIMEsweeper content-aware policy engine – True binary signature file identification – Suspicious script analysis URL filtering – 77 categories, million of web sites – Security Risk Group – Malware, Phishing – Anonymous proxies Kaspersky Anti-virus/malware – Viruses, worms, Trojans and malicious code
Comprehensive URL filtering capabilities 19 URL Database – Millions of sites – 77 categories – Daily updates Real-time categoriser – Pornography – Anoynmizer – Hate, violence etc. Embedded URL detection – Google & Yahoo! Cached items – Google translation pages
DATA LOSS PREVENTION 20
Lexical Analysis 21 Detect and prevent document types being uploaded – Office, Open Office, Drawing formats – True signature based file recognition – Deep content inspection i.e. inside zips, embedded in documents Lexical content rules easily configured to search for words or phrases within: – Requested URL – Documents Excel, Word, etc. – Web Page or status updates – HTTP Headers
Full HTTPS content scanning and certificate policy Full content scanning of HTTPS/SSL encrypted data Detects malware or data leakage in encrypted HTTPS traffic Provides policy based certificate checking for added protection
COMPLIANCE
Data loss templates & compliance lists 24 Predefined regular expressions for PII (Personally Identifiable Information) and PCl (Personal Credit Information) – National insurance number – Credit card numbers – Social security number Editable compliance dictionaries – Gramm-Leach-Bliley Act (GLBA), Health Insurance Portability and Accountability Act (HIPAA), Securities and Equities Commission (SEC) and Sarbanes Oxley (SOX). Benefits – Easy to use (simply add to route) – No configuration errors
Interactive and scheduled reporting 25 Interactive drill downs
FLEXIBLE POLICIES 26
Easy to understand and use policy model 27 Policy Configuration – User authentication with NTLM or Kerberos – Policy based on Users, Content Rules & Routes – The Web policy protects Everyone Viruses, Spyware, dangerous payloads types such as executables Dubious types of site such as Pornography, Hacking, etc. Block uploading of office or confidential documents
Personalized user feedback 28 Block Pages – Policy violations Progress Pages – Informative feedback when downloading large files Acceptable Use Policy Page – Users are reminded at regular intervals with Accept button
29 Web Gateway Gateway Policy Fully conjoined policy updating
MANAGEMENT AND DEPLOYMENT 30
SNMP and SMTP alerting 31
32 Clearswift provides professional, intelligent and adaptable support and training services to meet the exacting needs of our enterprise Customers Clearswift Global Support (24x7 as standard) is provided to help with any questions or issues relating to your Clearswift deployment Technical information is available at anytime for our supported Customers from the Clearswift Knowledge Base We pride ourselves on exceeding Customers expectations.
Clearswift SECURE Gateway
SECURE Gateway Highly Scalable, Resilient Message processing suite – Security – Routing – Logging and Reporting Keeps the Spam and Viruses out – Multi-layer Malware control – Multi-layer Anti-spam, Phishing Prevents sensitive data leaks and maintain compliance – Pre-built dictionaries: PCI, PII, SEC, SOX, HIPAA – On-board encryption Prevents inappropriate usage – Pornography, profanity, copyright infringement Granular policies to ensure collaboration with right people – Provides consistent enforcement of AUP – AD integration Introduction to Clearswift - America's Growth Capital
INBOUND THREATS Introduction to Clearswift - America's Growth Capital
36 still remains a vector for viruses to propagate Many thousands of new viruses and variants are created daily Kaspersky Content Detection Zero- Hour Multi-layered Malware protection system
37 TRUSTmanager – global reputation network – Rejects 80-90% of all traffic before it reaches your gateway SpamLogic – delivers in total 99.6% accuracy rate – Multi-engine layered defence World class spam protection
38 Reputation Greylisting BATV Anti-Spoof RBL SPF Validate Sender LDAP Signatures (Junk/Bulk) CURBL Bayesian Anti-spam Engine 80-90%+ of spam rejected using these filters Connection/Network Level Checks Content Level Checks Multi-layered spam defences
39 Web Portal to permit users to release own messages Digests allow end users to perform simple tasks or they can connect to the portal 24x7 using their existing Windows credentials Per-user localisations: English, German, French, Italian, Spanish, Portuguese, Japanese, Traditional and Simplified Chinese End user message release
DATA LOSS PREVENTION 40
41 Files detected using true-file type technology Banned file types can be blocked or stripped from messages Selective scanning enables searches of areas of interest –Headers, Messages, Attachments (MS Office, Open Office, PDF, HTML) Powerful search criteria –Dictionaries for PCI, PII, Profanity, etc. –Expressions, Regular expressions and Operators ImageLogic to detect registered images from distribution Deep inspection – multiple ways to inspect message content
42 Received: from eric ([ ]) by prodman11.europe.clearswift.com (8.14.1/8.14.1) with SMTP id nB2MGP3d for Wed, 2 Dec :16:27 GMT Date: Wed, 2 Dec :16:25 GMT Message-Id: From: To: Subject: Here is a great document Hi Eric This is a really document, call me on Regards Alyn Here is my site Headers, footers and meta-data
43 Predefined regular expressions for PII (Personally Identifiable Information) and PCl (Personal Credit Information) –National insurance number –Credit card numbers –Social security number –IBAN numbers Editable Compliance dictionaries –GLBA, SOX, HIPAA, SEC, PCI, PII Data loss templates
Powerful regular expression engine Powerful expression list features permit customers to build up search patterns for detecting content leaks Regular expression engine combined by boolean and positional operators permit constructs such as – Credit card numbers NEAR expiry dates – Employee id AND postal code – Reference Number FOLLOWEDBY =1 Part Number 44
COMPLIANCE
46 Supports PGP, S/MIME and Password Protected messages Allows signing, encryption and decryption of messages Policy based encryption, i.e. by route or by content Opportunistic TLS for server to server communications Portal based encryption Encryption
47 On a policy route On a content rule Encryption by direction or content
FLEXIBLE POLICIES 48
49 Contents Rules to inspect the data applied to Policy Routes that define what is allowed over that communication channel Easy policy model
Content Rules Predefined Policy enables customers to get up and running quickly and easily Customers can build policies on – Encryption/Decryption* Signature validation – Active Content – Filenames – Textual Phrases in headers, body and attachments – Media Types – Spam – Unacceptable Images – Malware – Missing Managers – Message Size – Disclaimers 50
51 Track messages using extensive criteria Works across peer group Message Tracking across peers Export data into CSV file
52 Over 70 different reports available Scheduled or on-demand Built-in Reporting
53 Over 60 different alarms available SMTP and SNMP as standard System Alerting
CONCLUSION 54
Conclusion Clearswifts technology will enable your organisation to maximise the benefits from Web & while keeping out the security risks. We enable a safe and controlled way of taken the full benefit from Web 2.0 and Social Media Data Leakage Prevention is part of our standard offering
THANK YOU! ANY QUESTIONS? 56