Sushant Rao, Senior Product Manager Emerging Threats: Stop Spam, Virus, and Phishing Outbreaks through End-to-End Attack Monitoring
2 Threats Are More Complex & Dangerous
3 Typical Attacks Are Worldwide Events
4 Attack Lifecycle
5 Typical Approaches in Security Sender Reputation Message Content Attachment
Real Spam Attack
7 Messages Scored: What’s the Right Number? Re: Loan info - 15 years 6.0% You are pre-approved Spam that hit user’s inbox Legitimate caught by filter
8 Reputation Services Sender ID Framework Validates sender’s claimed identity Reputation Service Evaluates sender’s reputation
9 Content Evaluation (Bayesian)
10 Community Response
11 Content Analysis 80% effectiveness 0.5% false positive rate There’s No One Way Sender ’ s Identification & Reputation 70% effectiveness 1.0% false positive rate Community Response 75% effectiveness 0.25% false positive rate
12 Chained: High Effectiveness, High False Positive 70% effectiveness 1.0% false positive rate 75% effectiveness 0.25% false positive rate 80% effectiveness 0.5% false positive rate Overall 70% Effectiveness 1.0% False Positive Rate
13 Chained: High Effectiveness, High False Positive 70% effectiveness 1.0% false positive rate 75% effectiveness 0.25% false positive rate 80% effectiveness 0.5% false positive rate Overall 94% Effectiveness 1.5% False Positive Rate
14 Chained: High Effectiveness, High False Positive 70% effectiveness 1.0% false positive rate 75% effectiveness 0.25% false positive rate 80% effectiveness 0.5% false positive rate Overall 98% Effectiveness 1.75% False Positive Rate (1 in 50)
15 Messages Judged: Good, Spam, or Likely Spam Overall 98% Effectiveness 0.0% False Positive Rate for Definite
Real Virus Attack
17
18
19 Virus Attack Timeline Time
20 Decisive Anti-Virus Technology
21 Responsive Anti-Virus Technology
22 Predictive Anti-Virus Technology
23 Multiple Technologies Detect & Protect Conventional Signature ProtectionSimulation Behavior Monitoring & Pattern Heuristics MailFrontier Time Zero Virus Technology
24 Time Zero Virus Technologies Deceptive File Type Detection invoice.txt really invoice.exe Statistical Attachment Analysis picture.jpg.exe
25 Time Zero Virus Technologies Deceptive File Type DetectionStatistical Attachment Analysis MIME Exploit Protection Dangerous Attachment Blocking.exe.bat.pif picture.jpg.exe resume.bat File name is picture.jpg File type is.exe
26 Statistical Attachment Analysis TXT.JPG.DOC.EXE Gateway Server invoice.txt ?? ORIs it invoice.txt?Is it invoice.exe?
27 Statistical Attachment Analysis Gateway Server invoice.txt == invoice.exe OR.TXT.JPG.DOC.EXE
Real Phishing Attack
29 Consumer Phish
30 Phishing for Enterprise Information
31 Phishing is Not Spam
32 A Phishing Attack Sending Machines Phish Web Sites Receivers Mary Tomas Andy Tonia George John Frank Tim Herman Luann Ramona Evan Jan Scott Venkat Charlie Phil Elisa Dom Joe Lana June Chao Vadim Oliver
33 Phishing Protection
Other Enterprise Threats
35 Zombies – Compromised Internal Nodes Mail Server Enterprise Network Internet X Only legitimate s are sent s from Zombies are identified and quarantined
36 Directory Harvest Attacks Enterprise Network
37 Outbound Compliance – Regulatory & Corporate CONFIDENTIAL Mail Server Enterprise Network Virus Policy Violation CONFIDENTIAL Disguised Text C*NFIDENTIAL Only legitimate s are sent
MailFrontier Gateway
39 MailFrontier Cognite: End-To-End Attack Monitoring
40 MailFrontier – Security Against All Threats
41 MailFrontier – All Threats, 1 Product Typical Mail Data Center Mail Data Center Consolidated with MailFrontier Gateway e.g. Microsoft Exchange
42 MailFrontier: Effortless Control Powerful Reporting Provides Quick Insight
43 MailFrontier:High Performance
Enterprise Customers 98% Retention HealthcareTransportation Nonprofit Retail Education Real Estate Hospitality Financial Services Software Media/Publishing Pharmaceutical TelecommunicationsManufacturing Technology Government Consumer Goods Financial Services Retail Media/Publishing Consumer Goods
45 Extraordinary Awards & Reviews NetworkWorld Top-Rated Enterprise Anti-Spam Software “…MailFrontier’s ASG put up some impressive results in terms of blocking spam and letting legitimate mail pass.” – September 15, 2003 Recommends MailFrontier be included on “Short List” of products evaluated for large-scale, high-performance anti-spam systems – December 20, 2004 Red Herring Top 100 Private Companies/Innovators Recognizing the company for its innovation and strategy – May 2004 and December 2004 CRN Recommended “MailFrontier's hands-off approach can help ease the administration burden on IT departments.” – June 7, 2004 InfoWorld Rated Excellent “MailFrontier had the easiest installation…provides lots of control to the admin…[and] provides excellent accuracy.” – September 27, 2004 IT WEEK Editor’s Choice – 5 out of 5 Stars “MailFrontier Gateway Appliance m500 setup was easy…and took less than an hour..lt really blocks all unwanted .” – June 6, 2005
46 MailFrontier - The Leader in Security Best Protection Effortless Control High Performance Appliances Software
47 Powerful Protection without Complexity “MailFrontier offered me a solution that delivered on every front.” -- Kristi Reese Exchange Administrator