Presentation is loading. Please wait.

Presentation is loading. Please wait.

F5 Message Security Module

Published byLillian Bryan Modified over 6 years ago

Similar presentations

Presentation on theme: "F5 Message Security Module"— Presentation transcript:

1 F5 Message Security Module
Presented by: Insert Name Insert Title

2 The Message Management Problem
Out of 75 billion s sent worldwide each day, over 70% is spam! The volume of spam is doubling every 6-9 months! Clogging networks Cost to protect is increasing TrustedSource Reputation Scores Nov 2005 Oct 2006 Higher score = worse reputation

3 Typical Corporate Pain
Employees still get spam Some are annoying, some are offensive Infrastructure needed to deal with spam is expensive! Firewalls Servers Software (O/S, anti-spam licenses, etc.) Bandwidth Rack space Power Budget doesn’t match spam growth Legitimate delivery slowed due to spam

4 Why is this happening? Spam really works!
Click rate of 1 in 1,000,000 is successful Spammers are smart professionals Buy the same anti-spam technology we do Develop spam to bypass filters Persistence through trial and error Blasted out by massive controlled botnets Professional spammers have Racks of equipment Every major filtering software and appliance available Engineering staff There must be a reason why this is happening. The reason is profit. Spammers make a lot of money by either selling their goods (or someone else’s goods) or profiting from artificially induced bumps in penny-stock prices (aka pump-and-dump schemes). Serious spammers are no longer rogue individuals. They are professional outfits with large budgets, serious engineering talent, and the drive to find new ways to get through the best anti-spam filters in order to deliver their goods. The response must be in kind – serious.

5 It’s not just annoying…it can be dangerous.
2% of all globally contains some sort of malware. Phishing Viruses Trojans (zombies, spyware)

6 High Cost of Spam Growth
Spam volume increases Bandwidth usage increases Load on Firewalls increases Load on existing messaging security systems increases s slow down Needlessly uses up rackspace, power, admin time… DMZ Firewall So why does all this matter anyway? Well traditionally the pain was (a) Annoyance of spam (b) Risk of malware carried in spam. But there is a new pain that is beginning to take center stage, and companies are complaining about it a lot: (c) Load on IT infrastructure. The amount of anti-spam licenses, anti-spam processing hardware, bandwidth, firewalls, rack space, power, etc required to deal with the geometric growth in spam is EXPENSIVE! Not to mention the hassle of having to administer all these systems! There must be a more efficient way to deal with Spam at these massive volumes right? Well there is. It involves breaking your spam filtering into two separate layers. The first layer to kill the most obvious spam by using IP reputation. Don’t even accept the connection. At the first packet, kill it so you don’t even have to receive the rest of the packets from that spam connection. The second layer to kill the not-so-obvious spam, and legitimate messages that may contain other security risks. This is the layer that is typically already in place in a company’s messaging infrastructure, but is being overwhelmed by volume. Messaging Security Servers

7 MSM Blocking At the Edge
Messaging Security Server Second Tier BIG-IP MSM First Tier s Mail Servers e hello Works with any Anti-Spam Solution X X Here’s a good animated explanation of how MSM works… - First the connection attempts to connect to deliver it’s SMTP message (e hello). Typically the server replies back “hello I’m here, go ahead and send what you’ve got”. - However in this case, before replying, BIG-IP checks the sender’s reputation score with TrustedSource (via the Internet). - When scores are good, it forwards it on to the next layer of security, the “messaging security” layer, for further filtering. - When scores are bad, it terminates the connection and sends and error code so the sender doesn’t try to keep re-sending the same message in an attempt to connect. X Terminating 70% of the Spam from the “e hello” X X Filters out 10% to 20% of Spam X X

8 Why TrustedSource? Industry Leader Superior technology Stability
Solid Gartner reviews & MQ IDC market share leader Superior technology Stability

9 TrustedSource: Leading IP Reputation DB
View into over 25% of traffic 50M+ IP addresses tracked globally Data from 100,000+ sources; 8 of 10 largest ISPs Millions of human reporters and honeypots

10 GLOBAL DATA MONITORING
TrustedSource GLOBAL DATA MONITORING AUTOMATED ANALYSIS IntelliCenter Brazil London Portland Atlanta Hong Kong Messages Analyzed per Month 10 Billion Enterprise 100 Billion Consumer Dynamic Computation Of Reputation Score The animation to this slide is as follows: - First what makes TrustedSource so good at giving accurate credit scores is the large number of sources providing data on a routine basis. - This data comes from information collected about who sent the , what was in the , and the general behavior of traffic across the network. - All of these billions of s are analyzed and processed using unique algorithms to determine that sender’s reputation *at that very moment* (dynamic). A lot of data goes into this computation, and that’s what makes it so accurate! Bad Good Global data monitoring is fueled by the network effect of real-time information sharing from thousands of gateway security devices around the world Animation slide

11 Shared Global Intelligence
Physical World CIA FBI Interpol Police Stations Intelligence Agents Deploy agents officers around the globe (Police, FBI, CIA, Interpol.) Global intelligence system Share intelligence information Example: criminal history, global finger printing system Results Effective: Accurate detection of offenders Pro-active: Stop them from coming in the country Atlanta Brazil London Hong Kong Portland IntelliCenter Cyber World Intelligent probes Deploy security probes around the globe (firewall, gateways, web gateways) Global intelligence system Share cyber communication info, Example: spammers, phishers, hackers Results Effective: Accurate detection of bad IPs, domains Pro-active: Deny connection to intruders to your enterprise Here’s an easy way to think about how TrustedSource works. It’s analogous to the world of police agencies. In the police-world, agencies around the world collaborate and share information about who the bad guys are. These come from many sources, but are typically aggregated into a few central repositories like Interpol. The same is true in the spam world. ISPs, companies and consumers are seeing spam on a daily basis. As they identify it and report back to TrustedSource, TrustedSource becomes smarter and more effective. Ultimately, the quality of any reputation system depends on the sheer volume of traffic it gets to see. TrustedSource sees one out of every four s globally, so it’s very hard to beat the quality of TrustedSource scores!

12 TrustedSource Identifies Outbreaks Before They Happen
11/01/05: This machine began sending Bagle worm across the Internet 11/03/05: Anti-virus signatures were available to protect against Bagle Two months earlier, TrustedSource identified this machine as not being trustworthy 9/12/05 TrustedSource Flagged Zombie 11/02/05 Other Reputation Systems Triggered 11/03/05 A/V Signatures Why is reputation useful? The primary message of this presentation is that reputation can be used at high-speed to eliminate spam and reduce the load on your network. However there are a few other benefits shown in the next two slides. The first is speed of identification of risks. The second is quality of filtering. Here’s an interested story related to the speed of identification of risks. On November 1, 2005, the worm “bagle” started infecting computers and traveling across the Internet. On November 3, two days later, the major anti-virus vendors had produced the necessary signature to identify and filter-out s containing the bagle virus. HOWEVER…Back on September 12, TrustedSource had already identified the zombies that were used to propagate this virus, and were already filtering out ANY AND ALL s from those zombie computers. If you were using TrustedSource, you would have been protected the entire time. If you were using a typical AV vendor, you would have been exposed for 48 hours, which may not sound like much, but can be a long time in the world of rapidly-spreading viruses.

13 Content Filters Struggle to ID certain spam
As mentioned before, another benefit of using MSM is the quality of its filtering capabilities. Spammers are getting smart, and can always find loopholes to get around the filtering “artificial intelligence”. Here’s an example where the same spam changes each time it gets sent… and they add random text to make it appear to content filters like a real (“hashbusting”). Sneaky stuff, but it can’t get through TrustedSource because TrustedSource doesn’t care what’s in the . Only who sent it. And the facts are the dis-reputable senders pretty much never send good , and reputable senders pretty much never send bad . That makes reputation a good filtering mechanism, AS LONG AS YOUR REPUTATIONS ARE UP-TO-THE-MINUTE ACCURATE. Outdated RBL’s (reputation black lists) are useless because of this, and widely disregarded nowadays.

14 Image-based spam Hashbusting Scratches
Here’s an interesting example of image-based spam. No actual words to filter out here, just a picture of words. Not only that, but the spammers make each image unique by adding scratches and scuffs randomly to each image, thereby making it impossible to identify one just because you identified the other as spam (image hashbusting). Again, pretty sneaky, but when you consider that spammers have all the right tools and patience to find ways around content-inspecting filters, you see that content inspection is a game that will go in circles forever.

15 Summary of Benefits Eliminate up to 70% of spam upon receipt of first packet Reduce Cost for Message Management TMOS Module – High performance Cost effective spam blocking at network edge Integrated into BIG-IP to avoid box proliferation Improved Scaleability and Message Control Reputation Based Message Distribution and Traffic Shaping Slightly increase kill-rate on unwanted

16 Packaging BIG-IP LTM Only Version Support: 9.2 and higher
License Tiers MSM for over 100,000 Mailboxes MSM for up to 100,000 Mailboxes MSM for up to 75,000+ Mailboxes MSM for up to 50,000 Mailboxes MSM for up to 25,000 Mailboxes MSM for up to 10,000 Mailboxes MSM for up to 5,000 Mailboxes MSM for up to 1,000 Mailboxes BIG-IP LTM Only Version Support: 9.2 and higher Module May be added to any LTM or Enterprise No Module incompatibilities with other Modules Licensed per BIG-IP by number of mailboxes BIG-IP Platform sizing depends on: volume Number of BIG-IP’s Other functions expected of BIG-IP (additional taxes on CPU time)

17

18 Additional Info

19 Drop first & subsequent packets
How BIG-IP MSM Works Secure Computing Trusted Source™ IP Reputation Score DNS Query Existing Messaging Security Slow Pool 20% Suspicious? Existing Messaging Security 20% Good? Servers 10% Trusted? Fast Pool Internet Error Msg for clean termination 70% Bad? Drop first & subsequent packets Delete Message 10% Bad? Animation slide

20 Spam Volumes Out of Control
% of Worldwide that is Spam 85% Percent Spam 70% Nov 2005 Oct 2006

21 Hard-to-detect Image Spam is Growing
Percent of Total 2006

22 Reputation-based Security Model
Computing Credit Track Compile Compute Use Businesses & Individuals Physical World Business Transactions Credit Score Allow / Deny Credit Loan LOC Credit terms Timely payment Late payment Transaction size Purchases Mortgage, Leases Payment transactions Cyber World IPs, Domains, Content, etc. Cyber Communication Reputation Score Allow / Deny Communication Stop at FW, Web Proxy, Mail gateway Allow Quarantine Good IPs, domains Bad Grey – marketing, adware exchanges Web transaction URLs, images

Download ppt "F5 Message Security Module"

Similar presentations

Providing protection from potential security threats that exist for any internet-connected computer is termed e- security. It is important to be able to.

Providing protection from potential security threats that exist for any internet-connected computer is termed e- security. It is important to be able to.
Thank you to IT Training at Indiana University Computer Malware.

Thank you to IT Training at Indiana University Computer Malware.
Dr. John P. Abraham Professor UTPA 2 – Systems Threats and Risks.

Dr. John P. Abraham Professor UTPA 2 – Systems Threats and Risks.
How do Networks work – Really The purposes of set of slides is to show networks really work. Most people (including technical people) don’t know Many people.

How do Networks work – Really The purposes of set of slides is to show networks really work. Most people (including technical people) don’t know Many people.
Network Security. Network security starts from authenticating any user. Once authenticated, firewall enforces access policies such as what services are.

Network Security. Network security starts from authenticating any user. Once authenticated, firewall enforces access policies such as what services are.
S EC (4.5): S ECURITY 1. F ORMS OF ATTACK There are numerous way that a computer system and its contents can be attacked via network connections. Many.

S EC (4.5): S ECURITY 1. F ORMS OF ATTACK There are numerous way that a computer system and its contents can be attacked via network connections. Many.
Kaspersky Open Space Security: Release 2 World-class security solution for your business.

Kaspersky Open Space Security: Release 2 World-class security solution for your business.
Barracuda Spam & Virus Firewall. Introduction to the Barracuda Spam & Virus Firewall Complete email server protection –Spam Blocking (95+ percent) Extremely.

Barracuda Spam & Virus Firewall. Introduction to the Barracuda Spam & Virus Firewall Complete server protection –Spam Blocking (95+ percent) Extremely.
1 Computer Security: Protect your PC and Protect Yourself.

1 Computer Security: Protect your PC and Protect Yourself.
EDUCAUSE Security 2006 Internet John Brown University.

EDUCAUSE Security 2006 Internet John Brown University.
Norman SecureTide Powerful cloud solution to stop spam and threats before it reaches your network.

Norman SecureTide Powerful cloud solution to stop spam and threats before it reaches your network.
Norman SecureSurf Protect your users when surfing the Internet.

Norman SecureSurf Protect your users when surfing the Internet.
CS101 Lecture 14 Security. Network = Security Risks The majority of the bad things that can be done deliberately to you or your computer happen when you.

CS101 Lecture 14 Security. Network = Security Risks The majority of the bad things that can be done deliberately to you or your computer happen when you.
May 19-20 l Washington, DC l Omni Shoreham The ROI of Messaging Security JF Sullivan VP Marketing, Cloudmark, Inc.

May l Washington, DC l Omni Shoreham The ROI of Messaging Security JF Sullivan VP Marketing, Cloudmark, Inc.
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public ITE PC v4.0 Chapter 1 1 Basic Security Networking for Home and Small Businesses – Chapter 8.

© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public ITE PC v4.0 Chapter 1 1 Basic Security Networking for Home and Small Businesses – Chapter 8.
Detrick Robinson & Amris Treadwell.  Computer viruses- are pieces of programs that are purposely made up to infect your computer.  Examples: › Internet.

Detrick Robinson & Amris Treadwell.  Computer viruses- are pieces of programs that are purposely made up to infect your computer.  Examples: › Internet.
Malicious Code Brian E. Brzezicki. Malicious Code (from Chapter 13 and 11)

Malicious Code Brian E. Brzezicki. Malicious Code (from Chapter 13 and 11)
Hacker Zombie Computer Reflectors Target.

Hacker Zombie Computer Reflectors Target.
By : Himanshu Mishra Nimish Agarwal CPSC 624.  A system designed to prevent unauthorized access to or from a private network.  It must have at least.

By : Himanshu Mishra Nimish Agarwal CPSC 624.  A system designed to prevent unauthorized access to or from a private network.  It must have at least.
Threat to I.T Security By Otis Powers. Hacking Hacking is a big threat to society because it could expose secrets of the I.T industry that perhaps should.

Threat to I.T Security By Otis Powers. Hacking Hacking is a big threat to society because it could expose secrets of the I.T industry that perhaps should.

Similar presentations

Ads by Google