1. IronPort Email & Web Gateway Security Solutions
PROTECTING OVER 300 MILLION BOXES WORLDWIDE
Frederic Benichou
Director, South Europe, Middle-East & Africa
IronPort Systems

2. IronPort Consolidates the Email Perimeter
Before IronPort
IronPort Security Appliance
After IronPort
Internet
Users
Groupware
Firewall
Internet
Firewall
MTAs
Anti-Spam
Anti-Virus
Policy Management
Mail Routing
Groupware
Users

3. IronPort: Industry Leadership
Global Leadership
Founded in 2000, based in San Bruno, CA
35 offices in 25 countries
Approx 380 people
Analyst Leadership
Recognized as leader by Gartner, Meta, IDC, Forrester, Bloor
Customer Leadership
About 3000 customers in 75 countries
8 of the 12 largest ISPs
20%+ of the largest Enterprises (Global 2000)
300+ millions mail boxes protected
US Armed Forces & Government
Technology Leadership
First with custom, high performance MTA
First with Reputation Filtering (SenderBase)
First with Virus Outbreak Filters

4. Sample customers in France
10,000 bal
1,000 bal
Cipa
MACSF
Comexpo
SNC Gestor

5. Case Study: Société Générale

6. Multi-Layered Security Preventive + Reactive = Defense in Depth
Traditional security is REACTIVE
- E.g., content filtering for spam
- E.g., virus scanning based on known signatures
- These methods require that the threat has been seen before, and the filter gets updated with that information
REACTIVE filter are not enough because:
- You need this because threats are changing so fast, reactive services don’t always move fast enough
- the load on the infrastructure requires that you do high- performance filtering BEFORE the CPU intensive content filtering
PREVENTIVE filters provide much faster response times and higher performance
Best approach is a cocktail of the two
Higher accuracy of REACTIVE filters allows definitive actions (like deleting the message
The question now is how is IronPort able to create these Preventive Filters?
Immediate Reaction to Threats
Extremely High Performance
Coarse Outer Layer
Blocks or Rate Limits
Adapts Over Time
Computationally Intensive
Fine-grained Inner Layer
Delete or Quarantine

7. SenderBase® / Threat Operations Center
TOC
Team of security experts
• Global volume data
• Message composition data
• Spam traps, complaints
• Blacklists, whitelists
• Compromised host lists
• Open proxy lists
• Offline data (F500, ISP, NSP, govt.)…
Sender Reputation
Score
90+
Parameters
Détaillons un peu tout d’abord Senderbase. SenderBase collecte des informations provenant de plus de 25% du trafic et Internet mondial. Ces informations sont stockées selon un certain nombre de paramètres, et permettent de donner des notes de réputation aux émetteurs d’ s comme aux sites Web. SenderBase reçoit des contributions de plus de réseaux à travers le monde.
Ces informations génèrent ensuite des règles de sécurité automatiques, règles vérifiées par nos experts analystes du Threat Operations Center, validées ou modifiées puis envoyées aux boîtiers IronPort installés chez nos clients.
Web Reputation
Score
• URL blacklists and whitelists
• HTML Content Data
• Domain Registrar Information
• Compromised Host Lists
• Network Owners
• Known Threats URLs
• Web Site History…
45+
Parameters

8. IronPort : Integrated Secured Gateways
Security  C Series
Web Security  S Series
Security Management  M Series

9. IronPort Email Security Appliances
High Performance Security Appliances Stopping Spam, Viruses and Other Threats, Enforcing Policies, and Reducing Admin Costs for Enterprises and Service Providers
IronPort X1000
IronPort C10
IronPort C300/C600

10. IronPort Architecture for Multi-Layered Email Security
OUTILS D’ADMINISTRATION
MANAGEMENT TOOLS
DEFENSE
AGAINST
SPAMs
DEFENSE
AGAINST
VIRUS
CONTENT PROCESSING
AUTHENTICATION
ASYNCOS™ MTA PLATFORM
ASYNCOS™ MTA PLATFORM

11. AsyncOS™ Unmatched Scalability and Security
MANAGEMENT TOOLS
DEFENSE
AGAINST
SPAMs
DEFENSE
AGAINST
VIRUS
CONTENT PROCESSING
AUTHENTICATION
ASYNCOS™ MTA PLATFORM
AsyncOS scalable and secure OS optimized for messaging
Identity Protection secures enterprise identity
Standards-based Integration replaces legacy systems with ease

12. AsyncOS™ Revolutionary MTA Platform
Traditional Gateways And Other Appliances
IronPort Security Appliance
200
Incoming/Outgoing
Connections
Low Performance/ DoS Potential
10,000 Incoming/Outgoing
Connections
High Performance/ Sure Delivery
Single Queue
For all Destinations
Queue Backup Delays All Mail
Per-Destination Queues
Fault-Tolerance and Custom Control

13. AsyncOS™ Advanced Email Identity Protection
Directory Harvest Attack Prevention
Virtual Gateway Technology
Intelligent Bounce Handling
Protects Against: Theft of your user database by spammers
Unique Advantage: Integrates with SenderBase™ to track global attacks
Protects Against: Inadvertent blockage of your corporate mail
Unique Advantage: Provides up to 256 unique IP addresses per appliance
Protects Against: Blacklisting of your IPs from intentional NDRs
Unique Advantage: Distinct IPs for NDRs, In-conversation recipient checking

14. AsyncOS™ Standards Based Integration
LDAP
Integrates with all standard LDAP servers including Active Directory™
Carrier-class client and cache on-box
DNS
High performance client resolves millions of record per hour
Configure separate DNS servers per domain
Advanced Networking
802.1Q VLAN Tagging for network security
NIC failover for redundancy
Loopback interfaces for load balancer integration
Essential Mail Operations
Alias, masquerade, and routing tables
Powerful header operations
Store tables on box or in LDAP directory

15. Best of Breed, Multi-layer Spam Defense
OUTILS D’ADMINISTRATION
MANAGEMENT TOOLS
ANTI-SPAM DEFENSE
DEFENSE
CONTRE
VIRUS
FILTRAGE DE
CONTENU
AUTHENTIFICATION
ANTI-VIRUS DEFENSE
CONTENT PROCESSING
AUTHENTICATION
PREVENTIVE
REACTIVE
ASYNCOS™ MTA PLATFORM
PLATEFORME ASYNCOS™ MTA
IronPort’s Reputation Filters – the outer layer defense
IronPort Anti-Spam - stops the broadest array of threats – spam, phishing, fraud

16. Good, Bad, and “Grey” or Unknown Email
IronPort Reputation Filters Stop 80% of Hostile Mail at the Door….
• Known good is delivered
• Suspicious (ex. Score = -4 to -1): limit the rate
& pass thru Anti-Spam filter
Reputation Filtering
Anti-Spam
Engine
Incoming Mail
Good, Bad, and “Grey” or Unknown
• Known bad (ex. Score = -10 to -4): connection rejected
Senderbase
IronPort uses identity & reputation to apply policy
Sophisticated response to sophisticated threats

17. A wide sample of parameters, for a reliable assessment of Reputation
Good Reputation
Only Sending to Valid Recipients
Good Sending History
Reverse DNS Works
Average
Reputation
SenderBase tracks over 90 factors about a sender, 10x more than other vendors. We get a complete view of who is sending you .
Because of the different factors we track from so many data sources, IronPort Reputation Filters has the highest accuracy of any reputation system.
Just a single negative factor will not necessarily result in an extremely poor score- it needs to be correlated with other negative factors. For example, somebody could be blacklisted, but
Based on real-time analysis, IronPort can determine the relative weight of different anomalies- rather than continuing to rely on factors for which spammers may have developed counter-measures
Volume Spike
Blacklisted
System Tolerant of Anomalies
Poor Reputation

18. Positive & Negative Reputation
Graphical representation of SBRS groups
Shows the customer that we are a comprehensive system- it’s not just about bad senders, but the full continuum. Very few of our competitors actually assign scores to senders – they just renames their blacklists and whitelists reputation filters.
Fire and forget- once they set up their policy, they don’t have to continually update an RBL (or worry about FPs- this is a strong benefit for SMBs)

19. Customer case – Marseille-Nice Universities 30,000+ users
Universités Numériques Région PACA

20. IronPort Reputation Filters Dell Case Study
Dell’s challenge:
Dell currently receives 26M messages per day
Only 1.5M are legitimate messages
68 existing gateways running Spam Assassin were not accurate
IronPort solution:
Reputation filters block over 19M messages per day
5.5M messages per day scanned by Symantec Brightmail
Replaced 68 servers with 8 IronPort C60s
Accuracy of spam filtering increased 10x
Servers consolidated by 70%
Operating costs reduced as much as 75%
“IronPort has increased the quality and reliability of our network operations, while reducing our costs.”
-- Tim Helmsetetter Manager, Global Collaborative Systems Engineering and Service Management, Dell Corporation
Walkthrough the Dell case study.

21. IronPort Anti-Spam™: High Performance, No Administration
Leading Efficacy
CASE (Content Adaptive Scanning Engine) optimized for blended threats
Multiple sources
Industry leading throughput
Virtually Zero False Positives
Approx 1 in 1 million
No administrative burden
Install and walk away
Automatic filter updates, no tuning required
System adapts to new threats without manual tweaking of rules
Score
How?
Structural Analysis
What?
Content Analysis
Where?
Web Reputation
Who?
Reputation
IronPort CASE™

22. IronPort’s Context Adaptive Scanning Engine (CASE)
Anti-Spam
Competitive
Solutions
What? Message Content What content is included in this message?
How? Message Structure How was this message constructed?
Who? Reputation
Who is sending you this message?
Where? Web Reputation
Where does the call to action take you?

23. New types of spam More difficult to detect
URL is not that of Red Cross
URL
100% legitimate content
Passage from a text book

24. Recent trends in Spam Average Daily Spam Volume (billions msgs) +110%
% Spam with an Embedded Image
+421%

25. Image-based spams techniques
« Polka dots » make every message appear unique to signature-based anti-spam filters
images broke down in sub-parts and then reassembled
IronPort has unique techniques to detect these spams, including:
« MPR »: Multidimensional Pattern Recognition

26. LabTests results: Catch Rate Results
Spam catch rate is measured as the number of spam messages caught, divided by the total number of spam messages received. Over a one month test period ending on October 19th, IronPort Anti-Spam caught an average of 97.1% of
spam, compared to 93.7% for Symantec Brightmail. This means that an average end-user with Symantec Brightmail would have received approximately twice as much spam in their inbox (6.7%) compared to IronPort Anti-Spam (2.9%). These statistics were calculated based on a random sample of spam messages received by “spamtrap” accounts managed by IronPort. Symantec Brightmail’s catch rate was also closely correlated with the amount of image spam received. As the graph illustrates, Symantec Brightmail’s capture rate (the red line) fell significantly in early October as the percentage of spam with embedded images (the yellow line) increased.

27. Termination of IP-Symc partnership
Letter sent by IronPort to customers on Friday, Oct. 19
Almost all customers migrated to IPAS by now for quality reasons
In Q3: 6% BM attach rate ; 91% IPAS attach rate
IPAS technical superiority, as confirmed by the tests conducted by independent lab: « LabTests »

28. The IronPort Spam Quarantine (ISQ) and the M-Series appliance
No helpdesk calls
Self-service end-user spam quarantine
Web UI, Digest , Advanced Search
Authenticate users with LDAP, AD, or IMAP/POP
Automatic disk space management
Flexible deployment
On-box or centralized quarantine with IronPort M-Series appliance
In the end though, a spam quarantine is a crutch for a poor spam engine. IronPort’s accuracy is such that most customers stop using the quarantine after only a couple of weeks.

29. Best of Breed, Multi-layer Virus Defense
MANAGEMENT TOOLS
ANTI-VIRUS DEFENSE
ANTI-SPAM DEFENSE
PREVENTIVE
CONTENT PROCESSING
AUTHENTICATION
REACTIVE
PLATEFORME ASYNCOS™ MTA
IronPort’s Virus Outbreak Filters stop outbreaks 14 hours ahead of signatures
Sophos AntiVirus signature based solution with industry leading accuracy

30. Today’s Anti-Virus Solutions Inadequate
Millions of infections occur during this period.
Anti-Virus Signature Release Timeline
Capture
Virus Sample
Issue
Customer Alert
Analyze
Virus Sample
Release
Signature
Update
Signature
~10,700 new viruses, worms & trojans
Generic signatures don’t always work.
See booklet « The New Anti-Virus Formula » by John Dickinson:

31. How Virus Outbreak Filters Work IronPort Threat Operations Center (TOC)
Continuous monitoring & analysis
Real-time & historical data visualization
Automated alerts
Human verification
The IronPort gateway downloads the updated rules from the TOC every 5 minutes,…
…and puts the concerned messages in the Quarantine (queue in the MTA)
Manager, Threat Operations Center
INSIDE THE TOC
Expert team of skilled analysts
Staffed 24 x 7 x 365
32 languages spoken
Documented & verified processes
State-of-the-art tools & techniques

32. How Virus Outbreak Filters Work Dynamic Quarantine In Action
Messages
Scanned &
Deleted
T = 0
zip (exe) files
T = 5 mins
-zip (exe) files -Size 50 to 55 KB.
T = 10 mins
zip (exe) files
Size 50 to 55KB
“Price” in the name file
T = 8 hours
Release messages if signature update is in place
Additionally with 2.0 we have introduced the notion of Dynamic Quarantining:
IronPort’s unique Dynamic Quarantine allows Outbreak Filters to immediately quarantine viral messages based on limited information.
Only Outbreak Filters continuously re-scans and re-evaluates quarantined messages based on the latest, increasingly fine-grained rules, resulting in a minimal cost of coarse filtering or misclassifications. Other solutions hold messages for up to days, prior to releasing the message to its intended recipient.
This example walks you through the lifecycle of a typical outbreak in a 2.0 solution: Initially at time T=0, a message could be quarantined due to an Adaptive Rule or an Outbreak Rule that is coarse. As time goes on and the outbreak progresses and more information is available to the TOC to issue granular rules, messages that no longer meet the criteria get released automatically.
By doing this and also by publishing finer grained rules that target file size, file type, filenames, message URLs and a lot more, we have addressed a significant concern of several customers about quarantining benign messages.
Also, we can now publish an AV signature rule that will release messages automatically before the expiration time, if the AV vendor claims that there is an updated signature in place to address that outbreak.

33. The Virus Outbreak Filters advantage
Virus Name
Date
IronPort Protection Starts**
First Anti-virus Signature Available**
Outbreak Filter Lead Time
Looksky.G
1/6/06
2:32 PM
2:12 AM (two days later)
35:40 hours
Nyxem-D (Kama Sutra)
1/16/06
2:36 PM
3:22 PM
1:27 hours
Sober-Z
11/21/05
8:07 PM
12:45 AM (the next day)
4:38 hours
Mabutu-A
11/17/05
12:58 AM
1:24 PM
12:26 hours
Zotob.C
8/16/05
1:56 AM
4:47 AM
2:51 hours
Sober-N
5/5/05
3:58 PM
5:19 PM
1:21 hours
MyTob.G
3/24/05
11:30 PM
12:58 PM (the next day)
13:28 hours
Multiple Bagle variants
2/27/05
10:39 AM
4:22 AM (2 days later!)
41:43 hours
Mydoom.BB
2/15/05
6:08 PM
10:54 PM (the next day)
28:46 hours
Wurmark-D
1/10/05
10:02 AM
6:09 AM (the next day)
20:05 hours
Medium additional protection time……………….. 14 hours
Out of a total of blocked attacks……………………175 outbreaks
* Feb 2005 –January **GMT

34. Virus Outbreak Filters recent results: eWEEK Review: September, 2006
VOF blocked 100% of the new virus outbreaks in the past 5 months
Review Overview
5 month test by eWEEK, large independent, weekly IT magazine
1217 virus positive s stopped before AV signatures were available
48 separate virus variants blocked
0 false positives reported
Viral Messages Stopped: By Month
Viral Messages Stopped: By Variant
Review Quotes
“We never saw a false positive”
“(Virus Outbreak Filters) effectively blocked messages containing viruses for which signatures didn't already exist”
- Mike Caton, Technical Writer

35. IronPort Content Scanning Inbound/Outbound Message Filtering for Compliance
MANAGEMENT TOOLS
SPAM DEFENSE
VIRUS DEFENSE
CONTENT PROCESSING
AUTHENTICATION
ASYNCOS™ MTA PLATFORM
Content filtering
Compliance (e.g. SOX)
Digital Rights Management – information leakage prevention
Rules per user groups
Encryption: IronPort acquires PostX

36. PostX: One Platform, Three Solutions
“Pull”
PostX WebSafe
Webmail 1
PostX Secure
Secure Desktop Messaging
PostX Envelope
Offline, Registered and signed
PostX SecureDocument
Statements, Invoices, etc. 2
PostX MessageCentre
Integrated Customer
Service Communication 3
PostX S/MIME or PostX OpenPGP
Certificate based mail
“Push”
PostX Messaging Application Platform

37. Email Authentication MANAGEMENT TOOLS
DEFENSE
AGAINST
SPAMs
DEFENSE
AGAINST
VIRUS
CONTENT PROCESSING
AUTHENTICATION
ASYNCOS™ MTA PLATFORM
• DomainKey Signing – Protection of Corporate Identity
• IronPort Bounce Verification – protection against bounce redirection attacks
• Directory Harvest Attack Prevention

38. IronPort DomainKeys Protects domain identity and protects against phishing
Internet
ISPs
private
public
DNS
DomainKeys:
The domain owner (typically the team running the gateway) uses the IronPort Security Appliance to automatically generate a public/private key pair to use for signing all outgoing messages. The public key is published in DNS, and the private key is stored on the IronPort appliance.
When each is sent by a specified end-user within the domain, the IronPort appliance automatically uses the stored private key to generate a digital signature of the message. This signature is then pre-pended as a header to the , and the is sent on to the target recipient's mail server.
Ensures the proper identity of the source domain
More than 200 million mail boxes use DomainKeys
Easy deployment (private key & DNS-based public key)

39. IronPort Bounce Verification™ Protects against bounce-message attacksBV
Internet BV +
All outgoing messages are stamped.
Legitimate bounce messages coming back are recognized by this stamp
Transparent and autonomous
Deuxième fonctionnalité d’authentification du boitier : IronPort Bounce Verification. Le boîtier va estampiller tous les s sortants, ce qui lui permettra ensuite de savoir si, lorsqu’un message d’erreur est envoyé en retour, le message original provient bien d’un utilisateur de l’entreprise. Si un message d’erreur qui se présente n’a pas ce tampon IronPort, le boitier en déduira qu’il provient d’une attaque de redirection de message d’erreur et il sera rejeté. Ainsi vous êtes certains que les messages d’erreur réels sont bien délivrés à vos utilisateurs, mais que les messages d’erreur redirigés suite à une attaque spam ne viennent pas polluer votre messagerie.
Cette fonctionnalité est incluse en standard dans le boitier C, et fonctionne de façon autonome, sans besoin d’autre technologie.

40. Management tools Reduction in admin costs
DEFENSE
AGAINST
SPAMs
DEFENSE
AGAINST
VIRUS
CONTENT PROCESSING
AUTHENTICATION
ASYNCOS™ MTA PLATFORM
Security Manager for unified policy management
Centralized Management manage units around the world
Mail Flow Monitor real time reporting
Mail Flow Central centralized reporting and tracking

41. Categories: by Domain, Username, or LDAP
IronPort Security Manager Single view of policies for the entire organization
Categories: by Domain, Username, or LDAP
Allow all media files
Quarantine executables IT
Mark and Deliver Spam
Delete Executables
SALES
Archive all mail
Virus Outbreak Filters disabled for .doc files
LEGAL
“ Security Manager serves as a single, versatile dashboard to manage all the services on the appliance.” -- PC Magazine 2/22/05

42. IronPort Centralized Management
Log in anywhere, control everywhere
Interface assures configuration consistency
Apply changes to a machine, group, or cluster
Test on single system, “promote” to cluster
SJ1 Machine
SJ2 Machine
D1 Machine
D2 Machine
T1 Machine
T2 Machine
SJ3 Machine
D3 Machine
T3 Machine
San Jose Group
Dublin Group
Tokyo Group
IRONPORT CLUSTER

43. Mail Flow Monitor

45. Customer case – Comverse 6,000 users

46. Example of protection at Danone1
Attempted SMTP connections
Ironport chez Groupe DANONE 2
Same origin ?
Same IP? 3

47. Zooming on the specific domain
Informations from Reputation Filters and from SenderBase
Ironport chez Groupe DANONE

48. Graphe Ironport chez Groupe DANONE
A single IP address tried to send 130,450 messages
Administrator : check case to blacklist the IP
Graphe 1 2
Ironport chez Groupe DANONE

49. Reduction in admin costs at Danone
Administration
Administration is reduced to alert monitoring and update follow-up
Fast Tracking to search for any message
Ironport chez Groupe DANONE

50. Example of Tracking Result
Ironport chez Groupe DANONE

51. IronPort : Integrated Secured Gateways
Security  C Series
Web Security  S Series
Security Management  M Series

52. Malware: exploding phenomenon
Number of spyware (in thousands)
Growth in Keyloggers
Total Reported
Parlons aussi d’une sous-catégorie dangereuse du spyware, les keyloggers ou enregistreurs de touches clavier. Ceux-ci sont capables d’enregistrer en arrière plan toutes les frappes clavier. Ils sont mêmes capables aujourd’hui d’enregistrer des captures d’écran, afijn par exemple de déjouer les protections mise en place par les banques en ligne.
Citer exemple du clavier à chiffres proposé par certaines banques avec les chiffres changeant d’endroit.
Source : State Of Spyware Report, 2006
Source: iDefense Labs, November 2005
Spywares, Keyloggers, Chevaux de Troie, Botnets & Zombies, etc.
65% growth in 2005 vs. 2004
Cost of a malware : 150$+ per PC per year + commercial risk + legal responsability

53. IronPort S Series: Web protection at 3 levels
Blocks access to infected sites
Web
Filters content against Spyware
La Série S permet à nos clients une protection à 3 niveaux
(les citer)
Filtre le
Malware
Prevents « phone-home » calls to hosts outside

54. Architecture for a multi-layer Web security
MANAGEMENT TOOLS
IronPort
Web Reputation
Filters
IronPort
Anti-Malware
System
IronPort
L4 Traffic Monitor
IronPort
Policy Filters
Captures IronPort’s view of
Starts with
Extends
Highlight management tools
Powerful platform designed for anti-malware
Combined application and network layer scanning capabilities
We need to do complete content inspection
We need to look at all the network ports and identify infected clients and stop malware that is trying to bypass
Full range of apps
IronPort AsyncOS Web Security Platform

55. 1. Blocks access to infected sites: Web Reputation
Premier niveau de protection : la Série S va vous permettre de bloquer l’accès des utilisateurs aux sites infectés.
Comme sur la série C le boitier inclus les Web Reputation Filters qui vont permettre de bloquer l’accès des utilisateurs aux sites infectés. Lorsque la note de réputation dus ite est comprise par exemple entre -10 et -5, le site peut être immédiatement bloqué. Au dessus de 5 il va être autorisé, et il vous est possible de définir par exemple qu’entre -5 et +5 le flux subira un filtre complémentaire.
Début 2007, la série S inclura également une solution complémentaire de filtrage d’URL, qui vous permettra à la fois de compléter votre protection grâce à une deuxième couche de sécurité, et aussi de pouvoir gérer vos accès Internet à partir des différentes catégories (voyages, pornographie, etc.).
Blocks connection
infected sites
phishing
etc.
Anti-Malware scanning
Allows connection
(“good” sites)

56. 2. Filters malicious content: IronPort Anti-Malware System
Anti-malware engine
“DVS Engine”, supporting multiple verdict engines
Webroot
others
High accuracy level
Very high performance for scanning on the fly (content streaming)
Zero administration
VERDICT
ENGINE 1
VERDICT
ENGINE 2
IRONPORT
DVS™ ENGINE
2ème niveau de protection : la série S va effectuer un filtrage anti-malware. Les flux provenant de sites dont la réputation est suspicieuse sans être trop mauvaise peuvent ainsi être contrôlés plus finement véritablrment en mode streaming en les confrontant à un moteur d’analyse anti-malware.
Ce moteur permet une analyse complète du contenu du flux et contient à ce jour une base de signatures anti-malware parmi les meilleures du marché.
Cette base de signatures vous permet de bloquer en temps réel les principales catégories de malware actuelles.
VERDICT
ENGINE N
REPUTATION-BASED VERDICT CACHING

57. 3. Detects & Blocks communications to outsite host servers: L4 monitor
Detects any spyware or keylogger activity to an outsite host (“phone home”)
On any of the 65,535 ports
Working around port 80
2 modes: “monitor only or “monitor & block”
Internet X X
Firewall
Port 80
Enfin 3ème niveau de protection Web : la série S va bloquer les communications des malware vers leurs serveurs externes. Ainsi elle va bloquer les envois de données des spyware et keyloggers vers l’extérieur, les communication des zombies avec leur “pirate maitre”, et les téléchargements des chevaux de Troie. Plus généralement la série S va bloquer les codes malveillants cherchant à contourner le port 80.
IronPort S-Series
PROXY
L4 TRAFFIC MONITOR X X

58. IronPort : Integrated Secured Gateways
Security  C Series
Web Security  S Series
Security Management  M Series

59. IronPort M Series : management for C and S Series
La Série M d’IronPort vous permet notamment de centraliser la quarantaine de spam au niveau de votre entreprise, lorsque vous avez plusieurs boîtiers C, et vous permettra dès le 1er trimestre 2007 de centraliser le reporting des série C et S sur un même boitier.
Centralized Spam Quarantine
Centralized statistics / reporting / tracking for C and S Series

60. DO NOT BELIEVE OUR WORD… CHECK IT OUT BY YOURSELF !!
Questions - Answers
DO NOT BELIEVE OUR WORD…
CHECK IT OUT BY YOURSELF !!
Free evaluation in production
Be informed of all new virus alerts by registering on:
For all information:
Maintenant avant de terminer, j’ai une dernière chose à vous dire : ne me croyez surtout pas sur parole, et vérifiez ce que je viens de vous présenter. Concernant la sécurité de votre messagerie, testez notre série C en situation réelle sur votre réseau durant trente jours. Vous aurez accès aux vraies fonctionnalités du boitier et au support technique IronPort. Vous pourrez ainsi évaluer l’efficacité de cette série dans vos conditions de production réelles.
Concernant la sécurité Web, demandez à votre intégrateur traditionnel un audit de la sécurité Web de votre organisation, qui peut être également réalisé par la mise en place d’un boîtier série S au sein de votre système d’information en mode monitoring uniquement, sans aucun blocage.
Enfin vous pouvez recevoir des informations sur les principales alertes virales et sur les temps de livraison de signatures anti-virus par les principaux éditeurs du marché sur la page Web
Pour toute information je vous ai laissé mon . Nous pouvons maintenant prendre des questions sur les sujets présentés aujourd’hui.
Merci à tous

61. The IronPort advantage
New generation MTA
Performance, robustness, intelligence, easy integration to architecture
Multi-layer Anti-Spam Protection
“Reputation Filters”: 70% of traffic blocked before entering the network
Content-level AS : efficient; no False Positive; zero administration; efficient against image-based spams; advanced Web Reputation concept
Preventive Protection against viruses
On average 14 hours additional protection ahead of AV
Dramatic decrease in administration costs
Administrative costs typically divided by 10
Market leadership and continued innovation