1. E-mail Crimeware: An Emerging, Acute Threat Dave Green

2. E-mail Security Concerns 2007 HIGHER RISKS Targeted Crimeware  How do emerging Trojans, keystroke loggers & malware steal data? First-instance Threats  How to protect from first-instance/ unknown threats? Regulatory compliance  What are the penalties for a data breach?

3. Targeted Crimeware Defined Custom-designed threats may never reach a pattern development lab  Target specific organizations/industries  Symantec Threat Report:  Threats focused on stealing specific access or data  Decline in noisy, widely replicated threats  Increase in quieter, stealthier, focused threats 1 1- Symantec Internet Security Report, Vol. 9, March 2006

4. Targeted Crimeware – On the rise Symantec Internet Security Report, Vol. 9, March 2006 Symantec reports of top 50 threats – 80% attack confidential information +26% increase from 2004 92% of most threatening malicious code sent by SMTP e- mail

5. Recent Crimeware Examples

6. Attachment Blocking – Insufficient Protection Trojan Horse Remote Code Execution.doc.jpg.mp3.wmv.doc.xls.ppt.wmf.bmp.jpg.gif Data Mining Denial of Service/ System Crash.doc.xls.pdf.bmp.gif.pdf 1.Business-critical attachments can carry dangerous threats 2.Blocking these attachments halts business

7. Consequences of security failure Security breach has associated costs  HIPAA, Graham-Leach-Bliley Act, EU Privacy Act  Public disclosure of any security breach compromising personal info  Fines for non-compliance—Corporate and PERSONAL  California’s Senate Bill 1386  Similar laws pending or complete in other states (IL, MA, NY, NJ)

8. E-mail protection is not the same HEURISTICS An educated guess, not reliable for consistent protection. BEHAVIOR-BASED Desktop emulator solutions ANTICIPATE (not observe) behavior, prone to false positives, difficult to deploy TRAFFIC ORIGIN Targets known bad locations or traffic anomalies, may limit the effect of noisy mass mailers PATTERN-BASED Effective at stopping previously identified threats only, development and deployment of new patterns takes time BEYOND ‘DAY ZERO’--ACTUAL BEHAVIOR OBSERVATION Executes attached active content, and monitors for any unusual or malicious activity, detects FIRST INSTANCE of threat

9. Protection beyond ‘day-zero’ technology Allow active content messages to execute in a secure virtual machine desktop at the gateway Observe actual behavior Protect based on demonstrated actions Virtual machine protection stops threats based upon actual behavior in a virtual machine

10. In action – Virtual machine crimeware protection Enterprise SMTP deployment configuration  Excellent track record of accurately detecting malicious behavior  Firewall protection stops propagation outside of execution environment  Real environment entices execution of payload Virtual Machine Benefits

11. Comprehensive AV Security For previously identified threats, pattern-based protection is an effective layer of protection  Fast and efficient  First instance threats can’t be stopped by pattern- comparison The COMBINATION of pattern-scanning + actual behavior delivers the most comprehensive e-mail threat protection available.

12. Thank you for your time Avinti, iSolation Server and E-mail Attachments—Tested and Safe are trademarks of Avinti, Inc. All other company and product names may be trademarks or registered trademarks of their respective companies.