idc egovernment
Post on 19-Jan-2016
54 Views
Preview:
DESCRIPTION
TRANSCRIPT
IDC eGovernment
The Future of Email Security
John RyanOperations DirectorEntropy
Fixing Email
Email - Where Are We Now? The Current State of Messaging (Security) Top Enterprise Email Threats & The Cost to Corporations
Where Is The Industry Going? Reactive Point Solutions Proposed Email Identity Standards
New Technologies to Address these Issues? Identity, Reputation, Policy Control Unique solutions available now
images blank
% of IT Spend on Security
18%
34%
35%
20%
30%22%
4%
3%
2%
2%
11%
19%
0%
10%
20%
30%
40%
50%
60%
70%
80%
90%
100%
2004 2002
Din't know
More than 25%
Between 11% and 25%
Between 2 & 10%
1% or Less
None
Source: Information Security Breaches survey 2004 – DTI UK
IT Business Environment Changes
93%
89%
52%
34%
52%
77%
69%
28%
2%
47%
0% 10% 20% 30% 40% 50% 60% 70% 80% 90% 100%
Web Access
Remote Access
Wireless
Transactional WWW
2004
2003
Source: Information Security Breaches survey 2004 – DTI UK
The Mission-Critical App Is Collapsing
Email Is The Form Of Business Communication 80% Of Businesses Consider Email More Important Than Phones
Email Is No Longer Reliable Spam, False-Positives, Viruses, Forgery And Other Threats Make Email
Unreliable
Users Are Rapidly Losing Trust In Email
52% Say They Trust Email Less
25% Have Reduced Email Use
—Pew Internet Life Project —
Challenges of E Mail Today!
E mail has become a mission critical communications vehicleE mail has become a major delivery mechanism for marketing messages…SPAM!Most of these marketing messages are unsolicited and unwantedSpam is perceived as the most significant problem of enterprise.
Source: Osterman Research
Some Email Statistics
•18B message per day (73% of which is SPAM)
•Message volume has increased by 2B in January
•9.4B messages coming for “Zombie” hosts
•290,000 infected hosts tracked last week alone
•15,000+ compromised zombie networks
•75% of all Viruses are deployed via an email
•Phishing scam’s accounted for 1% of SPAM
Source: Senderbase network – go to www.ironport.com/toc
•Top countries sending SPAM ……..
1. United States
2. China
3. South Korea
4. Poland
5. France
6. Great Britain
7. Germany
8. Brazil
9. Spain
10. Japan
Email Stats January 2006
Corporations Pay the Consequences
Spam Will cost corporate users over
£10B in the US alone.1 Overall cost of spam between
£10B and £87B, or £50 to £1400 per worker per year.2
Set to get worse Corporate spam traffic will
rise from 44 billion messages per day in 2006, to 83 billion messages per day in 2009.3
Viruses Sobig virus cost more than
£1B.4
Disaster recovery costs increased by 23% in 2003 to almost £100,000 per organization per virus outbreak.5
Confidential information Difficult to estimate Devastating impacts
1. Ferris Research2. Pew Internet and American Life Project
3. Radicati Group4. Computer Economics5. ICSA Labs’ Prevalence Survey
It Takes Two: Senders and Receivers
We Are All Email Senders And Email Receivers
Solving Receiver Problems Means Addressing Sender Issues And Vice Versa
The Solution To Fixing Email Is NOT One-sided
A Healthy Email System Requires Feedback Loops Integrating complaint and other corrective data back into the system is a fundamental
requirement
Email Gateway Infrastructure Issues
On top of all the Security vulnerabilities, the infrastructure itself is at breaking point…..
Bespoke deployments Complexity Performance issues & bottlenecks Reliability of the solutions Huge Admin Overhead Limited visibility or control Managing the escalating costs $$$
Fixing Email
Email - Where Are We Now? The Current State of Messaging (Security) Top Enterprise Email Threats & The Cost to Corporations
Where Is The Industry Going? Reactive Point Solutions Proposed Email Identity Standards
New Technologies to Address these issues? Identity, Reputation, Policy Control Unique solutions available now
The Industry “Reacts”
Solutions are reactive NOT proactive Point solution approach Content-based filtering band-aids Cat and mouse game – its never going
to end! New filter, new threat, new filter, new threat, new filter,
new threat, new filter
There is some good news! >>>>
Industry Adopts Identity
Sender-ID/SPF Technical Solution For Sender Address Forgery
Yahoo! Domain Keys Authenticating Entire Email Message Based On Sender
Domain
There are limitations to this “partial”
solution.
Fixing Email
Email - Where Are We Now? The Current State of Messaging (Security) Top Enterprise Email Threats & The Cost to Corporations
Where Is The Industry Going? Reactive Point Solutions Proposed Email Identity Standards
New technologies to Address these Issues? Identity, Reputation, Policy Control Unique solutions available now
Critical Components of a Complete Solution
The vulnerability exposed by spam, viruses, phishing is inherent to the email protocol, SMTP
Reputation services are a critical component of the solution:
123
Advanced authentication standardsIDENTITY
POLICY
REPUTATION A holistic view of a sender’s trustworthiness
Intelligently apply filtering techniques based on the apparent threat
Black and White Lists
SenderBase: Leading Reputation Service
• 75,000 contributing organizations• 4 billion queries daily• >25% of world’s Internet email
30,000
organizations
(25% of all email)
OtherData
OpenProxy Data
Blacklists
GlobalComplaint
Data
Global Volume
Data
SpamCop, ISP abuse data,
BondedSender abuse data
SpamCop,
SpamHaus (SBL), NJABL
SORBS, OPM,
DSBL…
Fortune 1000 status, length of sending history, location, whether domain accepts email, etc.
Authenticated Unknown Sender
Extensive network of
“invalid" accounts
3rd party email accreditation
Reputation Established
Spamtraps
-10 +10
Traffic Shaping:Mail Flow Control NOT Filtering
Email Security Appliances:Enforcing Policy
• Known good is delivered
• Suspicious is throttled & spam filtered
• Known bad is deleted/tagged
IronPort Appliances Use Identity And Reputation To Apply Policy
Trusted Known Senders Bypass Spam Filters Suspicious Unknown Senders Are Throttled And Filtered Hostile Senders Are Deleted Or Tagged
Email Appliance
Anti-Spam
Scale is required
Outbreak Filter Advantage
Virus
Mydoom.bb
Goldun.H
Sober.J
Cidra-D
Prevention: Temporary Quarantine
Pulls outbreak rules for all incoming email attachments Triggers automated quarantine for suspicious attachments Releases messages for rescanning through standard filters
OutbreakRules
TemporaryQuarantine
Virus Filter
Closes the Reaction Gap
MyDoom.bb
6503 files Quarantined
100% capture
VoF Advantages
Nyxem-D / Grew A Yabe.E Troj_Yabe.F Danmec.E Bagle.EV
VoF 16/01/2006 14:36 01/12/2005 07:06 12/12/2005 00:26 04/12/2005 09:15 13/02/2006 16:10AV Vendor 18/01/2006 10:32 01/12/2005 15:42 12/12/2005 05:42 04/12/2005 14:36 13/02/2006 19:56
VoF Lead Time 43:56 08:35 05:24 05:21 03:46
Virus Description Dangerous mass mailer that deletes important files of infected PCs on third day of every month.
Trojan that spoofs itself as a non-malicious PDF attachment.
Spammed trojan that attempts to convert computers into Bots.
Trojan that performs monitoring theft to seal important user information.
Worm that propagates via SMTP and P to P.
Source http://secunia.com/virus_information/26334/
http://secunia.com/virus_information/24374/trojyabe.e/
http://secunia.com/virus_information/24904/trojyabe.f/
http://secunia.com/virus_information/24497/trojdanmec.e/
http://secunia.com/virus_information/26993/
All times in GMT. Trend Signature times per Secunia (www.secunia.com). Note, Secunia reports times in GMT +1.
Outbreak Filters Lead Times Relative to Leading AV VendorSelected Viruses: Dec '05 - Feb '06
08:3505:24 05:21 03:46
43:56
Nyxem-D / Grew A Yabe.E Troj_Yabe.F Danmec.E Bagle.EV
Outbreak
Iro
nP
ort
Le
ad
Tim
e Average Lead Time: 13:24
Consolidation of the Email Perimeter
BEFORE AFTER
Email Appliance
Summary
Security spend has to increase to meet the ever increasing business demands
Email is now THE critical communications system
Our email systems are under attach and straining to deliver
We need to re-think our approach to email delivery and invest in new technology
top related