ironport email & web gateway security solutions protecting over 300 million email boxes...
TRANSCRIPT
![Page 1: IronPort Email & Web Gateway Security Solutions PROTECTING OVER 300 MILLION EMAIL BOXES WORLDWIDE Frederic Benichou Director, South Europe, Middle-East](https://reader034.vdocuments.mx/reader034/viewer/2022042814/5513ef1b5503463a298b5f1d/html5/thumbnails/1.jpg)
IronPort Email & Web Gateway Security SolutionsIronPort Email & Web Gateway Security Solutions
PROTECTING OVER 300 MILLION EMAIL BOXES WORLDWIDE
Frederic BenichouDirector, South Europe, Middle-East & AfricaIronPort Systems
![Page 2: IronPort Email & Web Gateway Security Solutions PROTECTING OVER 300 MILLION EMAIL BOXES WORLDWIDE Frederic Benichou Director, South Europe, Middle-East](https://reader034.vdocuments.mx/reader034/viewer/2022042814/5513ef1b5503463a298b5f1d/html5/thumbnails/2.jpg)
IronPort Consolidatesthe Email Perimeter
Anti-Spam
Anti-Virus
Policy Management
Mail Routing
Before IronPort
Internet
Firewall
MTAs
Groupware
Users
IronPort Email Security Appliance
After IronPort
Internet
Users
Groupware
Firewall
![Page 3: IronPort Email & Web Gateway Security Solutions PROTECTING OVER 300 MILLION EMAIL BOXES WORLDWIDE Frederic Benichou Director, South Europe, Middle-East](https://reader034.vdocuments.mx/reader034/viewer/2022042814/5513ef1b5503463a298b5f1d/html5/thumbnails/3.jpg)
IronPort: Industry Leadership• Global Leadership
– Founded in 2000, based in San Bruno, CA– 35 offices in 25 countries– Approx 380 people
• Analyst Leadership– Recognized as leader by Gartner,
Meta, IDC, Forrester, Bloor
• Customer Leadership– About 3000 customers in 75 countries– 8 of the 12 largest ISPs– 20%+ of the largest Enterprises (Global 2000)– 300+ millions mail boxes protected– US Armed Forces & Government
• Technology Leadership– First with custom, high performance MTA– First with Reputation Filtering (SenderBase)– First with Virus Outbreak Filters
![Page 4: IronPort Email & Web Gateway Security Solutions PROTECTING OVER 300 MILLION EMAIL BOXES WORLDWIDE Frederic Benichou Director, South Europe, Middle-East](https://reader034.vdocuments.mx/reader034/viewer/2022042814/5513ef1b5503463a298b5f1d/html5/thumbnails/4.jpg)
Sample customers in France
MACSF
10,000bal
1,000 bal
Cipa
ComexpoSNC Gestor
![Page 5: IronPort Email & Web Gateway Security Solutions PROTECTING OVER 300 MILLION EMAIL BOXES WORLDWIDE Frederic Benichou Director, South Europe, Middle-East](https://reader034.vdocuments.mx/reader034/viewer/2022042814/5513ef1b5503463a298b5f1d/html5/thumbnails/5.jpg)
Multi-Layered Security Preventive + Reactive = Defense in Depth
ReactiveLayer
PreventiveLayer +
Immediate Reaction to Threats
Extremely High Performance
Coarse Outer Layer
Blocks or Rate Limits
Adapts Over Time
Computationally Intensive
Fine-grained Inner Layer
Delete or Quarantine
![Page 6: IronPort Email & Web Gateway Security Solutions PROTECTING OVER 300 MILLION EMAIL BOXES WORLDWIDE Frederic Benichou Director, South Europe, Middle-East](https://reader034.vdocuments.mx/reader034/viewer/2022042814/5513ef1b5503463a298b5f1d/html5/thumbnails/6.jpg)
SenderBase® / Threat Operations CenterSenderBase TOC
Team of security experts
• Global volume data
• Message composition data
• Spam traps, complaints
• Blacklists, whitelists
• Compromised host lists
• Open proxy lists
• Offline data (F500, ISP, NSP, govt.)…
Sender Reputation Score
90+Parameters
Web Reputation Score
• URL blacklists and whitelists
• HTML Content Data
• Domain Registrar Information
• Compromised Host Lists
• Network Owners
• Known Threats URLs
• Web Site History…
45+Parameters
![Page 7: IronPort Email & Web Gateway Security Solutions PROTECTING OVER 300 MILLION EMAIL BOXES WORLDWIDE Frederic Benichou Director, South Europe, Middle-East](https://reader034.vdocuments.mx/reader034/viewer/2022042814/5513ef1b5503463a298b5f1d/html5/thumbnails/7.jpg)
IronPort : Integrated Secured Gateways
Email Security C Series
Web Security S Series
Security Management M Series
![Page 8: IronPort Email & Web Gateway Security Solutions PROTECTING OVER 300 MILLION EMAIL BOXES WORLDWIDE Frederic Benichou Director, South Europe, Middle-East](https://reader034.vdocuments.mx/reader034/viewer/2022042814/5513ef1b5503463a298b5f1d/html5/thumbnails/8.jpg)
IronPort Email Security Appliances
High Performance Email Security Appliances Stopping Spam, Viruses and Other Email Threats,Enforcing Email Policies, and Reducing Admin Costs for Enterprises and Service Providers
IronPort C300/C600IronPort C10
IronPort X1000
![Page 9: IronPort Email & Web Gateway Security Solutions PROTECTING OVER 300 MILLION EMAIL BOXES WORLDWIDE Frederic Benichou Director, South Europe, Middle-East](https://reader034.vdocuments.mx/reader034/viewer/2022042814/5513ef1b5503463a298b5f1d/html5/thumbnails/9.jpg)
IronPort Architecture for Multi-Layered Email Security
OUTILS D’ADMINISTRATION
ASYNCOS™ MTA PLATFORM
MANAGEMENT TOOLS
DEFENSEAGAINSTSPAMs
CONTENT PROCESSING
DEFENSEAGAINST
VIRUS
EMAIL AUTHENTICATION
ASYNCOS™ MTA PLATFORM
![Page 10: IronPort Email & Web Gateway Security Solutions PROTECTING OVER 300 MILLION EMAIL BOXES WORLDWIDE Frederic Benichou Director, South Europe, Middle-East](https://reader034.vdocuments.mx/reader034/viewer/2022042814/5513ef1b5503463a298b5f1d/html5/thumbnails/10.jpg)
AsyncOS™ Unmatched Scalability and Security
AsyncOS scalable and secure OS optimized for messaging
Email Identity Protection secures enterprise identity
Standards-based Integration replaces legacy systems with ease
MANAGEMENT TOOLS
DEFENSEAGAINSTSPAMs
CONTENT PROCESSING
DEFENSEAGAINST
VIRUS
EMAIL AUTHENTICATION
ASYNCOS™ MTA PLATFORM
![Page 11: IronPort Email & Web Gateway Security Solutions PROTECTING OVER 300 MILLION EMAIL BOXES WORLDWIDE Frederic Benichou Director, South Europe, Middle-East](https://reader034.vdocuments.mx/reader034/viewer/2022042814/5513ef1b5503463a298b5f1d/html5/thumbnails/11.jpg)
AsyncOS™ Revolutionary MTA Platform
Traditional Email GatewaysAnd Other Appliances IronPort Email Security Appliance
200Incoming/Outgoing
Connections
Low Performance/DoS Potential
Single QueueFor all Destinations
Queue BackupDelays All Mail
Per-DestinationQueues
Fault-Toleranceand
Custom Control
10,000Incoming/Outgoing
Connections
High Performance/Sure Delivery
![Page 12: IronPort Email & Web Gateway Security Solutions PROTECTING OVER 300 MILLION EMAIL BOXES WORLDWIDE Frederic Benichou Director, South Europe, Middle-East](https://reader034.vdocuments.mx/reader034/viewer/2022042814/5513ef1b5503463a298b5f1d/html5/thumbnails/12.jpg)
AsyncOS™ Advanced Email Identity Protection
Directory HarvestAttack
Prevention
VirtualGateway
Technology
IntelligentBounce
Handling
Protects Against:Theft of your user
database by spammers
Unique Advantage:Integrates with
SenderBase™ to track global attacks
Protects Against:Inadvertent blockage
of your corporate mail
Unique Advantage:Provides up to 256
unique IP addresses per appliance
Protects Against:Blacklisting of your IPs from intentional
NDRs
Unique Advantage:Distinct IPs for NDRs,
In-conversation recipient checking
![Page 13: IronPort Email & Web Gateway Security Solutions PROTECTING OVER 300 MILLION EMAIL BOXES WORLDWIDE Frederic Benichou Director, South Europe, Middle-East](https://reader034.vdocuments.mx/reader034/viewer/2022042814/5513ef1b5503463a298b5f1d/html5/thumbnails/13.jpg)
Best of Breed, Multi-layer Spam Defense
IronPort’s Reputation Filters – the outer layer defense
IronPort Anti-Spam - stops the broadest array of threats – spam, phishing, fraud
OUTILS D’ADMINISTRATION
FILTRAGE DECONTENU
DEFENSECONTRE
VIRUS
AUTHENTIFICATIONEMAIL
PLATEFORME ASYNCOS™ MTA
MANAGEMENT TOOLS
ASYNCOS™ MTA PLATFORM
ANTI-SPAM DEFENSE
CONTENT PROCESSING
ANTI-VIRUS DEFENSE
EMAIL AUTHENTICATION
PR
EV
EN
TIV
E
RE
AC
TIV
E
![Page 14: IronPort Email & Web Gateway Security Solutions PROTECTING OVER 300 MILLION EMAIL BOXES WORLDWIDE Frederic Benichou Director, South Europe, Middle-East](https://reader034.vdocuments.mx/reader034/viewer/2022042814/5513ef1b5503463a298b5f1d/html5/thumbnails/14.jpg)
IronPort Reputation Filters Stop 80% of Hostile Mail at the Door….
• Known good is delivered
• Suspicious(ex. Score = -4 to -1):limit the rate & pass thru Anti-Spam filter
• Known bad (ex. Score = -10 to -4):connection rejected
• IronPort uses identity & reputation to apply policy• Sophisticated response to sophisticated threats
Anti-SpamEngine
Incoming MailGood, Bad, and “Grey”
or Unknown Email
Reputation Filtering
Senderbase
![Page 15: IronPort Email & Web Gateway Security Solutions PROTECTING OVER 300 MILLION EMAIL BOXES WORLDWIDE Frederic Benichou Director, South Europe, Middle-East](https://reader034.vdocuments.mx/reader034/viewer/2022042814/5513ef1b5503463a298b5f1d/html5/thumbnails/15.jpg)
A wide sample of parameters, for a reliable assessment of Reputation
Good Reputation
AverageReputation
System Tolerant of Anomalies
Blacklisted
Good Sending HistoryOnly Sending to Valid Recipients
Reverse DNS Works
Poor Reputation
Volume Spike
![Page 16: IronPort Email & Web Gateway Security Solutions PROTECTING OVER 300 MILLION EMAIL BOXES WORLDWIDE Frederic Benichou Director, South Europe, Middle-East](https://reader034.vdocuments.mx/reader034/viewer/2022042814/5513ef1b5503463a298b5f1d/html5/thumbnails/16.jpg)
Positive & Negative Reputation
![Page 17: IronPort Email & Web Gateway Security Solutions PROTECTING OVER 300 MILLION EMAIL BOXES WORLDWIDE Frederic Benichou Director, South Europe, Middle-East](https://reader034.vdocuments.mx/reader034/viewer/2022042814/5513ef1b5503463a298b5f1d/html5/thumbnails/17.jpg)
Customer case – Marseille-Nice Universities30,000+ users
Universités Numériques Région PACA
![Page 18: IronPort Email & Web Gateway Security Solutions PROTECTING OVER 300 MILLION EMAIL BOXES WORLDWIDE Frederic Benichou Director, South Europe, Middle-East](https://reader034.vdocuments.mx/reader034/viewer/2022042814/5513ef1b5503463a298b5f1d/html5/thumbnails/18.jpg)
• Leading Efficacy– CASE (Content Adaptive Scanning
Engine) optimized for blended threats– Multiple sources
• Industry leading throughput• Virtually Zero False Positives
– Approx 1 in 1 million
• No administrative burden– Install and walk away– Automatic filter updates, no tuning required– System adapts to new threats without manual tweaking of rules
IronPort Anti-Spam™: High Performance, No Administration
Score
How?
Structural Analysis
What?
Content Analysis
Where?
Web Reputation
Who?
Email Reputation
IronPort CASE™
![Page 19: IronPort Email & Web Gateway Security Solutions PROTECTING OVER 300 MILLION EMAIL BOXES WORLDWIDE Frederic Benichou Director, South Europe, Middle-East](https://reader034.vdocuments.mx/reader034/viewer/2022042814/5513ef1b5503463a298b5f1d/html5/thumbnails/19.jpg)
IronPort’s Context Adaptive Scanning Engine (CASE)
IronPort
Anti-Spam
Competitive
Solutions
What? Message Content What content is included in this message?
How? Message Structure How was this message constructed?
Who? Email Reputation
Who is sending you this message?
Where? Web Reputation
Where does the call to action take you?
![Page 20: IronPort Email & Web Gateway Security Solutions PROTECTING OVER 300 MILLION EMAIL BOXES WORLDWIDE Frederic Benichou Director, South Europe, Middle-East](https://reader034.vdocuments.mx/reader034/viewer/2022042814/5513ef1b5503463a298b5f1d/html5/thumbnails/20.jpg)
New types of spamMore difficult to detect
URL
Passage from a text book
100% legitimate content
URL is not that of Red Cross
![Page 21: IronPort Email & Web Gateway Security Solutions PROTECTING OVER 300 MILLION EMAIL BOXES WORLDWIDE Frederic Benichou Director, South Europe, Middle-East](https://reader034.vdocuments.mx/reader034/viewer/2022042814/5513ef1b5503463a298b5f1d/html5/thumbnails/21.jpg)
Recent trends in Spam
0
10
20
30
40
50
60
70
Oct-05
Nov-05
Dec-05
Jan-06
Feb-06
Mar-06
Apr-06
May-06
Jun-06
Jul-06
Aug-06
Sep-06
Oct-06
0
5
10
15
20
25
30
Oct-05
Nov-05
Dec-05
Jan-06
Feb-06
Mar-06
Apr-06
May-06
Jun-06
Jul-06
Aug-06
Sep-06
Oct-06
Average Daily Spam Volume (billions msgs)
+110%
% Spam with an Embedded Image
+421%
![Page 22: IronPort Email & Web Gateway Security Solutions PROTECTING OVER 300 MILLION EMAIL BOXES WORLDWIDE Frederic Benichou Director, South Europe, Middle-East](https://reader034.vdocuments.mx/reader034/viewer/2022042814/5513ef1b5503463a298b5f1d/html5/thumbnails/22.jpg)
Image-based spams techniques
• « Polka dots » make every message appear unique to signature-based anti-spam filters
• images broke down in sub-parts and then reassembled
• IronPort has unique techniques to detect these spams, including:
« MPR »: Multidimensional PatternRecognition
![Page 23: IronPort Email & Web Gateway Security Solutions PROTECTING OVER 300 MILLION EMAIL BOXES WORLDWIDE Frederic Benichou Director, South Europe, Middle-East](https://reader034.vdocuments.mx/reader034/viewer/2022042814/5513ef1b5503463a298b5f1d/html5/thumbnails/23.jpg)
LabTests results: Catch Rate Results
![Page 24: IronPort Email & Web Gateway Security Solutions PROTECTING OVER 300 MILLION EMAIL BOXES WORLDWIDE Frederic Benichou Director, South Europe, Middle-East](https://reader034.vdocuments.mx/reader034/viewer/2022042814/5513ef1b5503463a298b5f1d/html5/thumbnails/24.jpg)
Best of Breed, Multi-layerVirus Defense
IronPort’s Virus Outbreak Filters stop outbreaks 14 hours ahead of signatures
Sophos AntiVirus signature based solution with industry leading accuracy
MANAGEMENT TOOLS
PLATEFORME ASYNCOS™ MTA
PR
EV
EN
TIV
E
RE
AC
TIV
E
ANTI-VIRUS DEFENSE
ANTI-SPAM DEFENSE
CONTENT PROCESSING
EMAIL AUTHENTICATION
![Page 25: IronPort Email & Web Gateway Security Solutions PROTECTING OVER 300 MILLION EMAIL BOXES WORLDWIDE Frederic Benichou Director, South Europe, Middle-East](https://reader034.vdocuments.mx/reader034/viewer/2022042814/5513ef1b5503463a298b5f1d/html5/thumbnails/25.jpg)
Today’s Anti-Virus Solutions Inadequate
CaptureVirus Sample
IssueCustomer Alert
AnalyzeVirus Sample
ReleaseSignature
UpdateSignature
Millions of infections occur during this period.
Generic signatures don’t always work.
Anti-Virus Signature Release Timeline
See booklet « The New Anti-Virus Formula » by John Dickinson:www.ironport.com/guide
![Page 26: IronPort Email & Web Gateway Security Solutions PROTECTING OVER 300 MILLION EMAIL BOXES WORLDWIDE Frederic Benichou Director, South Europe, Middle-East](https://reader034.vdocuments.mx/reader034/viewer/2022042814/5513ef1b5503463a298b5f1d/html5/thumbnails/26.jpg)
How Virus Outbreak Filters WorkIronPort Threat Operations Center (TOC)
• Continuous monitoring & analysis– Real-time & historical data visualization
– Automated alerts
– Human verification
• The IronPort gateway downloads the updated rules from the TOC every 5 minutes,…
• …and puts the concerned messages in the Quarantine (queue in the MTA)
INSIDE THE TOC
• Expert team of skilled analysts • Staffed 24 x 7 x 365• 32 languages spoken • Documented & verified processes• State-of-the-art tools & techniques
Manager, Threat Operations Center
![Page 27: IronPort Email & Web Gateway Security Solutions PROTECTING OVER 300 MILLION EMAIL BOXES WORLDWIDE Frederic Benichou Director, South Europe, Middle-East](https://reader034.vdocuments.mx/reader034/viewer/2022042814/5513ef1b5503463a298b5f1d/html5/thumbnails/27.jpg)
How Virus Outbreak Filters WorkDynamic Quarantine In Action
T = 0–zip (exe) files
T = 5 mins-zip (exe) files
-Size 50 to 55 KB.
T = 10 mins–zip (exe) files
–Size 50 to 55KB–“Price” in the
name file
T = 8 hours–Release messages
if signature update is in place
Messages
Scanned &
Deleted
![Page 28: IronPort Email & Web Gateway Security Solutions PROTECTING OVER 300 MILLION EMAIL BOXES WORLDWIDE Frederic Benichou Director, South Europe, Middle-East](https://reader034.vdocuments.mx/reader034/viewer/2022042814/5513ef1b5503463a298b5f1d/html5/thumbnails/28.jpg)
The Virus Outbreak Filters advantage
Medium additional protection time……………….. 14 hours
Out of a total of blocked attacks……………………175 outbreaks
* Feb 2005 –January 2006 **GMT
Virus Name Date IronPort Protection Starts**
First Anti-virus Signature Available**
Outbreak Filter Lead Time
Looksky.G 1/6/06 2:32 PM 2:12 AM (two days later) 35:40 hours
Nyxem-D (Kama Sutra) 1/16/06 2:36 PM 3:22 PM 1:27 hours
Sober-Z 11/21/05 8:07 PM 12:45 AM (the next day) 4:38 hours
Mabutu-A 11/17/05 12:58 AM 1:24 PM 12:26 hours
Zotob.C 8/16/05 1:56 AM 4:47 AM 2:51 hours
Sober-N 5/5/05 3:58 PM 5:19 PM 1:21 hours
MyTob.G 3/24/05 11:30 PM 12:58 PM (the next day) 13:28 hours
Multiple Bagle variants 2/27/05 10:39 AM 4:22 AM (2 days later!) 41:43 hours
Mydoom.BB 2/15/05 6:08 PM 10:54 PM (the next day) 28:46 hours
Wurmark-D 1/10/05 10:02 AM 6:09 AM (the next day) 20:05 hours
![Page 29: IronPort Email & Web Gateway Security Solutions PROTECTING OVER 300 MILLION EMAIL BOXES WORLDWIDE Frederic Benichou Director, South Europe, Middle-East](https://reader034.vdocuments.mx/reader034/viewer/2022042814/5513ef1b5503463a298b5f1d/html5/thumbnails/29.jpg)
Virus Outbreak Filters recent results:eWEEK Review: September, 2006
Review Overview
• 5 month test by eWEEK, large independent, weekly IT magazine
• 1217 virus positive emails stopped before AV signatures were available
• 48 separate virus variants blocked
• 0 false positives reported
Review Quotes
“We never saw a false positive”
“(Virus Outbreak Filters) effectively blocked messages containing viruses
for which signatures didn't already exist”
- Mike Caton, Technical Writer
0
300
600
900
May June July Aug Sept
1217 virus positive messages stopped in 5
months
Viral Messages Stopped: By Month
Clagger
Stration
Dowdec
Goldun
othergeneric
downloeder
Viral Messages Stopped: By Variant
VOF blocked 100% of the new virus outbreaks in the past 5 months
![Page 30: IronPort Email & Web Gateway Security Solutions PROTECTING OVER 300 MILLION EMAIL BOXES WORLDWIDE Frederic Benichou Director, South Europe, Middle-East](https://reader034.vdocuments.mx/reader034/viewer/2022042814/5513ef1b5503463a298b5f1d/html5/thumbnails/30.jpg)
IronPort Content ScanningInbound/Outbound Message Filtering for Compliance
MANAGEMENT TOOLS
SPAM DEFENSECONTENT
PROCESSING
VIRUS DEFENSE EMAIL
AUTHENTICATION
ASYNCOS™ MTA PLATFORM
Content filteringCompliance (e.g. SOX)Digital Rights Management – information leakage preventionRules per user groupsEncryption: IronPort acquires PostX
![Page 31: IronPort Email & Web Gateway Security Solutions PROTECTING OVER 300 MILLION EMAIL BOXES WORLDWIDE Frederic Benichou Director, South Europe, Middle-East](https://reader034.vdocuments.mx/reader034/viewer/2022042814/5513ef1b5503463a298b5f1d/html5/thumbnails/31.jpg)
PostX: One Platform, Three Solutions
PostX SecureEmailSecure Desktop Messaging
“Push”
1
PostX SecureDocumentStatements, Invoices, etc.
2
PostX MessageCentreIntegrated CustomerService Communication
3
PostX EnvelopeOffline, Registered and signed
PostX S/MIME or PostX OpenPGP
Certificate based mail
“Pull”
PostX WebSafeWebmail
PostX MessagingApplication Platform
![Page 32: IronPort Email & Web Gateway Security Solutions PROTECTING OVER 300 MILLION EMAIL BOXES WORLDWIDE Frederic Benichou Director, South Europe, Middle-East](https://reader034.vdocuments.mx/reader034/viewer/2022042814/5513ef1b5503463a298b5f1d/html5/thumbnails/32.jpg)
Email Authentication
MANAGEMENT TOOLS
DEFENSEAGAINSTSPAMs
CONTENT PROCESSING
DEFENSEAGAINST
VIRUS
EMAIL AUTHENTICATION
ASYNCOS™ MTA PLATFORM
• DomainKey Signing – Protection of Corporate Identity• IronPort Bounce Verification – protection against bounce redirection attacks • Directory Harvest Attack Prevention
![Page 33: IronPort Email & Web Gateway Security Solutions PROTECTING OVER 300 MILLION EMAIL BOXES WORLDWIDE Frederic Benichou Director, South Europe, Middle-East](https://reader034.vdocuments.mx/reader034/viewer/2022042814/5513ef1b5503463a298b5f1d/html5/thumbnails/33.jpg)
IronPort DomainKeysProtects domain identity and protects against phishing
• Ensures the proper identity of the source domain• More than 200 million mail boxes use DomainKeys • Easy deployment (private key & DNS-based public key)
Internet
ISPsprivate
publicDNS
![Page 34: IronPort Email & Web Gateway Security Solutions PROTECTING OVER 300 MILLION EMAIL BOXES WORLDWIDE Frederic Benichou Director, South Europe, Middle-East](https://reader034.vdocuments.mx/reader034/viewer/2022042814/5513ef1b5503463a298b5f1d/html5/thumbnails/34.jpg)
IronPort Bounce Verification™
Protects against bounce-message attacks
• All outgoing messages are stamped.
• Legitimate bounce messages coming back are recognized by this stamp
• Transparent and autonomous
BV
Internet
BV+
![Page 35: IronPort Email & Web Gateway Security Solutions PROTECTING OVER 300 MILLION EMAIL BOXES WORLDWIDE Frederic Benichou Director, South Europe, Middle-East](https://reader034.vdocuments.mx/reader034/viewer/2022042814/5513ef1b5503463a298b5f1d/html5/thumbnails/35.jpg)
Management tools Reduction in admin costs
MANAGEMENT TOOLS
DEFENSEAGAINSTSPAMs
CONTENT PROCESSING
DEFENSEAGAINST
VIRUS
EMAIL AUTHENTICATION
ASYNCOS™ MTA PLATFORM
Email Security Manager for unified policy management
Centralized Management manage units around the world
Mail Flow Monitor real time reporting
Mail Flow Central centralized reporting and tracking
![Page 36: IronPort Email & Web Gateway Security Solutions PROTECTING OVER 300 MILLION EMAIL BOXES WORLDWIDE Frederic Benichou Director, South Europe, Middle-East](https://reader034.vdocuments.mx/reader034/viewer/2022042814/5513ef1b5503463a298b5f1d/html5/thumbnails/36.jpg)
IronPort Email Security ManagerSingle view of policies for the entire organization
IT
SALES
LEGAL
• Mark and Deliver Spam
• Delete Executables
• Archive all mail
• Virus Outbreak Filters disabled for .doc files
• Allow all media files
• Quarantine executables
“Email Security Manager serves as a single,versatile dashboard to manage all theservices on the appliance.” -- PC Magazine 2/22/05
Categories: by Domain, Username, or LDAP
![Page 37: IronPort Email & Web Gateway Security Solutions PROTECTING OVER 300 MILLION EMAIL BOXES WORLDWIDE Frederic Benichou Director, South Europe, Middle-East](https://reader034.vdocuments.mx/reader034/viewer/2022042814/5513ef1b5503463a298b5f1d/html5/thumbnails/37.jpg)
IronPort Centralized Management
• Log in anywhere, control everywhere• Interface assures configuration consistency• Apply changes to a machine, group, or cluster• Test on single system, “promote” to cluster
IRONPORT CLUSTER
San Jose Group
SJ1 Machine SJ2 Machine
SJ3 Machine
Dublin Group
D1 Machine D2 Machine
D3 Machine
Tokyo Group
T1 Machine T2 Machine
T3 Machine
![Page 38: IronPort Email & Web Gateway Security Solutions PROTECTING OVER 300 MILLION EMAIL BOXES WORLDWIDE Frederic Benichou Director, South Europe, Middle-East](https://reader034.vdocuments.mx/reader034/viewer/2022042814/5513ef1b5503463a298b5f1d/html5/thumbnails/38.jpg)
Mail Flow Monitor
![Page 39: IronPort Email & Web Gateway Security Solutions PROTECTING OVER 300 MILLION EMAIL BOXES WORLDWIDE Frederic Benichou Director, South Europe, Middle-East](https://reader034.vdocuments.mx/reader034/viewer/2022042814/5513ef1b5503463a298b5f1d/html5/thumbnails/39.jpg)
![Page 40: IronPort Email & Web Gateway Security Solutions PROTECTING OVER 300 MILLION EMAIL BOXES WORLDWIDE Frederic Benichou Director, South Europe, Middle-East](https://reader034.vdocuments.mx/reader034/viewer/2022042814/5513ef1b5503463a298b5f1d/html5/thumbnails/40.jpg)
Customer case – Comverse6,000 users
![Page 41: IronPort Email & Web Gateway Security Solutions PROTECTING OVER 300 MILLION EMAIL BOXES WORLDWIDE Frederic Benichou Director, South Europe, Middle-East](https://reader034.vdocuments.mx/reader034/viewer/2022042814/5513ef1b5503463a298b5f1d/html5/thumbnails/41.jpg)
IronPort : Integrated Secured Gateways
Email Security C Series
Web Security S Series
Security Management M Series
![Page 42: IronPort Email & Web Gateway Security Solutions PROTECTING OVER 300 MILLION EMAIL BOXES WORLDWIDE Frederic Benichou Director, South Europe, Middle-East](https://reader034.vdocuments.mx/reader034/viewer/2022042814/5513ef1b5503463a298b5f1d/html5/thumbnails/42.jpg)
Malware: exploding phenomenon
Source: iDefense Labs, November 2005
Growth in Keyloggers 2000-2005
To
tal R
epo
rted
Source : State Of Spyware Report, 2006
Number of spyware (in thousands)
• Spywares, Keyloggers, Chevaux de Troie, Botnets & Zombies, etc.
• 65% growth in 2005 vs. 2004
• Cost of a malware : 150$+ per PC per year+ commercial risk+ legal responsability
![Page 43: IronPort Email & Web Gateway Security Solutions PROTECTING OVER 300 MILLION EMAIL BOXES WORLDWIDE Frederic Benichou Director, South Europe, Middle-East](https://reader034.vdocuments.mx/reader034/viewer/2022042814/5513ef1b5503463a298b5f1d/html5/thumbnails/43.jpg)
IronPort S Series: Web protection at 3 levels
Filters content against
Spyware
Web
Filtre leMalware
Prevents « phone-home » calls to hosts
outside
Blocks access to infected sites
![Page 44: IronPort Email & Web Gateway Security Solutions PROTECTING OVER 300 MILLION EMAIL BOXES WORLDWIDE Frederic Benichou Director, South Europe, Middle-East](https://reader034.vdocuments.mx/reader034/viewer/2022042814/5513ef1b5503463a298b5f1d/html5/thumbnails/44.jpg)
Architecture for a multi-layer Web security
MANAGEMENT TOOLS
IronPortL4 Traffic Monitor
IronPortAnti-Malware
System
IronPortWeb Reputation
Filters
IronPort AsyncOS Web Security Platform
IronPortPolicy Filters
![Page 45: IronPort Email & Web Gateway Security Solutions PROTECTING OVER 300 MILLION EMAIL BOXES WORLDWIDE Frederic Benichou Director, South Europe, Middle-East](https://reader034.vdocuments.mx/reader034/viewer/2022042814/5513ef1b5503463a298b5f1d/html5/thumbnails/45.jpg)
1. Blocks access to infected sites: Web Reputation
Blocks connection - infected sites
- phishing- etc.
Allows connection(“good” sites)
Anti-Malware scanning
![Page 46: IronPort Email & Web Gateway Security Solutions PROTECTING OVER 300 MILLION EMAIL BOXES WORLDWIDE Frederic Benichou Director, South Europe, Middle-East](https://reader034.vdocuments.mx/reader034/viewer/2022042814/5513ef1b5503463a298b5f1d/html5/thumbnails/46.jpg)
2. Filters malicious content:IronPort Anti-Malware System
• Anti-malware engine• “DVS Engine”, supporting multiple verdict engines
– Webroot
– others
• High accuracy level• Very high performance for scanning on the fly
(content streaming)• Zero administration
REPUTATION-BASED VERDICT CACHINGREPUTATION-BASED VERDICT CACHING
VERDICTENGINE 1
VERDICT ENGINE 2
IRONPORTDVS™ ENGINE
IRONPORTDVS™ ENGINE
VERDICT ENGINE N
![Page 47: IronPort Email & Web Gateway Security Solutions PROTECTING OVER 300 MILLION EMAIL BOXES WORLDWIDE Frederic Benichou Director, South Europe, Middle-East](https://reader034.vdocuments.mx/reader034/viewer/2022042814/5513ef1b5503463a298b5f1d/html5/thumbnails/47.jpg)
3. Detects & Blocks communications to outsite host servers:L4 monitor
• Detects any spyware or keylogger activity to an outsite host (“phone home”)– On any of the 65,535 ports
– Working around port 80
• 2 modes:“monitor only or “monitor & block”
L4 TRAFFICMONITOR
PROXY
IronPort S-Series
Firewall
• Internet
Port 80
X X
X X
![Page 48: IronPort Email & Web Gateway Security Solutions PROTECTING OVER 300 MILLION EMAIL BOXES WORLDWIDE Frederic Benichou Director, South Europe, Middle-East](https://reader034.vdocuments.mx/reader034/viewer/2022042814/5513ef1b5503463a298b5f1d/html5/thumbnails/48.jpg)
IronPort : Integrated Secured Gateways
Email Security C Series
Web Security S Series
Security Management M Series
![Page 49: IronPort Email & Web Gateway Security Solutions PROTECTING OVER 300 MILLION EMAIL BOXES WORLDWIDE Frederic Benichou Director, South Europe, Middle-East](https://reader034.vdocuments.mx/reader034/viewer/2022042814/5513ef1b5503463a298b5f1d/html5/thumbnails/49.jpg)
• Centralized Spam Quarantine
• Centralized statistics / reporting / tracking for C and S Series
IronPort M Series : management for C and S Series
![Page 50: IronPort Email & Web Gateway Security Solutions PROTECTING OVER 300 MILLION EMAIL BOXES WORLDWIDE Frederic Benichou Director, South Europe, Middle-East](https://reader034.vdocuments.mx/reader034/viewer/2022042814/5513ef1b5503463a298b5f1d/html5/thumbnails/50.jpg)
DO NOT BELIEVE OUR WORD…
CHECK IT OUT BY YOURSELF !!
Free evaluation in production Be informed of all new virus alerts by registering on:
http://www.ironport.com/toc/ For all information:
Questions - Answers
![Page 51: IronPort Email & Web Gateway Security Solutions PROTECTING OVER 300 MILLION EMAIL BOXES WORLDWIDE Frederic Benichou Director, South Europe, Middle-East](https://reader034.vdocuments.mx/reader034/viewer/2022042814/5513ef1b5503463a298b5f1d/html5/thumbnails/51.jpg)
The IronPort advantage
• New generation MTA– Performance, robustness, intelligence, easy integration to architecture
• Multi-layer Anti-Spam Protection – “Reputation Filters”: 70% of traffic blocked before entering the network
– Content-level AS : efficient; no False Positive; zero administration; efficient against image-based spams; advanced Web Reputation concept
• Preventive Protection against viruses– On average 14 hours additional protection ahead of AV
• Dramatic decrease in Email administration costs– Administrative costs typically divided by 10
• Market leadership and continued innovation