Iron Port The Leader in Email Security PROTECTING
- Slides: 27
Iron. Port: The Leader in Email Security PROTECTING OVER 340 MILLION EMAIL BOXES WORLDWIDE Fredrik Myrelid Nordic & Baltic Technical Manager Iron. Port Systems, Inc.
Iron. Port Systems: The Leader in Email Security Iron. Port C-Series Email Security Appliance • Industry-leading technology – Async. OS, powers the world’s fastest MTA – Sender. Base, the world’s first & largest HTTP & SMTP traffic monitoring network • Industry-leading customers – Over 50% of the world’s largest ISPs, media & technology companies choose Iron. Port
Fixing Email: The Steps Required 1. IDENTITY 2. REPUTATION 3. POLICY Internet private ISPs DNS public Iron. Port is the First to Implement Domain. Keys
Challenges at the Email Gateway The typical symptoms everyone headlines on…. • Email Security Managing volumes of SPAM and false positive issues Viruses Denial of Service attacks, Directory Harvesting, Fraud etc • Policy & Legal Compliance But what about the bigger picture? • Availability of email services • Performance & Latency issues • • • Authentication Massive Admin & Operations overhead Huge Complexity Visibility, Reporting & Statistics Future-proofing the infrastructure, new services etc
Summarised as. . • Lost Productivity (a management issue) – At the desktop (users are asked to define spam) – IT Admin (to setup, fine tune and monitor spam) • Consumption of valuable IT resource (an operational issue) – – Network bandwidth (wasted on 70% spam) CPU and memory at the gateway (could be used on genuine mail) Disk storage (archive everything that arrives, inc. spam) Increased real-estate (in order to scale with the right performance) • Legal liability (a risk management issue) – Offensive content – Contravention of legislation (Data Protection, Basel II, SOX, HIPPA etc) – Spam zombies (brand risk, blacklisting)
Iron. Port Consolidates the Email Perimeter Before Iron. Port After Iron. Port Internet Firewall MTAs Anti-Spam Anti-Virus Iron. Port Email Security Appliance Policy Management Mail Routing Groupware Users
Iron. Port Reduces Administration Advanced Technology Automates Manual Tasks Centralized management: make Changes only once Stop viruses in average 15 hours Before the anti virus signature is available No fine tuning or Training necessary Lowest fales positive rates eliminates support calls Iron. Port Email Security Appliance No manual white- or black lists necessary Anti-spam updates: up to 60, 000 rules/day, every 5 -10 min Automatic rate limiting protects against Denial of Service without your intervention “These Iron. Ports run themselves” Joe Chodi, CTO of Major League Baseball Centralized & scheduled reporting: You never Need to sort throguh logs again Test configuration changes withouth making them active
Iron. Port Architecture for Multi-Layered Email Security MANAGEMENT TOOLS SPAM DEFENSE • Iron. Port Reputation Filters • Brightmail • Iron. Port Anti-Spam VIRUS DEFENSE CONTENT SCANNING • Iron. Port Virus Outbreak • Iron. Port Content Filters • Post. X and PGP • Sophos Anti-Virus ASYNCOS™ MTA PLATFORM
Async. OS: Revolutionary MTA Platform Traditional Email Gateways And Other Appliances Iron. Port Email Security Appliance 200 Incoming/Outgoing Connections Low Performance and Potential Do. S 10, 000 Incoming/Outgoing Connections High Performance, Predictable Delivery Single Queue For all Destinations Queue Backup Delays All Mail Per-Destination Queues Fault-Tolerance and Custom Control Directory Harvest Attack Prevention Virtual Gateway Technology Intelligent Bounce Handling Protects Against: Theft of your user database by spammers Protects Against: Inadvertent blockage of your corporate mail Protects Against: Blacklisting of your IPs from intentional NDRs Unique Advantage: Integrates with Sender. Base to track global attacks Unique Advantage: Provides up to 256 unique IP addresses per appliance Unique Advantage: Separate IP address for NDRs, Inconversation recipient checking
Async. OS™ Standards Based Integration LDAP DNS • Integrates with all standard LDAP servers including Active Directory™ • Carrier-class client and cache on-box • High performance client resolves millions of record per hour • Configure separate DNS servers per domain Advanced Networking • 802. 1 Q VLAN Tagging for network security • NIC failover for redundancy • Loopback interfaces for load balancer integration Essential Mail Operations • Alias, masquerade, and routing tables • Powerful header operations • Store tables on box or in LDAP directory
Multi-Layered Spam & Virus Defense: Preventive + Reactive = Defense in Depth Preventive Layer Reactive Layer - Iron. Port Reputation Filtering - Virus Outbreak Filters - Brightmail - Iron. Port Anti. Spam -Sophos Anti - Virus + Immediate Reaction to Threats Adapts Over Time Extremely High Performance Computationally Intensive Coarse Outer Layer Fine-grained Inner Layer Blocks or Rate Limits Delete or Quarantine
Black and White Lists
Sender. Base : ® Data Makes the Difference Parameters • Complaint Reports • Spam Traps Threat Prevention in Realtime • Message Composition Data • Global Volume Data • URL Lists • Compromised Host Lists • Web Crawlers • IP Blacklists & Whitelists Sender. Base Data Analysis/ Security Modeling Sender. Base Reputation Scores -10 to +10 • Additional Data Breadth Data Quantity • Combine HTTP & SMTP data • Over 200, 000 sources • Over 5 billion emails per day • 8 of the top 10 ISPs, universities • Over 90 SMTP parameters tracked • Over 20 HTTP parameters tracked & businesses • Worldwide sources, including Americas, Europe & Asia Data Quality • Over 3 years of experience ensuring data integrity • Source. Rank assesses source quality by cross correlating multiple sources with known benchmarks
Iron. Port Mail Flow 80% Bad Mail STOPPED BEFORE You have accepted connection Work Queue Reputation Filters Exchange, Lotus/Domino, Groupwise Anti Spam Anti Virus Content Filters Virus Outbreak Filters Clean, legitimate Mail! SMTP Client
Nordea Phishing / Sender IP
Iron. Port Reputation Filters Stop 80% of Hostile Mail at the Door…. +10 Trusted Policy Reputation Filtering Incoming Mail Good, Bad, and “Grey” or Unknown Email Anti-Spam Engine Accepted Policy Untrusted Policy Rejected Policy -10 • Iron. Port uses identity & reputation to apply policy • Sophisticated response to sophisticated threats
Traffic Shaping: Mail Flow Control NOT Filtrering
Dell • Dell’s challenge: – Dell receives over 26 M mail per day – Only 1. 5 M legitimate emails – 68 existing gateways using Spam Assassin with high false positive rates • Iron. Port’s solution: – Reputation filters blocks over 19 M emails per day – 5. 5 M emails per day scanned & removed by Brightmail – Replaced 68 servers with 8 Iron. Port C 60 s • Accuracy of spam filtering increased 10 x • Server consolidation with 70% • Operational costs reduced with over 75% “Iron. Port has increased the quality and reliability of our network operations, while reducing our costs. ” -- Tim Helmsetetter Manager, Global Collaborative Systems Engineering and Service Management, Dell Corporation
Iron. Port Outbreak Filters Over 140 Virus Outbreaks Detected, Average Lead Time of 15 hours “Virus Outbreak Filters helped us from the first day we had it and it saves us significant clean up costs during major virus outbreaks. ” Mark S. Dial E-Messaging Team, Tellabs Virus Date Virus Threat Level Raised First Anti-virus Signature Available Outbreak Filter Lead Time Bagle. BO 5/31/2005 14: 32 PM 16: 34 PM 2: 02 hours Bagle BB 2/27/2005 10: 39 AM (2/27) 4: 22 AM (3/1) 41: 43 hours Mydoom. BL 4/28/2005 19: 52 PM 21: 43 PM 1: 51 hours My. Tob. V 4/3/2005 4: 19 AM 9: 36 AM 5: 17 hours My. Tob. J 3/24/2005 23: 30 PM 22: 38 PM (the next day) 23: 08 hours Sober. L 3/7/2005 16: 10 PM 18: 28 PM 2: 18 hours Sober. K 2/21/2005 5: 58 AM 7: 00 AM 1: 02 hours Mydoom. BB 2/15/2005 18: 08 PM 22: 54 PM (the next day) 28: 46 hours
How Virus Outbreak Filters Work Dynamic Quarantine In Action Messages Scanned & Deleted T = 0 T = 5 mins T = 10 mins T = 8 hours – zip (exe) files - Size 50 to 55 KB. – zip (exe) files – Size 50 to 55 KB – “Price” in the name file – Release messages if signature update is in place
Industry Leading Signatures from Sophos Anti-Virus • Integrated Sophos® anti-virus engine – High performance in-line scanning • Easy to deploy and manage – Intuitive user interface – Single view with Mail Flow Monitor – Auto updates – Lower TCO with integrated solution
Easy Custom Filter Generation Protect your intellectual property & enforce acceptable use Iron. Port Content Scanning Engine High Performance Flexible Fine Grained Incoming / Outgoing Mail LDAP Server Queries Pre- defined HIPAA, GLB, SOX Filters Encrypt Archive BCC to Compliance Officer Notify Legal Personnel Remove Attachment Return to Sender Bounce Email Drop Email Customer Specific Filters
Iron. Port Email Security Manager Single view of policies for the entire organization Domain, Email Address, or LDAP Group • Allow all media files • Quarantine executables IT • Mark and Deliver Spam • Delete Executables SALES • Archive all mail • Virus Outbreak Filters LEGAL disabled for. doc files
Iron. Port Centralized Management • Log in anywhere, control everywhere – New systems automatically configure themselves – Mesh network = no single point of failure • Elegant solution for two systems to 100 – Simple interface highlights configuration anomalies – Apply changes to a machine, group, or cluster SJ 1 Machine SJ 2 Machine SJ 3 Machine San Jose Group D 2 Machine D 1 Machine D 3 Machine Dublin Group IRONPORT CLUSTER T 1 Machine T 2 Machine T 3 Machine Tokyo Group
Enterprise Reporting & Management • Proves the Iron. Port ROI – Show effectiveness of reputation, spam, and virus filtering • In-depth reporting on all senders – Includes global traffic data from Sender. Base • Easy integration with existing • monitoring – Alert Center (via email) – SNMP – Reporting API Choice of management interfaces – Effortless Graphical User Interface (GUI) – Powerful Command Line Interface (CLI)
The Iron. Port Advantage • Iron. Port Minimizes the Total Cost of Ownership for your E-mail Infrastructure – – – – • Iron. Port increases the availability of your email – • Administrative burden reduced with more than 75%, let’s IT staff do more with less Increased User productivity Powerful Management & Reporting tools for small to global organizations, as well as ISP’s Server consolidation Reduced load on the network infrastructure Ease of use Flexible Filtering solutions – Tailored to your needs Protection against Denial of Service Attacks, Directory Harvesting Iron. Port makes you sleep better at night! – – – Industry leading Anti-Virus Protection – 15 hours ahead of competition Multi dimentional Anti-Spam Protection • Most accurate for the broadest span of threats • Powered by Sender. Base (www. senderbase. org) Unmatched performance – Scalability from the smallest organization to largest ISP’s The Iron. Port C-Series offers comprehensive & consolidated email security
Thank you Fredrik Myrelid Iron. Port Systems, Inc. fmyrelid@ironport. com The Iron. Port C-Series offers comprehensive & consolidated email security
Transactional vs transformational
Private secruity
8255 features
Port a + port c upper forms group b ports
Hfss wave port tutorial
Mass of iron in an iron tablet
Iron sharpens iron friendship
Format of an informal email
Port security grant program
International port security
Info 2950
Switch boot sequence
Obtaining and protecting your credit vocabulary check
Chapter 9 obtaining and protecting your credit
Chapter 20 civil liberties protecting individual rights
Reactions of aldehydes and ketones summary
Aldehyde + ag2o
Carbamate protecting group
Hale quotes act 1
Chapter 9 obtaining and protecting your credit
Protecting student data
Protecting consumers savers and investors examples
Single species approaches to protecting biodiversity
Biodiversity
Chapter 20 civil liberties protecting individual rights
Chapter 20 civil liberties protecting individual rights
Dell email security
Is barracuda encryption legit
