Docstoc

security_overview

Document Sample
security_overview Powered By Docstoc
					IronPort Gateway
Security Products

Email Security
Appliances
 IronPort® Gateway Security Products


                                                                                   Internet
                                                                                        Internet
                                                    IronPort
                                                  SenderBase

                                                                                               BLOCK Incoming Threats




                               APPLICATION-SPECIFIC
                               SECURITY GATEWAYS
                                                            ENCRYPTION         EMAIL                 WEB
                                                              Appliance   Security Appliance   Security Appliance


                                                      CENTRALIZE Administration
                                                                                               PROTECT Corporate Assets
                                                                                                   Data Loss Prevention
                                                           Security
                                                        MANAGEMENT
                                                          Appliance




                                                                                          CLIENTS




Web Security | Email Security | Security Management | Encryption
IronPort + Cisco
Extending Market Leadership

                               Customer
                                Leadership
                                  Over 6,000 customers
                                  globally
                                  99% customer retention rate

                               Technology
                                Leadership
                                  Industry leading email and
                                  Web security applications
                                  and management tools


                               Global Leadership
                                  Worldwide operations and
                                  infrastructure
IronPort + Cisco
Extending Technology Leadership



 Substantial growth in bookings
                                                          Staying Ahead Requires
     Market growth rate = 50%
                                                           Higher Investment in
     IronPort growth rate = 100%                           Technical Resources

 Significant investment in security
  technology                             100%




                                           Accuracy (%)
      R&D resources increased by 35%
    in 2007
      Employee base increased by 50%

 Unparalleled access to data
      Cisco network devices contribute
    to IronPort’s SenderBase data
                                                              Technical Resources ($)
The IronPort SenderBase Network                     ®



Global Reach Yields Benchmark Accuracy

                                                •   30B+ queries daily
                                                •   150+ Email and Web parameters
                                                •   25% of the World’s Traffic
                                                •   Cisco Network Devices



                                   Combines Email & Web Traffic Analysis
 View into both email & Web
  traffic dramatically improves
  detection
                                                         IronPort
 80% of spam contains URLs                             SenderBase
 Email is a key distribution
  vector for Web-based malware
                                   IronPort EMAIL                    IronPort WEB
 Malware is a key distribution   Security Appliances                   Security
  vector for Spam zombie                                               Appliances
  infections
   IronPort Consolidates the
   Network Perimeter
   For Security, Reliability and Lower Maintenance
                           Before IronPort                             After IronPort
                                      Internet                              Internet



                          Firewall                               Firewall


Encryption Platform                              DLP
                                MTA              Scanner

                       Anti-Spam

                        Anti-Virus               DLP Policy   IronPort Email Security Appliance
                                                 Manager
             Policy Enforcement

                      Mail Routing


                       Groupware                               Groupware



                        Users                                  Users
IronPort Architecture for
Multi-Layered Email Security


                     MANAGEMENT TOOLS



    SPAM             VIRUS         DATA LOSS   EMAIL ENCRYPTION
   DEFENSE          DEFENSE       PREVENTION



             THE IRONPORT ASYNCOS™ EMAIL PLATFORM
Multi-layer Spam Defense
Best-of-Breed Protection at the Gateway



                             MANAGEMENT TOOLS



      SPAM                  VIRUS                DATA LOSS       EMAIL ENCRYPTION
     DEFENSE               DEFENSE              PREVENTION



                THE IRONPORT ASYNCOS™ EMAIL PLATFORM

   • IronPort Reputation Filters™: the outer layer defense
   • IronPort Anti-Spam™: stops the broadest array of threats – spam, phishing,
     fraud and more
Spam Trends
Through the first half of 2007

                                                                                      Increase In Average Daily Spam Rules
                      Spam volumes up 18%                                                                   Number of Daily Anti-Spam Rules
                       month over month                                               250,000



                      New spammer tactics                                            200,000




                               -- Image link spam                                     150,000



                                                                                      100,000
                               -- PDF spam
                                                                                       50,000

                               -- XLS spam
                                                                                           0
                                                                                                    2005                       2006                   2007




                         Average Daily Spam Volume By Month: 2006-2007
                   100
Spam Volume (BN)




                    90
                    80
                    70
                    60
                    50
                    40
                    30
                    20
                    10
                     0
                         Jan   Feb   Mar   Apr   May   Jun   Jul   Aug   Sep   Oct   Nov    Dec   Jan      Feb   Mar     Apr      May     Jun   Jul     Aug

                                                       2006                                                                     2007
IronPort’s Spam Defense Method

 Multi-layer / multi-technique spam defense technologies
  designed to:
    Stop spam quickly
    Stop spam accurately


                 Reputation                      Who? How?
                                                What? Where?
              Worlds first and best sender
              based reputation service          World’s most accurate
                                                content based spam engine
              - Blocks 80% of spam at gateway
                                                - 98% catch rate
              - World class accuracy
                                                - World class accuracy



                SenderBase
              Reputation Score                  IronPort Anti-Spam
  The IronPort SenderBase Network
  Data Makes the Difference


150 Parameters

• Complaint Reports
                          THREAT PREVENTION IN REAL TIME
       • Spam Traps
       • Message
  Composition Data
• Global Volume Data
         • URL Lists                  Data Analysis/       SenderBase
                        SenderBase                       Reputation Scores
     • Compromised         Data      Security Modeling      -10 to +10
          Host Lists
     • Web Crawlers
      • IP Blacklists
         & Whitelists
    • Additional Data
  IronPort Anti-Spam
  Accuracy Powered By Context Adaptive Scanning Engine

                                      HOW?
                             • Message leaves trace
                               of spamware tool

     WHAT?                                                    WHO?
• All text inside an image                            • IP address recently
• Random dots appear                                    started sending email
  within the message                                  • Message originated
• Nearly identical color                                from dial-up IP address
  scheme in 100,000’s                                 • Sending IP address
  spamtrap msgs                                         located in Russia

                                   WHERE?

                                    Verdict

                                    BLOCK
 IronPort Stops Phishing

                                                                                                                    – URL registered to
 Web Reputation: IronPort                                                                                          ISP in Mauritius, not
  exclusive technology                                                                                              Barclays
  assigns reputation score to                                                                                       – domain on several
  URLs in emails based on                                                                                           blacklists
  likelihood to host phishy /                                                                                       – abnormally high
  spammy content                                                                                                    volume traffic to
                                                                                                                    domain
 Stops over 97% of phishing
  attacks

                                     60.0
                                                                                                                         55.6
    New Phishing Sites (thousands)




                                     50.0                        211% Increase: May '06 - May '07

                                     40.0                                      37.4   37.4                                      37.4


                                     30.0
                                                                                             28.5   27.2
                                                                        24.6
                                                                                                                  20.9
                                     20.0                                                                  16.5
                                                          14.2
                                            12.0
                                                   10.0          10.1
                                     10.0



                                      0.0

                                            May    Jun    Jul    Aug    Sep    Oct    Nov    Dec    Jan    Feb    Mar    Apr    May
System Management Capabilities
End-User Controls
 Spam Quarantine
    Quarantine for admins
    and end-users
    Safe Listing and Block Listing
    On-box or consolidated
    quarantine (IronPort M-Series)
    Authenticate users against
    LDAP, Active Directory or
    IMAP/POP


 Outlook Plug-in
    One-click reporting of spam,
    viruses and phishing attacks
    Block and Allow lists supported
    natively in Outlook
Multi-layer Virus Defense
Best-of-Breed Protection at the Gateway




                               MANAGEMENT TOOLS


        SPAM                  VIRUS                DATA LOSS         EMAIL ENCRYPTION
       DEFENSE               DEFENSE              PREVENTION




                   THE IRONPORT ASYNCOS™ EMAIL PLATFORM


  • IronPort Virus Outbreak Filters: stop outbreaks 13 hours ahead of traditional signatures
  • McAfee and Sophos Anti-Virus: signature-based solutions with industry leading accuracy
IronPort Virus Outbreak Filters
The First Line of Defense




        Early Protection
             with
         IronPort Virus
        Outbreak Filters
               The IronPort Virus Outbreak Filters
               Advantage

                         Virus Name                         Date                                      Virus Description                   Lead Time
                                                                                                                                           (hh:mm)
                 Troj/Yar-A                                5/24/07         Widely-spammed out email teaser promising a trailer of the       3:20
                                                                           film "Pirates of the Caribbean 3“. Downloads spyware onto
                                                                           infected computers.
                 Trojan.Dropper                            5/10/07         Trojan that attempts to download malicious code.                 10:40
                 W32.Virut!dr                              4/12/07         Spammed email that asks recipients to open attachments           31:12
                                                                           entitled “document.txt.exe” and “video.zip”. Downloads
                                                                           spyware onto infected computers.
                 Troj/DwnLdr-GFN                           3/4/07          Installs backdoor and communicates via HTTP, thus                17:31
                                                                           bypassing firewall filters.
                 W32/WowPWS-AU                             3/3/07          Mass mailing worm that sends emails with the subject:            6:51
                                                                           "Chinese test missile obliterates satellite!“. Asks users to
                                                                           open attached file that, when opened, installs spyware.
                 Troj_Agent.JAW                            1/14/07         Spammed email message that contains a seemingly benign           20:08
                                                                           PDF attachment. Once attachment is opened, backdoor is
                                                                           installed for remote hackers to access the PC.

                                                Average lead time*…………………………over 13 hours
                                                Outbreaks blocked * ………………………175 outbreaks
                                                Total incremental protection*…………….over 94 days

*May 2006 – June 2007. Calculated as publicly published signatures from the following vendors: Sophos, McAfee , Trend Micro,
Computer Associates, F-Secure, Symantec and McAfee. If signature time is not available, first publicly published alert time is used.
IronPort Virus Outbreak Filters in Action

                             Temporary
                             Quarantine


     IronPort’s SenderBase
                             Virus Filter




INTERNET




    Evaluates incoming mail against outbreak rules
    Triggers automated quarantine for suspicious
     attachments
    Releases messages for re-scanning through
     standard filters
McAfee + Sophos Anti-Virus Signatures
Multiple Lines of Defense

 Integrated McAfee and
  Sophos anti-virus engines
    High performance in-line scanning
    using both engines in multi-scan
    mode for maximum security
    Customer selection for either
    Sophos or McAfee possible


 Easy to deploy and manage
    Intuitive user interface
    Single view with IronPort Mail Flow
    Monitor
    Auto updates
    Lower TCO with an integrated
    solution
IronPort Data Loss Prevention
Inbound/Outbound Policy Enforcement



                                MANAGEMENT TOOLS


      SPAM                       VIRUS                   DATA LOSS            EMAIL ENCRYPTION
     DEFENSE                    DEFENSE                 PREVENTION




                    THE IRONPORT ASYNCOS™ EMAIL PLATFORM

 • Flexible Policy Engine for protection of Intellectual Property and enforcing acceptable use policies
 • Regulatory Compliance Solutions are built in and provide real-time remediation
 • On-box Encryption keeps communications private and secure
Data Loss Prevention
Multi-Faceted Problem
 Regulatory Compliance
     HIPAA, GLBA, PCI, SOX Regulations
     Scan for sensitive information and block infractions
     Secure business partner communication

 Acceptable Use
     Block offensive content
     Enforce messaging policy (attachment size, etc)
     Add legal disclaimers to outgoing mails

 Intellectual Property Protection
     Block messages containing confidential data
     Prevent email communications with competitor


                  “Email has become the de facto filing system for nearly all
                  corporate information, making it even more critical to protect
                  the outbound flow of messages.”
                                       ─ Brian Burke, Security Products Research Manager, IDC
Data Loss Prevention:
Integrated Scanning and Remediation
Scanning Work Flow                                              Remediation Work Flow



         Pre-Defined Filters




                          Pre-Defined Filters

                                                                                       DLP Notification



                                                                                DLP Notification

                       Compliance                                                           Quarantine View Of
                                                                                                Violation
                       Dictionaries                                   Quarantine View Of Violation
                                                                EncryptSmart Identifiers
                                                                       The Message
                                      Compliance Dictionaries
                                                                        Encrypt The Message



 Smart Identifiers


                                                                    View HIPAA Violation Report
                                                                         View HIPAA Violation Report
IronPort Email Encryption
Don’t Remediate…Accelerate




                     MANAGEMENT TOOLS


     SPAM            VIRUS         DATA LOSS   EMAIL ENCRYPTION
    DEFENSE         DEFENSE       PREVENTION




              THE IRONPORT ASYNCOS™ EMAIL PLATFORM
User Problems


 Data Loss Prevention Compliance
 Sensitive information live passwords
 Business Class Email features include:
   Secure reply
   Guaranteed read receipts
   Reliable message expiration and locking
   Encryption Market Evolution
   The Technical View


   Legacy Encryption Solutions             IronPort PXE™
  S/MIME, PGP, Secure Webmail            Secure Envelopes


 Multi-Platform Deployment       Single, Integrated Platform
 Certificate Requirements        No Certificate Complexity
 Sender/Receiver Plug-Ins        No Plug-Ins Required
IronPort PXE: Sending a Message
Instant Deployment, Zero Management Costs




                        CISCO REGISTERED
                        ENVELOPE SERVICE



      Automated user enrollment and account creation
      User authentication and key delivery
      Message Tracking
      Secure Reply
      NEVER stores email message → highest security
IronPort PXE: Receiving a Message
Seamless End-User Experience

1. Open Attachment
                               2. Enter password



           3. View message
Management for the
Largest Enterprises


                         MANAGEMENT TOOLS


    SPAM                VIRUS                   DATA LOSS           EMAIL ENCRYPTION
   DEFENSE             DEFENSE                 PREVENTION



             THE IRONPORT ASYNCOS™ EMAIL PLATFORM

        • IronPort Email Security Manager – unified policy management
        • IronPort Email Security Monitor – enterprise-class reporting system
        • Management Interfaces – simple integration and increased productivity
    IronPort Email Security Manager
    Single view of policies for the entire organization


                                                                       Categories: by Domain,
                                                                        Username, or LDAP


                                                  • Allow all media files
                                                  • Quarantine executables
                                                                                 IT


                                                 • Mark and Deliver Spam

                                                 • Delete Executables          SALES


                                                  • Archive all mail
                                                  • Virus Outbreak Filters     LEGAL
                                                    disabled for .doc files

“IronPort Email Security Manager serves as a single,
 versatile dashboard to manage all the
 services on the appliance.” – PC Magazine
IronPort Email Security Monitor
Advanced Reporting System

     Integrated Real-Time                      CSV Export
       Graphical Reports




     Scheduled Delivery                        Search by Domain




                             IronPort Email
                            Security Monitor
IronPort M-Series
Centralized Reporting and Message Tracking

 Aggregated IronPort Email
  Security Monitor reports
  available on a central
  IronPort M-Series interface


 Helps administrators answer
  help desk calls quickly and
  easily
     “Joe sent me an email, but I
     never received it.”


 Easier alternative to
  searching log files
     Gives one place to search
     for messages across
     different appliances
System Monitoring
Easy Integration with Existing Processes


                                           Alert Center




                                   • Alert Subscriptions per Admin
                                   • Distinct Areas of Management
   Log Subscriptions
                                  SNMP


                                                  • Exclusive IronPort MIB
                                                  • Integrates with any
                                                    SNMP-compatible tools

• 20+ Log Types Supported
• Transfer via FTP, SCP, Syslog
IronPort AsyncOS™
Unmatched Scalability and Security



                             MANAGEMENT TOOLS


      SPAM                   VIRUS                  DATA LOSS           EMAIL ENCRYPTION
     DEFENSE                DEFENSE                PREVENTION




               THE IRONPORT ASYNCOS™ EMAIL PLATFORM

     • IronPort AsyncOS is a scalable and secure operating system, optimized for messaging
     • Advanced Email Controls protect reputation and downstream systems
     • Standards-based Integration replaces legacy systems with ease
Scalable and Extensible Platform
Meeting Security Needs – Today and Tomorrow



                                        Number of functions
                                        that must be
                                        supported



                                        Computational power
                                        required for accurate
                                        scanning




                                        Average volume and
                                        size of messages




   2004           2007           2010
IronPort AsyncOS
Revolutionary Email Delivery Platform




    Traditional Email Gateways
       And Other Appliances               IronPort Email Security Appliances



    200
                     Low Performance/
                                           1K – 10K
                                                                High Performance/
  Outgoing                                 Outgoing
                    Peak Delivery Issue                           Sure Delivery
 Connections                              Connections



                    Unable To Leverage
 Disk I/O                                                        Limited Solely
                       Full Capability       CPU
Bottlenecks
                                                                By CPU Capacity
                        Components
Email Architecture
With Multi-Core Technology

     REPUTATION                             DATA LOSS     VIRUS
       FILTERS    ANTI-SPAM   ANTI-VIRUS                OUTBREAK
                                           PREVENTION    FILTERS


                        ASYNCOS™ MTA PLATFORM


                  ANTI-SPAM
                  PROCESS


                                      4X SPAM PROCESSING
                  ANTI-SPAM               THROUGHPUT
                  PROCESS



                  ANTI-SPAM
                  PROCESS



                  ANTI-SPAM
                  PROCESS
Email Authentication
Fixing Email


                                   BV                Bounce Verification
                                                        Allowing Legitimate Bounces
                                          Internet       to be Identified on Return
                              BV                        Eliminates Help Desk Calls
                                   +                     and End User Confusion




                                                     DomainKeys Identified Mail (DKIM)
                                                        300+ Email Accounts use
                   Internet                              DomainKeys to Authenticate the
                                                         Email Sender
  private                          ISPs
                                                        Block Phishing Attacks Protect
                                                         your Brand with Authentication
                  public
            DNS
IronPort Customer Support
The Best for the World’s Best Customers


 Mission-critical SLAs
  Exceeded

 “A” Grade in Annual Survey
   Knowledge Level, Professionalism,
   Responsiveness, Follow Up, Ability
   to Resolve Issues (all categories)


 Products Designed for
  Supportability
   Automated support request
   Optional remote telemetry
IronPort Gateway
Security Products

Web Security
Appliances
Next Generation Secure Web Gateway
                Before IronPort              After IronPort

                         Internet                Internet



              Firewall                Firewall



  Web Proxy & Caching


         Anti-Spyware


            Anti-Virus

                                            IronPort S-Series
         Anti-Phishing


         URL Filtering


   Policy Management




          Users                     Users
Layer 4 (L4) Traffic Monitor
Integrated Network Monitoring




                                           MANAGEMENT TOOLS



      L4 Traffic       URL     Web Reputation      Anti-Malware
                                       Filters           System
       Monitor       Filters


                          IronPort AsyncOS Web Security Platform
Detecting Existing Client Infections
Monitoring “Phone Home” Traffic


 Layer 4 Traffic Monitor
     Scans all traffic, all ports,
     all protocols
     Detects malware bypassing
     Port 80



 Powerful anti-malware data
     Automatically updated
     anti-malware rules
     Real-time rule generation
     using “Dynamic Discovery”
IronPort URL Filters™
Acceptable Use Policy Enforcement




                                          MANAGEMENT TOOLS



     L4 Traffic       URL     Web Reputation       Anti-Malware
                                      Filters            System
      Monitor       Filters



                          IronPort AsyncOS Web Security Platform
IronPort URL Filters
Comprehensive Management & Visibility


 Flexible policy management
     Per user, per group policies
     Multiple actions, including
     monitor only
     Custom notifications


 Visibility
     Easy to understand reports
     Extensive logging
     Comprehensive alerting
IronPort Web Reputation Filters™
The Outer Layer of Defense




                                          MANAGEMENT TOOLS



     L4 Traffic       URL     Web Reputation       Anti-Malware
                                      Filters            System
      Monitor       Filters


                          IronPort AsyncOS Web Security Platform
Intelligent Scanning

                               Known good sites
                               aren’t scanned

                                                   ANTI-MALWARE

                   IRONPORT                             SYSTEM

              WEB REPUTATION
                     FILTERS   Unknown sites are     DECRYPTION
Requested                      scanned by one or
                               more engines              ENGINE
    URLs

                               Known bad sites
                               are blocked




  IronPort Web Reputation technology determines need
   for scanning by
       - IronPort Anti-Malware System
       - Decryption Engine
IronPort Anti-Malware System
IronPort Dynamic Vectoring and Streaming (DVS) Engine™




                                         MANAGEMENT TOOLS


    L4 Traffic       URL     Web Reputation      Anti-Malware
                                     Filters           System
     Monitor       Filters



                        IronPort AsyncOS Web Security Platform
IronPort DVS Engine
Multi-Layered Malware Defense

 Deep content inspection
                                                  Webroot
 High-performance scanning
     - Parallel scans                              McAfee
                                 IRONPORT
     - Stream scanning
                                DVS ENGINE
 Multiple verdict engines
                                                  VERDICT
     - Integrated, on-box                         ENGINE
                                                      “N”
     - Supported engines:
     Webroot, McAfee
                                        Policy Management
 Automated Updates
Industry-leading Accuracy
With Multiple Verdict Engines




 Best-of-breed signatures - Webroot & McAfee
 Broad coverage - Addresses full range of threats
 Complete signature set - URLs, domains, CLSIDs, binaries, checksums,
  user agents and more

				
DOCUMENT INFO
Shared By:
Categories:
Stats:
views:6
posted:7/13/2011
language:English
pages:49