IDC eGovernment

27
IDC eGovernment The Future of Email Security John Ryan Operations Director Entropy

description

IDC eGovernment. The Future of Email Security. John Ryan Operations Director Entropy. Fixing Email. Email - Where Are We Now? The Current State of Messaging (Security) Top Enterprise Email Threats & The Cost to Corporations Where Is The Industry Going? Reactive Point Solutions - PowerPoint PPT Presentation

Transcript of IDC eGovernment

Page 1: IDC eGovernment

IDC eGovernment

The Future of Email Security

John RyanOperations DirectorEntropy

Page 2: IDC eGovernment

Fixing Email

Email - Where Are We Now? The Current State of Messaging (Security) Top Enterprise Email Threats & The Cost to Corporations

Where Is The Industry Going? Reactive Point Solutions Proposed Email Identity Standards

New Technologies to Address these Issues? Identity, Reputation, Policy Control Unique solutions available now

Page 3: IDC eGovernment

images blank

Page 4: IDC eGovernment

% of IT Spend on Security

18%

34%

35%

20%

30%22%

4%

3%

2%

2%

11%

19%

0%

10%

20%

30%

40%

50%

60%

70%

80%

90%

100%

2004 2002

Din't know

More than 25%

Between 11% and 25%

Between 2 & 10%

1% or Less

None

Source: Information Security Breaches survey 2004 – DTI UK

Page 5: IDC eGovernment

IT Business Environment Changes

93%

89%

52%

34%

52%

77%

69%

28%

2%

47%

0% 10% 20% 30% 40% 50% 60% 70% 80% 90% 100%

Email

Web Access

Remote Access

Wireless

Transactional WWW

2004

2003

Source: Information Security Breaches survey 2004 – DTI UK

Page 6: IDC eGovernment

The Mission-Critical App Is Collapsing

Email Is The Form Of Business Communication 80% Of Businesses Consider Email More Important Than Phones

Email Is No Longer Reliable Spam, False-Positives, Viruses, Forgery And Other Threats Make Email

Unreliable

Users Are Rapidly Losing Trust In Email

52% Say They Trust Email Less

25% Have Reduced Email Use

—Pew Internet Life Project —

Page 7: IDC eGovernment

Challenges of E Mail Today!

E mail has become a mission critical communications vehicleE mail has become a major delivery mechanism for marketing messages…SPAM!Most of these marketing messages are unsolicited and unwantedSpam is perceived as the most significant problem of enterprise.

Source: Osterman Research

Page 8: IDC eGovernment

Some Email Statistics

•18B message per day (73% of which is SPAM)

•Message volume has increased by 2B in January

•9.4B messages coming for “Zombie” hosts

•290,000 infected hosts tracked last week alone

•15,000+ compromised zombie networks

•75% of all Viruses are deployed via an email

•Phishing scam’s accounted for 1% of SPAM

Source: Senderbase network – go to www.ironport.com/toc

•Top countries sending SPAM ……..

1. United States

2. China

3. South Korea

4. Poland

5. France

6. Great Britain

7. Germany

8. Brazil

9. Spain

10. Japan

Page 9: IDC eGovernment

Email Stats January 2006

Page 10: IDC eGovernment

Corporations Pay the Consequences

Spam Will cost corporate users over

£10B in the US alone.1 Overall cost of spam between

£10B and £87B, or £50 to £1400 per worker per year.2

Set to get worse Corporate spam traffic will

rise from 44 billion messages per day in 2006, to 83 billion messages per day in 2009.3

Viruses Sobig virus cost more than

£1B.4

Disaster recovery costs increased by 23% in 2003 to almost £100,000 per organization per virus outbreak.5

Confidential information Difficult to estimate Devastating impacts

1. Ferris Research2. Pew Internet and American Life Project

3. Radicati Group4. Computer Economics5. ICSA Labs’ Prevalence Survey

Page 11: IDC eGovernment

It Takes Two: Senders and Receivers

We Are All Email Senders And Email Receivers

Solving Receiver Problems Means Addressing Sender Issues And Vice Versa

The Solution To Fixing Email Is NOT One-sided

A Healthy Email System Requires Feedback Loops Integrating complaint and other corrective data back into the system is a fundamental

requirement

Page 12: IDC eGovernment

Email Gateway Infrastructure Issues

On top of all the Security vulnerabilities, the infrastructure itself is at breaking point…..

Bespoke deployments Complexity Performance issues & bottlenecks Reliability of the solutions Huge Admin Overhead Limited visibility or control Managing the escalating costs $$$

Page 13: IDC eGovernment

Fixing Email

Email - Where Are We Now? The Current State of Messaging (Security) Top Enterprise Email Threats & The Cost to Corporations

Where Is The Industry Going? Reactive Point Solutions Proposed Email Identity Standards

New Technologies to Address these issues? Identity, Reputation, Policy Control Unique solutions available now

Page 14: IDC eGovernment

The Industry “Reacts”

Solutions are reactive NOT proactive Point solution approach Content-based filtering band-aids Cat and mouse game – its never going

to end! New filter, new threat, new filter, new threat, new filter,

new threat, new filter

There is some good news! >>>>

Page 15: IDC eGovernment

Industry Adopts Identity

Sender-ID/SPF Technical Solution For Sender Address Forgery

Yahoo! Domain Keys Authenticating Entire Email Message Based On Sender

Domain

There are limitations to this “partial”

solution.

Page 16: IDC eGovernment

Fixing Email

Email - Where Are We Now? The Current State of Messaging (Security) Top Enterprise Email Threats & The Cost to Corporations

Where Is The Industry Going? Reactive Point Solutions Proposed Email Identity Standards

New technologies to Address these Issues? Identity, Reputation, Policy Control Unique solutions available now

Page 17: IDC eGovernment

Critical Components of a Complete Solution

The vulnerability exposed by spam, viruses, phishing is inherent to the email protocol, SMTP

Reputation services are a critical component of the solution:

123

Advanced authentication standardsIDENTITY

POLICY

REPUTATION A holistic view of a sender’s trustworthiness

Intelligently apply filtering techniques based on the apparent threat

Page 18: IDC eGovernment

Black and White Lists

Page 19: IDC eGovernment

SenderBase: Leading Reputation Service

• 75,000 contributing organizations• 4 billion queries daily• >25% of world’s Internet email

30,000

organizations

(25% of all email)

OtherData

OpenProxy Data

Blacklists

GlobalComplaint

Data

Global Volume

Data

SpamCop, ISP abuse data,

BondedSender abuse data

SpamCop,

SpamHaus (SBL), NJABL

SORBS, OPM,

DSBL…

Fortune 1000 status, length of sending history, location, whether domain accepts email, etc.

Authenticated Unknown Sender

Extensive network of

“invalid" accounts

3rd party email accreditation

Reputation Established

Spamtraps

-10 +10

Page 20: IDC eGovernment

Traffic Shaping:Mail Flow Control NOT Filtering

Page 21: IDC eGovernment

Email Security Appliances:Enforcing Policy

• Known good is delivered

• Suspicious is throttled & spam filtered

• Known bad is deleted/tagged

IronPort Appliances Use Identity And Reputation To Apply Policy

Trusted Known Senders Bypass Spam Filters Suspicious Unknown Senders Are Throttled And Filtered Hostile Senders Are Deleted Or Tagged

Email Appliance

Anti-Spam

Page 22: IDC eGovernment

Scale is required

Page 23: IDC eGovernment

Outbreak Filter Advantage

Virus

Mydoom.bb

Goldun.H

Sober.J

Cidra-D

Page 24: IDC eGovernment

Prevention: Temporary Quarantine

Pulls outbreak rules for all incoming email attachments Triggers automated quarantine for suspicious attachments Releases messages for rescanning through standard filters

OutbreakRules

TemporaryQuarantine

Virus Filter

Closes the Reaction Gap

MyDoom.bb

6503 files Quarantined

100% capture

Page 25: IDC eGovernment

VoF Advantages

Nyxem-D / Grew A Yabe.E Troj_Yabe.F Danmec.E Bagle.EV

VoF 16/01/2006 14:36 01/12/2005 07:06 12/12/2005 00:26 04/12/2005 09:15 13/02/2006 16:10AV Vendor 18/01/2006 10:32 01/12/2005 15:42 12/12/2005 05:42 04/12/2005 14:36 13/02/2006 19:56

VoF Lead Time 43:56 08:35 05:24 05:21 03:46

Virus Description Dangerous mass mailer that deletes important files of infected PCs on third day of every month.

Trojan that spoofs itself as a non-malicious PDF attachment.

Spammed trojan that attempts to convert computers into Bots.

Trojan that performs monitoring theft to seal important user information.

Worm that propagates via SMTP and P to P.

Source http://secunia.com/virus_information/26334/

http://secunia.com/virus_information/24374/trojyabe.e/

http://secunia.com/virus_information/24904/trojyabe.f/

http://secunia.com/virus_information/24497/trojdanmec.e/

http://secunia.com/virus_information/26993/

All times in GMT. Trend Signature times per Secunia (www.secunia.com). Note, Secunia reports times in GMT +1.

Outbreak Filters Lead Times Relative to Leading AV VendorSelected Viruses: Dec '05 - Feb '06

08:3505:24 05:21 03:46

43:56

Nyxem-D / Grew A Yabe.E Troj_Yabe.F Danmec.E Bagle.EV

Outbreak

Iro

nP

ort

Le

ad

Tim

e Average Lead Time: 13:24

Page 26: IDC eGovernment

Consolidation of the Email Perimeter

BEFORE AFTER

Email Appliance

Page 27: IDC eGovernment

Summary

Security spend has to increase to meet the ever increasing business demands

Email is now THE critical communications system

Our email systems are under attach and straining to deliver

We need to re-think our approach to email delivery and invest in new technology