Cisco IronPort AsyncOS 7.1 for Email Advanced Configuration Guide
IronPort Email Security Products - Arrow ECSFILE/IronPort.pdf · IronPort Email Security Products...
Transcript of IronPort Email Security Products - Arrow ECSFILE/IronPort.pdf · IronPort Email Security Products...
![Page 1: IronPort Email Security Products - Arrow ECSFILE/IronPort.pdf · IronPort Email Security Products PROTECTING OVER 350 MILLION EMAIL BOXES WORLDWIDE Mirko Schneider, IronPort Systems](https://reader030.fdocuments.net/reader030/viewer/2022021718/5b6337c97f8b9af84b8ba3b4/html5/thumbnails/1.jpg)
IronPort Email Security Products
PROTECTING OVER 350 MILLION EMAIL BOXES WORLDWIDE
Mirko Schneider, IronPort Systems
Soft-Tronik Security Day, Bratislava June 6th 2007
„I need to say that the appliance is the best system that I‘ve been testing for our magazine since 2003. I need to find a way to bring it out objectively. Otherwise nobody will believe me... “
(an editor of a German IT magazine, Feb 2006)
![Page 2: IronPort Email Security Products - Arrow ECSFILE/IronPort.pdf · IronPort Email Security Products PROTECTING OVER 350 MILLION EMAIL BOXES WORLDWIDE Mirko Schneider, IronPort Systems](https://reader030.fdocuments.net/reader030/viewer/2022021718/5b6337c97f8b9af84b8ba3b4/html5/thumbnails/2.jpg)
Who is IronPort?
• Founded by Email pioneers from in2000 from Hotmail, ListBot, Yahoo
• idea: building the fastest and strongest gateway appliance
• based in USA, California, Silicon Valley
• Investors:– General Motors, Chevron-Texaco, NTT,
Menlo Ventures, Allegis Capital
– raised over 90 million USD
• Worldwide 500+ employees
• 75 in Europe (UK, Germany, Sweden, France, Spain, Italy)
• revenue 2005: ~ 70m USD, 2006: ~125m USD
• With Soft-Tronik in CZ/SK since 2006
![Page 3: IronPort Email Security Products - Arrow ECSFILE/IronPort.pdf · IronPort Email Security Products PROTECTING OVER 350 MILLION EMAIL BOXES WORLDWIDE Mirko Schneider, IronPort Systems](https://reader030.fdocuments.net/reader030/viewer/2022021718/5b6337c97f8b9af84b8ba3b4/html5/thumbnails/3.jpg)
Hot News:CISCO acquires IronPort
![Page 4: IronPort Email Security Products - Arrow ECSFILE/IronPort.pdf · IronPort Email Security Products PROTECTING OVER 350 MILLION EMAIL BOXES WORLDWIDE Mirko Schneider, IronPort Systems](https://reader030.fdocuments.net/reader030/viewer/2022021718/5b6337c97f8b9af84b8ba3b4/html5/thumbnails/4.jpg)
The Principles of Industry Leadership
• Analyst Leadership– Recognized as the leader by Gartner,
Meta, Radicati, IDC, Forrester, Bloor
• Customer Leadership– 52 of the World’s Largest 100 Companies
– 20+% of Global 2000
– 12 of the 15 largest ISPs
• Technology Leadership– First with custom, high performance MTA
– First with Reputation Filtering
– First with Virus Outbreak Filters
• Global Leadership– Operations in 35 countries, 600+ partners
– IronPort infrastructure currently operating in 75+ countries
![Page 5: IronPort Email Security Products - Arrow ECSFILE/IronPort.pdf · IronPort Email Security Products PROTECTING OVER 350 MILLION EMAIL BOXES WORLDWIDE Mirko Schneider, IronPort Systems](https://reader030.fdocuments.net/reader030/viewer/2022021718/5b6337c97f8b9af84b8ba3b4/html5/thumbnails/5.jpg)
![Page 6: IronPort Email Security Products - Arrow ECSFILE/IronPort.pdf · IronPort Email Security Products PROTECTING OVER 350 MILLION EMAIL BOXES WORLDWIDE Mirko Schneider, IronPort Systems](https://reader030.fdocuments.net/reader030/viewer/2022021718/5b6337c97f8b9af84b8ba3b4/html5/thumbnails/6.jpg)
Success in Czech Republic
Czech News Agency (ČTK)
- customer since December 2006
- a case study available soon!
Air Navigation Services (RLP)- customer since March 2007
E.ON Czech Republic- customer since December 2006
UPC Czech Republic- customer since December 2006
EZPADA Czech Republic- customer since December 2006
![Page 7: IronPort Email Security Products - Arrow ECSFILE/IronPort.pdf · IronPort Email Security Products PROTECTING OVER 350 MILLION EMAIL BOXES WORLDWIDE Mirko Schneider, IronPort Systems](https://reader030.fdocuments.net/reader030/viewer/2022021718/5b6337c97f8b9af84b8ba3b4/html5/thumbnails/7.jpg)
IronPort: Technology Leadership
Magic Quadrant
for E-Mail Security
Boundary 2006Source: Gartner RAS Core Research
You need that competitive analysis?
Mail me at [email protected]!
![Page 8: IronPort Email Security Products - Arrow ECSFILE/IronPort.pdf · IronPort Email Security Products PROTECTING OVER 350 MILLION EMAIL BOXES WORLDWIDE Mirko Schneider, IronPort Systems](https://reader030.fdocuments.net/reader030/viewer/2022021718/5b6337c97f8b9af84b8ba3b4/html5/thumbnails/8.jpg)
IronPort gets stronger!
After PostX acquisition announcement Nov 06:
• “Regard this acquisition as a positive enhancement that improves IronPort's competitive position...”
• “However, consider switching to IronPort at the next
technology "refresh" to reduce administration
overhead and costs...”
After CISCO acquisition announcement Jan 07:
• “Place Cisco/IronPort at the top of your shortlists...”
![Page 9: IronPort Email Security Products - Arrow ECSFILE/IronPort.pdf · IronPort Email Security Products PROTECTING OVER 350 MILLION EMAIL BOXES WORLDWIDE Mirko Schneider, IronPort Systems](https://reader030.fdocuments.net/reader030/viewer/2022021718/5b6337c97f8b9af84b8ba3b4/html5/thumbnails/9.jpg)
IronPort Gateway Security Products
Internet
EMAILSecurity
Appliance
WEBSecurity
Appliance
Security MANAGEMENT
Appliance
IronPortSenderBase
![Page 10: IronPort Email Security Products - Arrow ECSFILE/IronPort.pdf · IronPort Email Security Products PROTECTING OVER 350 MILLION EMAIL BOXES WORLDWIDE Mirko Schneider, IronPort Systems](https://reader030.fdocuments.net/reader030/viewer/2022021718/5b6337c97f8b9af84b8ba3b4/html5/thumbnails/10.jpg)
IronPort Email Security Appliances
• High Performance Email Security
Appliances Stopping Spam, Viruses, and
Enforcing Compliance
IronPort C350/C650IronPort C100
IronPort X1050
![Page 11: IronPort Email Security Products - Arrow ECSFILE/IronPort.pdf · IronPort Email Security Products PROTECTING OVER 350 MILLION EMAIL BOXES WORLDWIDE Mirko Schneider, IronPort Systems](https://reader030.fdocuments.net/reader030/viewer/2022021718/5b6337c97f8b9af84b8ba3b4/html5/thumbnails/11.jpg)
Product Consolidation at
the Network PerimeterFor Security, Reliability and Lower Maintenance
Anti-Spam
Anti-Virus
Policy Enforcement
Mail Routing
Before IronPort
IronPort Email Security Appliance
Internet
Firewall
MTAs
Groupware
Users
After IronPort
Internet
Users
Groupware
Firewall
![Page 12: IronPort Email Security Products - Arrow ECSFILE/IronPort.pdf · IronPort Email Security Products PROTECTING OVER 350 MILLION EMAIL BOXES WORLDWIDE Mirko Schneider, IronPort Systems](https://reader030.fdocuments.net/reader030/viewer/2022021718/5b6337c97f8b9af84b8ba3b4/html5/thumbnails/12.jpg)
IronPort Architecture for Multi-Layered Email Security
MANAGEMENT TOOLS
THE IRONPORT ASYNCOS™ EMAIL PLATFORM
SPAMDEFENSE
POLICY ENFORCEMENT
VIRUSDEFENSE
EMAIL AUTHENTICATION
![Page 13: IronPort Email Security Products - Arrow ECSFILE/IronPort.pdf · IronPort Email Security Products PROTECTING OVER 350 MILLION EMAIL BOXES WORLDWIDE Mirko Schneider, IronPort Systems](https://reader030.fdocuments.net/reader030/viewer/2022021718/5b6337c97f8b9af84b8ba3b4/html5/thumbnails/13.jpg)
IronPort AsyncOS™
Unmatched Scalability and Security
• AsyncOS scalable and secure OS optimized for messaging
• Advanced Email Controls protect reputation and downstream systems
• Standards-based Integration replaces legacy systems with ease
MANAGEMENT TOOLS
THE IRONPORT ASYNCOS™ EMAIL PLATFORM
SPAMDEFENSE
POLICY ENFORCEMENT
VIRUSDEFENSE
EMAIL AUTHENTICATION
![Page 14: IronPort Email Security Products - Arrow ECSFILE/IronPort.pdf · IronPort Email Security Products PROTECTING OVER 350 MILLION EMAIL BOXES WORLDWIDE Mirko Schneider, IronPort Systems](https://reader030.fdocuments.net/reader030/viewer/2022021718/5b6337c97f8b9af84b8ba3b4/html5/thumbnails/14.jpg)
IronPort AsyncOS™
Revolutionary Email Platform
Traditional Email GatewaysAnd Other Appliances IronPort Email Security Appliance
200Incoming/Outgoing
Connections
Low Performance/DoS Potential
Single QueueFor all Destinations
Queue BackupDelays All Mail
Per-DestinationQueues
Fault-Toleranceand
Custom Control
10,000Incoming/Outgoing
Connections
High Performance/Sure Delivery
![Page 15: IronPort Email Security Products - Arrow ECSFILE/IronPort.pdf · IronPort Email Security Products PROTECTING OVER 350 MILLION EMAIL BOXES WORLDWIDE Mirko Schneider, IronPort Systems](https://reader030.fdocuments.net/reader030/viewer/2022021718/5b6337c97f8b9af84b8ba3b4/html5/thumbnails/15.jpg)
Advanced Email ControlsOnly Available from IronPort
• Safeguard Your Reputation
• Send Different Types of Mail Via Separate IPs
• IronPort Patent Pending Technology
• Protect Your Groupware Servers
• Rate Limit Mail Sent Per Destination
• Enforce TLS Encryption Per-Destination
Internet
?
163.24.127.3
163.24.127.3
163.24.127.4
163.24.127.5
InternetNew Company
Bounces
Virtual Gateway™ TechnologyDestination Controls
![Page 16: IronPort Email Security Products - Arrow ECSFILE/IronPort.pdf · IronPort Email Security Products PROTECTING OVER 350 MILLION EMAIL BOXES WORLDWIDE Mirko Schneider, IronPort Systems](https://reader030.fdocuments.net/reader030/viewer/2022021718/5b6337c97f8b9af84b8ba3b4/html5/thumbnails/16.jpg)
Multi-layer Spam DefenseBest of Breed
• IronPort Reputation Filters – the outer layer defense
• IronPort Anti-Spam - stops the broadest array of threats – spam, phishing, fraud
MANAGEMENT TOOLS
THE IRONPORT ASYNCOS™ EMAIL PLATFORM
SPAMDEFENSE
POLICY ENFORCEMENT
VIRUSDEFENSE
EMAIL AUTHENTICATION
![Page 17: IronPort Email Security Products - Arrow ECSFILE/IronPort.pdf · IronPort Email Security Products PROTECTING OVER 350 MILLION EMAIL BOXES WORLDWIDE Mirko Schneider, IronPort Systems](https://reader030.fdocuments.net/reader030/viewer/2022021718/5b6337c97f8b9af84b8ba3b4/html5/thumbnails/17.jpg)
Spam volumes grow
0
10
20
30
40
50
60
70
Okt
05
Nov
05
Dez
05
Jan
06
Feb
06
Mrz
06
Apr
06
Mai
06
Jun
06
Jul
06
Aug
06
Sep
06
Okt
06
Average Daily Spam Volume (billions msgs)
+110%
![Page 18: IronPort Email Security Products - Arrow ECSFILE/IronPort.pdf · IronPort Email Security Products PROTECTING OVER 350 MILLION EMAIL BOXES WORLDWIDE Mirko Schneider, IronPort Systems](https://reader030.fdocuments.net/reader030/viewer/2022021718/5b6337c97f8b9af84b8ba3b4/html5/thumbnails/18.jpg)
0
5
10
15
20
25
30
Okt
05
Nov
05
Dez
05
Jan
06
Feb
06
Mrz
06
Apr
06
Mai
06
Jun
06
Jul
06
Aug
06
Sep
06
Okt
06
Image Spam Explodes%
+421%
% Spam with an Embedded Image
![Page 19: IronPort Email Security Products - Arrow ECSFILE/IronPort.pdf · IronPort Email Security Products PROTECTING OVER 350 MILLION EMAIL BOXES WORLDWIDE Mirko Schneider, IronPort Systems](https://reader030.fdocuments.net/reader030/viewer/2022021718/5b6337c97f8b9af84b8ba3b4/html5/thumbnails/19.jpg)
Spam Gets Sneakier – Image Spam!
1. “Polka dots” 2. “Slice & Dice”
![Page 20: IronPort Email Security Products - Arrow ECSFILE/IronPort.pdf · IronPort Email Security Products PROTECTING OVER 350 MILLION EMAIL BOXES WORLDWIDE Mirko Schneider, IronPort Systems](https://reader030.fdocuments.net/reader030/viewer/2022021718/5b6337c97f8b9af84b8ba3b4/html5/thumbnails/20.jpg)
“ASCII Art” Based Spam
• uses a series of numbers to spell out a stock symbol
• numbers randomized in different order for each email to evade signatures
• similar to image spam in that there are no actual words in the email for anti-spam engines to key on
New Spam AttacksSpam Techniques Even More Difficult to Combat
Image Spam 2.0
• Attempts to mask itself as a legitimate picture by adding “greeting card” like border”
• Inserts shapes such as rectangles and pies to spoof powerpoint / excel charts
• Wavy text more difficult for OCR technologies to decipher
![Page 21: IronPort Email Security Products - Arrow ECSFILE/IronPort.pdf · IronPort Email Security Products PROTECTING OVER 350 MILLION EMAIL BOXES WORLDWIDE Mirko Schneider, IronPort Systems](https://reader030.fdocuments.net/reader030/viewer/2022021718/5b6337c97f8b9af84b8ba3b4/html5/thumbnails/21.jpg)
![Page 22: IronPort Email Security Products - Arrow ECSFILE/IronPort.pdf · IronPort Email Security Products PROTECTING OVER 350 MILLION EMAIL BOXES WORLDWIDE Mirko Schneider, IronPort Systems](https://reader030.fdocuments.net/reader030/viewer/2022021718/5b6337c97f8b9af84b8ba3b4/html5/thumbnails/22.jpg)
Multi-Layered SecurityPreventive + Reactive = Defense in Depth
Reactive
Layer+
Immediate Reaction to Threats
Extremely High Performance
Coarse Outer Layer
Blocks or Rate Limits
Adapts Over Time
Computationally Intensive
Fine-grained Inner Layer
Delete or Quarantine
Preventive
Layer
blocks~ 80%
of spam
![Page 23: IronPort Email Security Products - Arrow ECSFILE/IronPort.pdf · IronPort Email Security Products PROTECTING OVER 350 MILLION EMAIL BOXES WORLDWIDE Mirko Schneider, IronPort Systems](https://reader030.fdocuments.net/reader030/viewer/2022021718/5b6337c97f8b9af84b8ba3b4/html5/thumbnails/23.jpg)
IronPort SenderBase® NetworkGlobal Reach Yields Benchmark Accuracy
• 5B+ queries daily
• 150+ Email and Web parameters
• 25% of the World’s Email Traffic
The Dominant Force in Global Email and Web Traffic Monitoring…
80%50%
40%
IronPortCipherTrust
BorderWare
Spam Caught by Reputation
Source: www.ciphertrust.com and www.borderware.com, August 6, 2006
…Results in Accuracy and Advanced Protection
120,0004,000
8,000
IronPortCipherTrust
BorderWare
Network Reach (Contributing Networks)
13 hours*McAfee, Trend, Symantec, Sophos, CA, F-Secure
IronPortVirus Protection Lead
* 6/2005 – 6/2006. 175 outbreaks identified. Calculated as publicly published signatures from the listed
vendors.
![Page 24: IronPort Email Security Products - Arrow ECSFILE/IronPort.pdf · IronPort Email Security Products PROTECTING OVER 350 MILLION EMAIL BOXES WORLDWIDE Mirko Schneider, IronPort Systems](https://reader030.fdocuments.net/reader030/viewer/2022021718/5b6337c97f8b9af84b8ba3b4/html5/thumbnails/24.jpg)
IronPort SenderBase®
Data Makes the Difference
• Complaint Reports
• Spam Traps
• MessageComposition Data
• Global Volume Data
• URL Lists
• Compromised Host Lists
• Web Crawlers
• IP Blacklists & Whitelists
• Additional Data
150 Parameters
SenderBaseData
Data Analysis/Security Modeling
SenderBaseReputation Scores
-10 to +10
Threat Prevention in Realtime
A Broad Data Set Drives Accuracy
![Page 25: IronPort Email Security Products - Arrow ECSFILE/IronPort.pdf · IronPort Email Security Products PROTECTING OVER 350 MILLION EMAIL BOXES WORLDWIDE Mirko Schneider, IronPort Systems](https://reader030.fdocuments.net/reader030/viewer/2022021718/5b6337c97f8b9af84b8ba3b4/html5/thumbnails/25.jpg)
IronPort Reputation Filters Stop 80% of Hostile Mail at the Door….
• Known good is delivered
• Suspicious is rate limited & spam filtered
• Known bad is deleted/tagged
• Reputation Filters is a switch point
• IronPort uses identity & reputation to apply policy
• Sophisticated response to sophisticated threats
Anti-Spam
Engine(reactive)
Incoming Mail
Good, Bad, and “Grey”or Unknown Email
ReputationFiltering
(preventive)
![Page 26: IronPort Email Security Products - Arrow ECSFILE/IronPort.pdf · IronPort Email Security Products PROTECTING OVER 350 MILLION EMAIL BOXES WORLDWIDE Mirko Schneider, IronPort Systems](https://reader030.fdocuments.net/reader030/viewer/2022021718/5b6337c97f8b9af84b8ba3b4/html5/thumbnails/26.jpg)
Reputation-Based Filtering:A Powerful Technique
• Beyond blacklisting—a granular view of behavior
• Scores calculated in real-time
• Pre-configured policies applied dynamically
![Page 27: IronPort Email Security Products - Arrow ECSFILE/IronPort.pdf · IronPort Email Security Products PROTECTING OVER 350 MILLION EMAIL BOXES WORLDWIDE Mirko Schneider, IronPort Systems](https://reader030.fdocuments.net/reader030/viewer/2022021718/5b6337c97f8b9af84b8ba3b4/html5/thumbnails/27.jpg)
IronPort Reputation FiltersDell Case Study
• Dell’s challenge:– Dell currently receives 26M messages per day
– Only 1.5M are legitimate messages
– 68 existing gateways running Spam Assassin
were not accurate
• IronPort solution:– Reputation Filters block over 19M messages per day
– 5.5M messages per day scanned by
anti-spam engine
– Replaced 68 servers with 8 IronPort C60s
• Accuracy of spam filtering increased 10x
• Servers consolidated by 70%
• Operating costs reduced by 75%
“IronPort hasincreased the
quality andreliability ofour networkoperations,
whilereducing our
costs.”
-- Tim HelmsetetterManager, Global
Collaborative Systems
Engineering and
Service Management,
DELL CORPORATION
![Page 28: IronPort Email Security Products - Arrow ECSFILE/IronPort.pdf · IronPort Email Security Products PROTECTING OVER 350 MILLION EMAIL BOXES WORLDWIDE Mirko Schneider, IronPort Systems](https://reader030.fdocuments.net/reader030/viewer/2022021718/5b6337c97f8b9af84b8ba3b4/html5/thumbnails/28.jpg)
Multi-Layered SecurityPreventive + Reactive = Defense in Depth
+
Immediate Reaction to Threats
Extremely High Performance
Coarse Outer Layer
Blocks or Rate Limits
Adapts Over Time
Computationally Intensive
Fine-grained Inner Layer
Delete or Quarantine
Preventive
LayerReactive
Layer
![Page 29: IronPort Email Security Products - Arrow ECSFILE/IronPort.pdf · IronPort Email Security Products PROTECTING OVER 350 MILLION EMAIL BOXES WORLDWIDE Mirko Schneider, IronPort Systems](https://reader030.fdocuments.net/reader030/viewer/2022021718/5b6337c97f8b9af84b8ba3b4/html5/thumbnails/29.jpg)
IronPort AntiSpam Broadens the Context with Web Reputation
• Content filtering techniques alone are inadequate
• Email reputation systems improved protection
• Combating new attacks demands Web reputation
Time
TODAY
EffectivenessWhere? Web Reputation
Where does the call to action take you?
Who? Email Reputation
Who is sending you this message?
How? Message Structure
How was this message constructed?
What? Message Content
What content is included in this message?
![Page 30: IronPort Email Security Products - Arrow ECSFILE/IronPort.pdf · IronPort Email Security Products PROTECTING OVER 350 MILLION EMAIL BOXES WORLDWIDE Mirko Schneider, IronPort Systems](https://reader030.fdocuments.net/reader030/viewer/2022021718/5b6337c97f8b9af84b8ba3b4/html5/thumbnails/30.jpg)
URL
No attachment - Payload delivered via web
![Page 31: IronPort Email Security Products - Arrow ECSFILE/IronPort.pdf · IronPort Email Security Products PROTECTING OVER 350 MILLION EMAIL BOXES WORLDWIDE Mirko Schneider, IronPort Systems](https://reader030.fdocuments.net/reader030/viewer/2022021718/5b6337c97f8b9af84b8ba3b4/html5/thumbnails/31.jpg)
IronPort SenderBase® NetworkGlobal Reach Yields Benchmark Accuracy
• 5B+ queries daily
• 150+ Email and Web parameters
• 25% of the World’s Email Traffic
The Dominant Force in Global Email and Web Traffic Monitoring…
80%50%
40%
IronPortCipherTrust
BorderWare
Spam Caught by Reputation
Source: www.ciphertrust.com and www.borderware.com, August 6, 2006
…Results in Accuracy and Advanced Protection
120,0004,000
8,000
IronPortCipherTrust
BorderWare
Network Reach (Contributing Networks)
13 hours*McAfee, Trend, Symantec, Sophos, CA, F-Secure
IronPortVirus Protection Lead
* 6/2005 – 6/2006. 175 outbreaks identified. Calculated as publicly published signatures from the listed
vendors.
![Page 32: IronPort Email Security Products - Arrow ECSFILE/IronPort.pdf · IronPort Email Security Products PROTECTING OVER 350 MILLION EMAIL BOXES WORLDWIDE Mirko Schneider, IronPort Systems](https://reader030.fdocuments.net/reader030/viewer/2022021718/5b6337c97f8b9af84b8ba3b4/html5/thumbnails/32.jpg)
Web Reputation Data Makes the Difference
• URL Blacklists
• URL Whitelists
• URL Categorization Data
• HTML Content Data
• URL Behavior
• Global Volume Data
• Domain Registrar Information
• Dynamic IP Addresses
• Compromised Host Lists
• Web Crawler Data
• Network Owners
• Known Threats URLs
• Offline data (F500, G2000…)
• Web Site History
SenderBaseData
Data Analysis/Security Modeling
Web ReputationScores (WBRS)
-10 to +10
Parameters
THREAT PREVENTION IN REALTIME
![Page 33: IronPort Email Security Products - Arrow ECSFILE/IronPort.pdf · IronPort Email Security Products PROTECTING OVER 350 MILLION EMAIL BOXES WORLDWIDE Mirko Schneider, IronPort Systems](https://reader030.fdocuments.net/reader030/viewer/2022021718/5b6337c97f8b9af84b8ba3b4/html5/thumbnails/33.jpg)
IronPort Anti-Spam Customer LeadershipTrusted Throughout the World
Installed in over 20% of Fortune 100 Companies
Deployed at over 2,000 customers in over 40 countries
![Page 34: IronPort Email Security Products - Arrow ECSFILE/IronPort.pdf · IronPort Email Security Products PROTECTING OVER 350 MILLION EMAIL BOXES WORLDWIDE Mirko Schneider, IronPort Systems](https://reader030.fdocuments.net/reader030/viewer/2022021718/5b6337c97f8b9af84b8ba3b4/html5/thumbnails/34.jpg)
IronPort Anti-SpamPress Reviews
2007 Technology of the Year: Best Anti-Spam
Jan 2007
Competitors tested: Symantec, Microsoft, Mirapoint, ProofPoint
“easy setup”
“excellent spam filtering”
“no tuning necessary”
“the fewest false positives of
any solution tested”
Anti-Spam Bake-Off WinnerDec 2006
Competitors tested: CipherTrust, Borderware, Sophos,
SonicWall
“The superiority of IronPort . . .
seems abundantly clear”
“We did not have to rescue a
single legitimate message”
“(IronPort) is the absolute must
from this test”
![Page 35: IronPort Email Security Products - Arrow ECSFILE/IronPort.pdf · IronPort Email Security Products PROTECTING OVER 350 MILLION EMAIL BOXES WORLDWIDE Mirko Schneider, IronPort Systems](https://reader030.fdocuments.net/reader030/viewer/2022021718/5b6337c97f8b9af84b8ba3b4/html5/thumbnails/35.jpg)
Multi-layer Virus DefenseBest of Breed
• IronPort Virus Outbreak Filters stop outbreaks 13 hours ahead of signatures
• Sophos Anti-Virus signature based solution with industry leading accuracy
MANAGEMENT TOOLS
THE IRONPORT ASYNCOS™ EMAIL PLATFORM
SPAMDEFENSE
POLICY ENFORCEMENT
VIRUSDEFENSE
EMAIL AUTHENTICATION
![Page 36: IronPort Email Security Products - Arrow ECSFILE/IronPort.pdf · IronPort Email Security Products PROTECTING OVER 350 MILLION EMAIL BOXES WORLDWIDE Mirko Schneider, IronPort Systems](https://reader030.fdocuments.net/reader030/viewer/2022021718/5b6337c97f8b9af84b8ba3b4/html5/thumbnails/36.jpg)
IronPort Virus Outbreak Filters™
First Line of Defense
Early Protection
with
IronPort Virus
Outbreak Filters
![Page 37: IronPort Email Security Products - Arrow ECSFILE/IronPort.pdf · IronPort Email Security Products PROTECTING OVER 350 MILLION EMAIL BOXES WORLDWIDE Mirko Schneider, IronPort Systems](https://reader030.fdocuments.net/reader030/viewer/2022021718/5b6337c97f8b9af84b8ba3b4/html5/thumbnails/37.jpg)
Traditional AV Solutions Aren’t Responding Quickly Enough . . .
4:0
0
9:0
0
14
:00
19
:00
0:0
0
5:0
0
10
:00
15
:00
Tim e (GMT)
Vir
us
Vo
lum
e
First AV Signature
Available
Mytob-HJ: 4-19-06
9:3
0
10
:20
11
:10
12
:00
12
:50
13
:40
14
:30
15
:20
Tim e (GMT)
Vir
us
Vo
lum
e
First AV Signature
Available
Kukudro-A: 6-27-06
0
20
40
60
80
100
120
20
:00
23
:45
3:3
0
7:1
5
11
:00
14
:45
18
:30
22
:15
Tim e (GMT)
Vir
us
Vo
lum
e
First AV Signature
Available
Bagle-GT: 4-21-06
Calculated as publicly published signatures from the following vendors: Sophos, Trend Micro, Computer Associates, F-Secure, Symantec and McAfee. If signature time is not available, first publicly published alert time is used.
19
:00
22
:45
2:3
0
6:1
5
10
:00
13
:45
17
:30
21
:15
Tim e (GMT)
Vir
us
Vo
lum
e
First AV Signature
Available
FeebsDI-Q: 6-07-06
![Page 38: IronPort Email Security Products - Arrow ECSFILE/IronPort.pdf · IronPort Email Security Products PROTECTING OVER 350 MILLION EMAIL BOXES WORLDWIDE Mirko Schneider, IronPort Systems](https://reader030.fdocuments.net/reader030/viewer/2022021718/5b6337c97f8b9af84b8ba3b4/html5/thumbnails/38.jpg)
IronPort SenderBase® NetworkFirst, Biggest, Best Reputation System
Over 100,000 contributing networksOver 20M IP addresses tracked globally
View into over 25% of email trafficOver 150 parameters tracked
Global Email and Web Traffic Monitoring
What is going onRIGHT NOW?
![Page 39: IronPort Email Security Products - Arrow ECSFILE/IronPort.pdf · IronPort Email Security Products PROTECTING OVER 350 MILLION EMAIL BOXES WORLDWIDE Mirko Schneider, IronPort Systems](https://reader030.fdocuments.net/reader030/viewer/2022021718/5b6337c97f8b9af84b8ba3b4/html5/thumbnails/39.jpg)
Introducing Virus Outbreak Filters4
:00
9:0
0
14
:00
19
:00
0:0
0
5:0
0
10
:00
15
:00
Tim e (GMT)
Vir
us
Vo
lum
e
First AV Signature
Available
Mytob-HJ: 32 hrs 57 mins Lead Time!
VOF Protection
Starts
9:3
0
10
:20
11
:10
12
:00
12
:50
13
:40
14
:30
15
:20
Tim e (GMT)
Vir
us
Vo
lum
e
First AV Signature
Available
VOF Protection
Starts
Kukudro-A: 3 hrs 38 mins Lead Time!
19
:00
22
:45
2:3
0
6:1
5
10
:00
13
:45
17
:30
21
:15
Tim e (GMT)
Vir
us
Vo
lum
e
First AV Signature
Available
FeebsDI-Q: 21 hrs 59 mins Lead Time!
VOF Protection
Starts
20
:00
23
:45
3:3
0
7:1
5
11
:00
14
:45
18
:30
22
:15
Tim e (GMT)
Vir
us
Vo
lum
e
First AV Signature
Available
Bagle-GT: 18 hrs 28 mins Lead Time!
VOF Protection
Starts
Calculated as publicly published signatures from the following vendors: Sophos, Trend Micro, Computer Associates, F-Secure, Symantec and McAfee. If signature time is not available, first publicly published alert time is used.
![Page 40: IronPort Email Security Products - Arrow ECSFILE/IronPort.pdf · IronPort Email Security Products PROTECTING OVER 350 MILLION EMAIL BOXES WORLDWIDE Mirko Schneider, IronPort Systems](https://reader030.fdocuments.net/reader030/viewer/2022021718/5b6337c97f8b9af84b8ba3b4/html5/thumbnails/40.jpg)
How IronPort Virus Outbreak Filters WorkDynamic Quarantine In Action
T = 0–zip (exe) files
T = 5 mins-zip (exe) files
-Size 50 to 55 KB.
T = 10 mins–zip (exe) files
–Size 50 to 55KB
–“Price” in the name file
T = 8 hours–Release messages
if signature update is in place
Messages
Scanned &
Deleted
preventive protection reactive protection
![Page 41: IronPort Email Security Products - Arrow ECSFILE/IronPort.pdf · IronPort Email Security Products PROTECTING OVER 350 MILLION EMAIL BOXES WORLDWIDE Mirko Schneider, IronPort Systems](https://reader030.fdocuments.net/reader030/viewer/2022021718/5b6337c97f8b9af84b8ba3b4/html5/thumbnails/41.jpg)
IronPort Virus OutbreakFilters Advantage
Average lead time*…………………………over 13 hours
Outbreaks blocked * ………………………175 outbreaks
Total incremental protection*…………….over 94 days
* June 2005 –July 2006.
Virus Name Date Virus Description Lead Time (hh:mm)
Kukudro-A 6/27/06 Virus that spreads via zipped word document. 3:38
Feebs.AG 6/21/06 Arrives as an email attachment claiming to be sent via "Protected E-Mail service“.
17:46
Troj/Stinx-W 6/15/06 IRC backdoor Trojan. 11:12
Yabe.G 5/16/06 Trojan that attempts to download further malicious code. 13:09
Bagle-GT 4/21/06 Installs backdoor and communicates via HTTP, thus bypassing firewall filters.
18:28
Mytob-HJ 4/19/06 Turns off anti-virus applications of infected PC to avoid detection.
32:57
Nyxem-D (Kama Sutra) 1/16/06 Deletes most documents on third day of every month. 1:27
Looksky.G 1/6/06 Installs keystroke loggers onto infected PCs. 35:40
*June 2005 – July 2006. Calculated as publicly published signatures from the following vendors: Sophos, Trend Micro, Computer Associates, F-Secure, Symantec and McAfee. If signature time is not available, first publicly published alert time is used.
![Page 42: IronPort Email Security Products - Arrow ECSFILE/IronPort.pdf · IronPort Email Security Products PROTECTING OVER 350 MILLION EMAIL BOXES WORLDWIDE Mirko Schneider, IronPort Systems](https://reader030.fdocuments.net/reader030/viewer/2022021718/5b6337c97f8b9af84b8ba3b4/html5/thumbnails/42.jpg)
MyDoom Variant—MyDoom.BB (February 15, 2005)
G2000 Company Protected By IronPort’s Virus Outbreak Filters 1
:00
2:0
0
3:0
0
4:0
0
5:0
0
6:0
0
7:0
0
8:0
0
9:0
0
10
:00
11
:00
12
:00
13
:00
14
:00
17
:00
18
:00
19
:00
20
:00
21
:00
22
:00
23
:00
24
:00
20
:00
21
:00
First Anti-virus Signature Published
22:54 GMT (Next Day)
22
:00
23
:00
IronPort Threat Level Raised to 3 And Protection Starts
18:08 GMT
28 hours 46 minutes
Note: All times shown are in GMT
6503 files quarantined
24
:00
February 15, 2005 February 16, 2005
IronPort Outbreak Filters ProtectG2000 Company From MyDoom.BB
$65K saved @ $200/desktop, 5% infected
![Page 43: IronPort Email Security Products - Arrow ECSFILE/IronPort.pdf · IronPort Email Security Products PROTECTING OVER 350 MILLION EMAIL BOXES WORLDWIDE Mirko Schneider, IronPort Systems](https://reader030.fdocuments.net/reader030/viewer/2022021718/5b6337c97f8b9af84b8ba3b4/html5/thumbnails/43.jpg)
IronPort Policy EnforcementInbound/Outbound Content Filtering for Compliance
• Flexible Policy Engine from Blocking Attachments to Enforcing Regulatory Compliance
• Compliance Solutions and Encryption keep communications private and secure
MANAGEMENT TOOLS
THE IRONPORT ASYNCOS™ EMAIL PLATFORM
SPAMDEFENSE
POLICY ENFORCEMENT
VIRUSDEFENSE
EMAIL AUTHENTICATION
![Page 44: IronPort Email Security Products - Arrow ECSFILE/IronPort.pdf · IronPort Email Security Products PROTECTING OVER 350 MILLION EMAIL BOXES WORLDWIDE Mirko Schneider, IronPort Systems](https://reader030.fdocuments.net/reader030/viewer/2022021718/5b6337c97f8b9af84b8ba3b4/html5/thumbnails/44.jpg)
Flexible Policy EngineFrom Blocking Attachments to Enforcing Compliance
• Graphical Representation of
Per-Recipient Policies
• LDAP Integration Reduces
Need for Repetitive
Modifications
• Customizable Notification
Templates
• Robust Conditions and Actions
![Page 45: IronPort Email Security Products - Arrow ECSFILE/IronPort.pdf · IronPort Email Security Products PROTECTING OVER 350 MILLION EMAIL BOXES WORLDWIDE Mirko Schneider, IronPort Systems](https://reader030.fdocuments.net/reader030/viewer/2022021718/5b6337c97f8b9af84b8ba3b4/html5/thumbnails/45.jpg)
Email Compliance Solutions Next Generation Compliance Filters
• Pre-Packaged Policies and Lexicons for Common Regulations
• Multi-Category Pattern Matching Significantly Reduces False Positives
• High Performance TLS Encryption Configured Keeps Business Communications Private PRE-PACKAGED LEXICONS
![Page 46: IronPort Email Security Products - Arrow ECSFILE/IronPort.pdf · IronPort Email Security Products PROTECTING OVER 350 MILLION EMAIL BOXES WORLDWIDE Mirko Schneider, IronPort Systems](https://reader030.fdocuments.net/reader030/viewer/2022021718/5b6337c97f8b9af84b8ba3b4/html5/thumbnails/46.jpg)
Hot news: Teaming Up To Fix Email
![Page 47: IronPort Email Security Products - Arrow ECSFILE/IronPort.pdf · IronPort Email Security Products PROTECTING OVER 350 MILLION EMAIL BOXES WORLDWIDE Mirko Schneider, IronPort Systems](https://reader030.fdocuments.net/reader030/viewer/2022021718/5b6337c97f8b9af84b8ba3b4/html5/thumbnails/47.jpg)
IronPort Acquires PostXGlobal Reach And Innovative Technology
• 8/10 of the world’s largest ISPs
• 42/100 of the world’s largest corporations
• 25% of the World’s Email Traffic
• 450 employees
The Dominant Force in Global Email and Web Security…
…Combined with the leader in Email Encryption
• #1 World’s Largest Bank
• #1 F500 Largest Insurance Company
• #1 World’s Largest Credit Card Company
• 60 employees
![Page 48: IronPort Email Security Products - Arrow ECSFILE/IronPort.pdf · IronPort Email Security Products PROTECTING OVER 350 MILLION EMAIL BOXES WORLDWIDE Mirko Schneider, IronPort Systems](https://reader030.fdocuments.net/reader030/viewer/2022021718/5b6337c97f8b9af84b8ba3b4/html5/thumbnails/48.jpg)
Encryption References
![Page 49: IronPort Email Security Products - Arrow ECSFILE/IronPort.pdf · IronPort Email Security Products PROTECTING OVER 350 MILLION EMAIL BOXES WORLDWIDE Mirko Schneider, IronPort Systems](https://reader030.fdocuments.net/reader030/viewer/2022021718/5b6337c97f8b9af84b8ba3b4/html5/thumbnails/49.jpg)
Email AuthenticationSuperior Security and Identity Protection
• DomainKey Signing - establishes and protects your identity on the Internet
• IronPort Bounce Verification – protects from misdirected bounce attacks
• Directory Harvest Attack Prevention –blocks attempts to steal email directory information
MANAGEMENT TOOLS
THE IRONPORT ASYNCOS™ EMAIL PLATFORM
SPAMDEFENSE
POLICY ENFORCEMENT
VIRUSDEFENSE
EMAIL AUTHENTICATION
![Page 50: IronPort Email Security Products - Arrow ECSFILE/IronPort.pdf · IronPort Email Security Products PROTECTING OVER 350 MILLION EMAIL BOXES WORLDWIDE Mirko Schneider, IronPort Systems](https://reader030.fdocuments.net/reader030/viewer/2022021718/5b6337c97f8b9af84b8ba3b4/html5/thumbnails/50.jpg)
The Misdirected Bounce ThreatMakes Up 9% of all Internet Email*
*Source: IronPort Threat Operations Center,
INTERNET EMAIL TRAFFIC EMERGENCY: SPAM “BOUNCE” MESSAGES ARE COMPROMISING NETWORKS, April 2006.
Misdirected Bounces Not
Discernible From
Legitimate Bounces
Misdirected Bounces Not
Discernible From
Legitimate Bounces
End User Confusion:
“Why did I receive this
message?”
![Page 51: IronPort Email Security Products - Arrow ECSFILE/IronPort.pdf · IronPort Email Security Products PROTECTING OVER 350 MILLION EMAIL BOXES WORLDWIDE Mirko Schneider, IronPort Systems](https://reader030.fdocuments.net/reader030/viewer/2022021718/5b6337c97f8b9af84b8ba3b4/html5/thumbnails/51.jpg)
The Misdirected Bounce ThreatMakes Up 9% of all Internet Email*
*Source: IronPort Threat Operations Center,
INTERNET EMAIL TRAFFIC EMERGENCY: SPAM “BOUNCE” MESSAGES ARE COMPROMISING NETWORKS, April 2006.
“Zombies”
[email protected],[email protected]
Recipients:
Sender:
Incoming Gateway
yourcompany.comOutgoingGateway
RETURN TO
SENDER
Millions of Misdirected Bounces
More than 55% of F500s have experienced disruption of service ora total denial of service due to misdirected bounces
More than 55% of F500s have experienced disruption of service ora total denial of service due to misdirected bounces
![Page 52: IronPort Email Security Products - Arrow ECSFILE/IronPort.pdf · IronPort Email Security Products PROTECTING OVER 350 MILLION EMAIL BOXES WORLDWIDE Mirko Schneider, IronPort Systems](https://reader030.fdocuments.net/reader030/viewer/2022021718/5b6337c97f8b9af84b8ba3b4/html5/thumbnails/52.jpg)
IronPort Bounce Verification™
Protects Against Misdirected Bounce Attacks
• All Outgoing Mail Stamped Allowing Legitimate Bounces to
be Identified on Return
• Transparent to End Users, No Industry Adoption Required
• Eliminates Help Desk Calls and End User Confusion
• Another IronPort Technical “First"
BV
Internet
BV
+
![Page 53: IronPort Email Security Products - Arrow ECSFILE/IronPort.pdf · IronPort Email Security Products PROTECTING OVER 350 MILLION EMAIL BOXES WORLDWIDE Mirko Schneider, IronPort Systems](https://reader030.fdocuments.net/reader030/viewer/2022021718/5b6337c97f8b9af84b8ba3b4/html5/thumbnails/53.jpg)
Management for theLargest Enterprises
• Email Security Manager – unified policy management
• Email Security Monitor – enterprise-class reporting system
• Management Interfaces – simple integration and increased productivity
MANAGEMENT TOOLS
THE IRONPORT ASYNCOS™ EMAIL PLATFORM
SPAMDEFENSE
POLICY ENFORCEMENT
VIRUSDEFENSE
EMAIL AUTHENTICATION
![Page 54: IronPort Email Security Products - Arrow ECSFILE/IronPort.pdf · IronPort Email Security Products PROTECTING OVER 350 MILLION EMAIL BOXES WORLDWIDE Mirko Schneider, IronPort Systems](https://reader030.fdocuments.net/reader030/viewer/2022021718/5b6337c97f8b9af84b8ba3b4/html5/thumbnails/54.jpg)
IronPort Email Security Manager™
Single view of policies for the entire organization
• Mark and Deliver Spam
• Delete Executables
• Archive all mail
• Virus Outbreak Filters disabled for .doc files
• Allow all media files
• Quarantine executables
“Email Security Manager serves as a single,versatile dashboard to manage all theservices on the appliance.” -- PC Magazine 2/22/05
Categories: by Domain, Username, or LDAP
IT
SALES
LEGAL
![Page 55: IronPort Email Security Products - Arrow ECSFILE/IronPort.pdf · IronPort Email Security Products PROTECTING OVER 350 MILLION EMAIL BOXES WORLDWIDE Mirko Schneider, IronPort Systems](https://reader030.fdocuments.net/reader030/viewer/2022021718/5b6337c97f8b9af84b8ba3b4/html5/thumbnails/55.jpg)
IronPort Centralized Management
• Log in anywhere, control everywhere
• Interface assures configuration consistency
• Apply changes to a machine, group, or cluster
• Test on single system, “promote” to cluster
IRONPORT CLUSTER
Bratislava Group
SJ1 Machine SJ2 Machine
SJ3 Machine
Prague Group
D1 Machine D2 Machine
D3 Machine
Berlin Group
T1 Machine T2 Machine
T3 Machine
![Page 56: IronPort Email Security Products - Arrow ECSFILE/IronPort.pdf · IronPort Email Security Products PROTECTING OVER 350 MILLION EMAIL BOXES WORLDWIDE Mirko Schneider, IronPort Systems](https://reader030.fdocuments.net/reader030/viewer/2022021718/5b6337c97f8b9af84b8ba3b4/html5/thumbnails/56.jpg)
IronPort Email Security Monitor™
Advanced Reporting System
Email Security Monitor™
Search by Domain
CSV Export
Scheduled Delivery
Integrated Real-TimeGraphical Reports
![Page 57: IronPort Email Security Products - Arrow ECSFILE/IronPort.pdf · IronPort Email Security Products PROTECTING OVER 350 MILLION EMAIL BOXES WORLDWIDE Mirko Schneider, IronPort Systems](https://reader030.fdocuments.net/reader030/viewer/2022021718/5b6337c97f8b9af84b8ba3b4/html5/thumbnails/57.jpg)
System MonitoringEasy Integration with Existing Processes
Alert Center
• Alert Subscriptions per Admin
• Distinct Areas of Management
SNMP
• Exclusive IronPort MIB
• Integrates with any SNMP-compatible tools
Log Subscriptions
• 20+ Log Types Supported
• Transfer via FTP, SCP, Syslog
![Page 58: IronPort Email Security Products - Arrow ECSFILE/IronPort.pdf · IronPort Email Security Products PROTECTING OVER 350 MILLION EMAIL BOXES WORLDWIDE Mirko Schneider, IronPort Systems](https://reader030.fdocuments.net/reader030/viewer/2022021718/5b6337c97f8b9af84b8ba3b4/html5/thumbnails/58.jpg)
IronPort Evaluation Policy
• Free evaluation for 30 days– starts with activation of keys on unit
– can be extended on request
• any size and any way– you get the right unit for your individual needs
– different ways of testing (life/ stealth, parallel, offline)
– full support, full functionality
• About 85% of users who evaluate become happy
customers!
![Page 59: IronPort Email Security Products - Arrow ECSFILE/IronPort.pdf · IronPort Email Security Products PROTECTING OVER 350 MILLION EMAIL BOXES WORLDWIDE Mirko Schneider, IronPort Systems](https://reader030.fdocuments.net/reader030/viewer/2022021718/5b6337c97f8b9af84b8ba3b4/html5/thumbnails/59.jpg)
Get In Contact
Mirko Schneider IronPort Systems
Channel Manager Munich / Germany
Eastern Europe & Russia
Tel: +49 - 89 - 45 22 27 32
Fax: +49 - 89 - 45 22 27 10
Mobile: +49 - 172 - 83 96 04 7
Web: www.ironport.com
Email: [email protected]