IronPort: The Leader in Email SecurityIronPort: The Leader in Email Security
PROTECTING OVER 340 MILLION EMAIL BOXES WORLDWIDE
Fredrik MyrelidNordic & Baltic Technical Manager IronPort Systems, Inc.
IronPort Systems: The Leader in Email Security
• Industry-leading technology– AsyncOS, powers the world’s fastest
MTA
– SenderBase, the world’s first & largest HTTP & SMTP trafficmonitoring network
• Industry-leading customers– Over 50% of the world’s largest ISPs,
media & technology companies choose IronPort
IronPort C-SeriesEmail Security Appliance
Fixing Email: The Steps Required
IronPort is the First to Implement DomainKeys
Internet
ISPsprivate
publicDNS
1. 2. 3.IDENTITY POLICYREPUTATION
Challenges at the Email Gateway
The typical symptoms everyone headlines on….
• Email SecurityManaging volumes of SPAM and false positive issues
Viruses
Denial of Service attacks, Directory Harvesting, Fraud etc etc
• Policy & Legal Compliance
But what about the bigger picture?
• Availability of email services
• Performance & Latency issues
• Authentication
• Massive Admin & Operations overhead
• Huge Complexity
• Visibility, Reporting & Statistics
• Future-proofing the infrastructure, new services etc
Summarised as..• Lost Productivity (a management issue)
– At the desktop (users are asked to define spam)– IT Admin (to setup, fine tune and monitor spam)
• Consumption of valuable IT resource (an operational issue)– Network bandwidth (wasted on 70% spam)– CPU and memory at the gateway (could be used on genuine mail)– Disk storage (archive everything that arrives, inc. spam)– Increased real-estate (in order to scale with the right performance)
• Legal liability (a risk management issue)– Offensive content– Contravention of legislation (Data Protection, Basel II, SOX, HIPPA etc)– Spam zombies (brand risk, blacklisting)
IronPort Consolidates the Email Perimeter
Anti-Spam
Anti-Virus
Policy Management
Mail Routing
Before IronPort
IronPort Email Security Appliance
Internet
Firewall
MTAs
Groupware
Users
After IronPort
Internet
Users
Groupware
Firewall
IronPort Reduces Administration Advanced Technology Automates Manual Tasks
“These IronPorts run themselves”Joe Chodi, CTO of Major League Baseball
Centralized management: make
Changes only once
Lowest fales positive rateseliminates support calls
No manual white- orblack lists necessary
Automatic rate limitingprotects against Denial of Service
without your intervention
Stop viruses in average 15 hours
Before the anti virus signature is available
Anti-spam updates:up to 60,000 rules/day,
every 5-10 min
No fine tuning or
Training necessary
Centralized & scheduledreporting: You never
Need to sort throguh logs again
Test configuration changeswithouth making them active
IronPort Email Security Appliance
IronPort Architecture for Multi-Layered Email Security
MANAGEMENT TOOLS
ASYNCOS™ MTA PLATFORM
SPAMDEFENSE
CONTENTSCANNING
VIRUSDEFENSE
• IronPort Reputation Filters
• Brightmail• IronPort Anti-Spam
• IronPort Virus Outbreak Filters
• Sophos Anti-Virus
• IronPort Content Filters
• PostX and PGP
AsyncOS: Revolutionary MTA Platform
Traditional Email GatewaysAnd Other Appliances IronPort Email Security Appliance
200Incoming/Outgoing
Connections
Low Performanceand Potential DoS
Single QueueFor all Destinations
Queue BackupDelays All Mail
Per-DestinationQueues
Fault-Toleranceand
Custom Control
10,000Incoming/Outgoing
Connections
High Performance,Predictable
Delivery
Directory Harvest Attack Prevention
Protects Against:Theft of your user database by
spammers
Unique Advantage:Integrates with
SenderBase to track global attacks
Directory Harvest Attack Prevention
Protects Against:Theft of your user database by
spammers
Unique Advantage:Integrates with
SenderBase to track global attacks
Virtual GatewayTechnology
Protects Against:Inadvertent blockage of your
corporate mail
Unique Advantage:Provides up to 256 unique IP
addresses per appliance
Virtual GatewayTechnology
Protects Against:Inadvertent blockage of your
corporate mail
Unique Advantage:Provides up to 256 unique IP
addresses per appliance
Intelligent Bounce Handling
Protects Against:Blacklisting of your IPs from
intentional NDRs
Unique Advantage:Separate IP address for NDRs, In-
conversation recipient checking
Intelligent Bounce Handling
Protects Against:Blacklisting of your IPs from
intentional NDRs
Unique Advantage:Separate IP address for NDRs, In-
conversation recipient checking
AsyncOS™ Standards Based Integration
LDAP
DNS
AdvancedNetworking
EssentialMail
Operations
• Integrates with all standard LDAP servers including Active Directory™
• Carrier-class client and cache on-box
• High performance client resolves millions of record per hour• Configure separate DNS servers per domain
• 802.1Q VLAN Tagging for network security• NIC failover for redundancy• Loopback interfaces for load balancer integration
• Alias, masquerade, and routing tables• Powerful header operations• Store tables on box or in LDAP directory
Multi-Layered Spam & Virus Defense: Preventive + Reactive = Defense in Depth
ReactiveLayer
- Brightmail- IronPort AntiSpam
-Sophos Anti- Virus
PreventiveLayer
- IronPort Reputation
Filtering- Virus Outbreak
Filters
+
Immediate Reaction to Threats
Extremely High Performance
Coarse Outer Layer
Blocks or Rate Limits
Adapts Over Time
Computationally Intensive
Fine-grained Inner Layer
Delete or Quarantine
Black and White Lists
SenderBase®: Data Makes the Difference
• Complaint Reports
• Spam Traps
• MessageComposition Data
• Global Volume Data
• URL Lists
• Compromised Host Lists
• Web Crawlers
• IP Blacklists & Whitelists
• Additional Data
SenderBaseData
Data Analysis/Security Modeling
SenderBaseReputation Scores
-10 to +10
Parameters
Threat Prevention in Realtime
Data Breadth
• Combine HTTP & SMTP data
• Over 5 billion emails per day
• Over 90 SMTP parameters tracked
• Over 20 HTTP parameters tracked
Data Quantity
• Over 200,000 sources
• 8 of the top 10 ISPs, universities
& businesses
• Worldwide sources, including
Americas, Europe & Asia
Data Quality
• Over 3 years of experience
ensuring data integrity
• SourceRank assesses source
quality by cross correlating
multiple sources with known
benchmarks
Exchange,
Lotus/Domino,
Groupwise
80% Bad Mail STOPPED BEFORE
You have accepted connection
Clean, legitimate Mail!
IronPort Mail Flow
AntiSpam
AntiVirus
ContentFilters
VirusOutbreakFilters
SMTPClient
ReputationFilters
Work Queue
wwwIronPort
SenderBase
Nordea Phishing / Sender IP
IronPort Reputation Filters Stop 80% of Hostile Mail at the Door….
• IronPort uses identity & reputation to apply policy• Sophisticated response to sophisticated threats
Anti-SpamEngine
Incoming MailGood, Bad, and “Grey”
or Unknown Email
Reputation Filtering
+10
Trusted Policy
Accepted Policy
Untrusted Policy
Rejected Policy
-10
Traffic Shaping:Mail Flow Control NOT Filtrering
Dell
• Dell’s challenge:– Dell receives over 26M mail per day– Only 1.5M legitimate emails– 68 existing gateways using Spam Assassin with high false
positive rates
• IronPort’s solution:– Reputation filters blocks over 19M emails per day– 5.5M emails per day scanned & removed by Brightmail– Replaced 68 servers with 8 IronPort C60s
• Accuracy of spam filtering increased 10x • Server consolidation with 70%• Operational costs reduced with over 75%
“IronPort hasincreased the
quality andreliability ofour networkoperations,
whilereducing our
costs.”-- Tim Helmsetetter
Manager, GlobalCollaborative Systems
Engineering andService Management,
Dell Corporation
IronPort Outbreak Filters Over 140 Virus Outbreaks Detected, Average Lead Time of 15 hours
“Virus Outbreak Filters helped us from the first day we had it
and it saves us significant
clean up costs during major
virus outbreaks.”
Mark S. DialE-Messaging Team,
Tellabs
Virus Date Virus Threat Level Raised
First Anti-virus Signature Available
Outbreak Filter Lead Time
Bagle.BO 5/31/2005 14:32 PM 16:34 PM 2:02 hours
Bagle BB 2/27/2005 10:39 AM (2/27) 4:22 AM (3/1) 41:43 hours
Mydoom.BL 4/28/2005 19:52 PM 21:43 PM 1:51 hours
MyTob.V 4/3/2005 4:19 AM 9:36 AM 5:17 hours
MyTob.J 3/24/2005 23:30 PM 22:38 PM (the next day) 23:08 hours
Sober.L 3/7/2005 16:10 PM 18:28 PM 2:18 hours
Sober.K 2/21/2005 5:58 AM 7:00 AM 1:02 hours
Mydoom.BB 2/15/2005 18:08 PM 22:54 PM (the next day) 28:46 hours
Sober.J 1/30/2005 22:58 PM 9:21 AM (the next day) 10:22 hours
Bagle.BJ 1/26/2005 19:00 PM 19:32 PM 0:32 hours
Mugly A 11/30/2004 2:57 AM (11/30) 9:08 AM (12/1) 30:11 hours
How Virus Outbreak Filters WorkDynamic Quarantine In Action
T = 0– zip (exe) files
T = 5 mins- zip (exe) files
- Size 50 to 55 KB.
T = 10 mins– zip (exe) files
– Size 50 to 55KB– “Price” in the
name file
T = 8 hours– Release messages
if signature update is in place
Messages
Scanned &
Deleted
Industry Leading Signaturesfrom Sophos Anti-Virus
• Integrated Sophos® anti-virus engine
– High performance in-line scanning
• Easy to deploy and manage
– Intuitive user interface– Single view with Mail Flow
Monitor– Auto updates– Lower TCO with integrated
solution
Easy Custom Filter GenerationProtect your intellectual property & enforce acceptable use
HighPerformance
Flexible
Fine Grained
IronPort Content Scanning Engine
Encrypt
Archive
BCC to Compliance Officer
Notify Legal Personnel
Remove Attachment
Return to Sender
Bounce Email
Drop Email
LDAP Server Queries
Pre- defined HIPAA, GLB, SOX Filters
Customer Specific Filters
Incoming / Outgoing Mail
IronPort Email Security ManagerSingle view of policies for the entire organization
IT
SALES
LEGAL
• Mark and Deliver Spam
• Delete Executables
• Archive all mail
• Virus Outbreak Filters disabled for .doc files
• Allow all media files
• Quarantine executables
Domain, Email Address,
or LDAP Group
IronPort Centralized Management
• Log in anywhere, control everywhere– New systems automatically configure themselves– Mesh network = no single point of failure
• Elegant solution for two systems to 100– Simple interface highlights configuration anomalies– Apply changes to a machine, group, or cluster
IRONPORT CLUSTER
San Jose Group
SJ1 Machine SJ2 Machine
SJ3 Machine
Dublin Group
D1 Machine D2 Machine
D3 Machine
Tokyo Group
T1 Machine T2 Machine
T3 Machine
Enterprise Reporting & Management
• Easy integration with existing monitoring
– Alert Center (via email)
– SNMP
– Reporting API
• Choice of management interfaces
– Effortless Graphical User Interface (GUI)
– Powerful Command Line Interface (CLI)
• Proves the IronPort ROI– Show effectiveness of
reputation, spam, and virus filtering
• In-depth reporting on all senders
– Includes global traffic data from SenderBase
The IronPort Advantage
The IronPort C-Series offers comprehensive & consolidated email security
• IronPort Minimizes the Total Cost of Ownership for your E-mail Infrastructure
– Administrative burden reduced with more than 75%, let’s IT staff do more with less– Increased User productivity– Powerful Management & Reporting tools for small to global organizations, as well as ISP’s– Server consolidation– Reduced load on the network infrastructure– Ease of use– Flexible Filtering solutions – Tailored to your needs
• IronPort increases the availability of your email– Protection against Denial of Service Attacks, Directory Harvesting
• IronPort makes you sleep better at night!– Industry leading Anti-Virus Protection – 15 hours ahead of competition– Multi dimentional Anti-Spam Protection
• Most accurate for the broadest span of threats• Powered by SenderBase (www.senderbase.org)
– Unmatched performance – Scalability from the smallest organization to largest ISP’s
Thank you
The IronPort C-Series offers comprehensive & consolidated email security
Fredrik Myrelid
IronPort Systems, Inc.
Top Related