TrustPort Net GatewayEmail traffic protection

WWW.TRUSTPORT.COM

Keep It Secure

• Entry point protection– Clear separation of the risky internet and secured intranet– Malware and spam blocked before reaching endpoints– No need to remove threats individually on every computer

• Unified security concept– Compact user interface– Remote control of the solution possible– Easy analysis of traffic and incidents

Advantages of centralised email protection

WWW.TRUSTPORT.COM

Keep It Secure

Handling email traffic

TrustPort Net Gateway

Mail serverFirewall

TrustPort Net Gateway

Mail serverFirewall

WWW.TRUSTPORT.COM

Keep It Secure

Principal components of incoming email protection

Receiving SMTPserver Backup of

messages

Antivirus and

antispam kernel Sending

SMTP server

WWW.TRUSTPORT.COM

Keep It Secure

• Antispam shield• Blacklists and whitelists• DNS records• Greylisting• Autowhitelist

Receiving SMTPserver

WWW.TRUSTPORT.COM

Keep It Secure

Receiving SMTPserver

Antispam shield

TrustPort Net

Gateway

WWW.TRUSTPORT.COM

Keep It Secure

Basic whitelist and blacklist

*@company.com*@company.czsupport@net.cz

info@company.comsupport@company.czcontact@company.cz

*@company.net*@company.org

LDAP

AD Text

WWW.TRUSTPORT.COM

Keep It Secure

Blacklists and whitelists

Blacklist of banned servers

Blacklist of banned senders

Whitelist of trusted recipients

Whitelist of trusted senders

Whitelist of trusted servers

Exceptions

WWW.TRUSTPORT.COM

Keep It Secure

To:To:

From:From:

Greylisting

TrustPort Net

GatewayIP:IP:

WWW.TRUSTPORT.COM

Keep It Secure

• Criteria for the rules– direction– sender – recipient– IP address range

• Action to follow – forward– backup– delete

Backup of messages

WWW.TRUSTPORT.COM

Keep It Secure

• Scanning by multiple antivirus engines• Filtering out unwanted attachments

• Checking DKIM, SPF• Checking DNS blacklists• Forbidden words• User regulars

• Database of regular rules• Checking for image spam• Bayes analysis

• Point evaluation

Antivirus and

antispamkernel

Fully adjustableby the user

Partiallyadjustableby the user

WWW.TRUSTPORT.COM

Keep It Secure

User filters

• Forbidden words

creditfreeofferviagra

• Regular rules

Part: headersField: fromRegular: @company.com

Part: bodyRegular: (free|share)ware

Antivirus and

antispam kernel

+ 10 000

- 5000

+ 2000

WWW.TRUSTPORT.COM

Keep It Secure

Using DKIM

Generatinghash of the message

Decrypting the electronic signature

WWW.TRUSTPORT.COM

Keep It Secure

Using SPF

HELO:

MAIL From:

IP:

IP:

IP:

IP:

WWW.TRUSTPORT.COM

Keep It Secure

Bayes analysis

Regular rules

Spamdictionary

Ham dictionary

Bayes analysis

spam

ham

User rules

Updates

WWW.TRUSTPORT.COM

Keep It Secure

• Sending electronic mail to one target mail server– Fixed IP address

• Sending electronic mail to several target servers– Delivery table– MX records– Delivery table combined

with MX records

Sending SMTP server

WWW.TRUSTPORT.COM

Keep It Secure

Components of outgoing email protection

Sending SMTPserver

Antivirus kernel

Receiving SMTP server

WWW.TRUSTPORT.COM

Keep It Secure

Components of outgoing email protection

Receiving SMTPserver

Antivirus kernel

Sending SMTP server

• sender control based on computer address• sender control based on email address• whitelist of trusted senders

• scanning using selected engines• filtering out unwanted attachments

• adding to autowhitelist• truncating dangerous headers• sending out

WWW.TRUSTPORT.COM

Keep It Secure

Sending SMTP server

Autowhitelist

From: peter.jones@company.com

To: joe.davis@gmail.com

From: joe.davis@gmail.com

To: peter.jones@company.com

WWW.TRUSTPORT.COM

Keep It Secure

Product certifications

Virus BulletinReactive and

proactive test, average values

(April 2011)

@HOME

WWW.TRUSTPORT.COM

Keep It Secure

Product certifications @HOME

Virus Bulletin (April 2011)

TrustPort Antivirus

Avast Free Antivirus

AVG Internet Security

Eset NOD32 Antivirus

Kaspersky Anti-Virus

McAfee VirusScan

Microsoft Forefront Endpoint Protection

RAP test, overall detection 98.02% 95.27% 92.55% 93.33% 93.30% 84.71% 91.94%

RAP test, reactive detection 99.63% 97.02% 95.27% 94.49% 94.63% 85.05% 93.52%

RAP test, proactive detection 93.18% 90.02% 84.38% 89.86% 89.32% 83.69% 87.18%

WWW.TRUSTPORT.COM

Keep It Secure

Product certifications

Average on-demanddetection of malware

Missed samples (the lower the better)

@HOME

AV-Comparatives (April 2011)

WWW.TRUSTPORT.COM

Keep It Secure

Product certifications @HOME

AV-Comparatives

TrustPort Antivirus

Avast Free Antivirus

AVG Anti-Virus

Eset NOD32 Antivirus

Kaspersky Anti-Virus

McAfee Antivirus Plus

Microsoft Security Essentials

Norton AntiVirus

Overall on-demand detection(April 2011)

99.2% 98.4% 91.4% 97.5% 97.0% 96.8% 95.8% 95.5%

Detection of potentially unwanted apps(December 2010)

99.5% 96.9% - 97.7% 97.6% 98.7% 92.7% 99.6%

Thank you for your attention!