Home >Documents >Cisco IronPort Email & Web Security - Cisco - Global Home · PDF fileCisco IronPort Email...

Cisco IronPort Email & Web Security - Cisco - Global Home · PDF fileCisco IronPort Email...

Date post:24-Mar-2018
Category:
View:229 times
Download:5 times
Share this document with a friend
Transcript:
  • 2009 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID 1

    Cisco IronPortEmail & Web Security

    Frdric HER, CISSPSystems Engineer, AfricaCisco IronPort [email protected]

  • 2

    IronPort funded in 2000, acquired by Cisco in 200720,000+ customers globally400 million users protected40% of Fortune 100 companies8 of the 10 largest Service Providers7 of the 10 largest Banks99%+ customer renewal rates

    Named IronPort the market share leader in the email security appliance market

    IronPort is positioned as a leading player in the messaging security appliance market

    IronPort Positioned in the LeadersQuadrant in Magic Quadrant Report

    Cisco IronPortUnparalleled Market Leadership

  • 3

    EMAILSecurity Gateway

    The Cisco IronPort StoryApplication-Specific Security Gateways

    MANAGEMENTAppliance

    Internet

    WEBSecurity Gateway

    SensorBase(The Common

    Security Database)

    APPLICATION-SPECIFICSECURITY GATEWAYS

    BLOCK Incoming Threats:Spam, Phishing/FraudViruses, Trojans, WormsSpyware, AdwareUnauthorized Access

  • 2009 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID 4

    Cisco IronPortEmail Security

    Cisco IronPort Email Security Appliance

  • 5

    Email Challenges

    Junk Mail

    Viruses Regulations

    Privacy & Control

    Standard Email does not natively offer what is expected

  • 6

    Cisco IronPort Consolidates the Network Perimeter For Security, Reliability and Lower Maintenance

    After Cisco IronPort

    Groupware

    Firewall

    Cisco IronPort Email Security Appliance

    Internet

    Before Cisco IronPort

    Anti-Spam

    Anti-Virus

    Policy Enforcement

    Mail Routing

    Internet

    Firewall

    Groupware

    Users

    Encryption PlatformMTA

    DLP Scanner

    DLP Policy Manager

    Users

  • 7

    0

    50

    100

    150

    200

    250

    300

    Jan-08

    Feb-08

    Mar-08

    Apr-08

    May-08

    Jun-08

    Jul-08

    Aug-08

    Sep-08

    Oct-08

    Nov-08

    Dec-08

    Jan-09

    Feb-09

    Mar-09

    Apr-09

    May-09

    Jun-09

    Jul-09

    Aug-09

    Sep-09

    Oct-09

    Nov-09

    Average Daily Spam Volume (billions)

    Month

    Spam Trends

    Record spam volumes and criminal botnet activity

  • 8

    TEXT SPAM

    Image Spam

    ATTACHMENT SPAM (PDF, EXCEL, MP3)

    TARGETED ATTACKS

    Your Equitable Bank account is closed, call us now at (802)354-4250

    Your Equitable Bank account is closed, call us now at (802)354-4250

    Your Equitable Bank account is closed, call us now at (802)354-4250

    IMAGE SPAM

    Spam Sophistication Increasing

    2005

    2006

    2007

    2008

  • 9

    Cisco IronPort SensorBase

    Statistics on more than 30% of the worlds e-mail traffic

    New threats & alerts detection More than 200 parameters to build

    reputation scores

    Data Volume Message Structure

    Complaints Blacklists, whitelists

    Off-line data

    Reputation Score

    Reputation Score URL blacklists & whitelists

    HTML Content Domain Info

    Known bad URLs Website history

    E-Mail Reputation Filters

    Web Reputation Filters

  • 10

    Man

    agem

    ent

    Email Security ArchitectureCisco IronPort Email Security Appliance

    VirusDefense

    CISCO IRONPORT ASYNCOSEMAIL PLATFORM

    Data Loss Prevention

    Secure Messaging

    INBOUND SECURITY

    OUTBOUND CONTROL

    MAIL TRANSFERAGENT

    SpamDefense

  • 11

    Cisco IronPort AsyncOSRevolutionary Email Delivery Platform

    Traditional Email Gatewaysand Other Appliances

    Cisco IronPort Email Security Appliances

    200Connections

    Low Performance/Peak Delivery Issue

    Disk I/O Bottlenecks

    Unable To Leverage

    Full Capability

    Components

    CPU Limited Solely By CPU Capacity

    1K 10KConnections

    High Performance/Sure Delivery

  • 12

    Advanced Controls for Security and EfficiencyAnd to protect against the risk of being blacklisted

    1. Protects the reputation of a domain2. Relies on different IP addresses for

    sending messages

    1. Protect internal servers2. Rules per destination domain

    Internet

    ?

    163.24.127.3

    163.24.127.3

    163.24.127.4

    163.24.127.5

    Internet

    IronPort Virtual GatewaysDestination Controls

    Email Authentication (DomainKeys, DKIM, SPF, SIDF)

  • 13

    Man

    agem

    ent

    Email Security ArchitectureCisco IronPort Email Security Appliance

    CISCO IRONPORT ASYNCOSEMAIL PLATFORM

    Data Loss Prevention

    Secure Messaging

    INBOUND SECURITY

    OUTBOUND CONTROL

    MAIL TRANSFERAGENT

    SpamDefense

    VirusDefense

  • 14

    Spam Blocked Before Entering Network

    > 99% Catch Rate< 1 in 1 millionFalse Positives

    IronPort Anti-SpamSensorBaseReputation Filtering

    Verdict

    Anti-Spam Defense in Depth

  • 15

    Known good is delivered

    Suspicious is rate limited & spam filtered

    Known bad is blocked

    IronPort Anti-Spam

    Incoming MailGood, Bad, and Unknown Email

    ReputationFiltering

    Ciscos Internal Email Experience:

    Message Category % Messages

    Stopped by Reputation Filtering 93.1% 700,876,217

    Stopped as Invalid recipients 0.3% 2,280,104

    Spam Detected 2.5% 18,617,700

    Virus Detected 0.3% 2,144,793

    Stopped by Content Filter 0.6% 4,878,312

    Total Threat Messages: 96.8% 728,797,126

    Clean Messages 3.2% 24,102,874

    Total Attempted Messages: 752,900,000

    SensorBase Reputation FilteringReal Time Threat Prevention

  • 16

    Man

    agem

    ent

    Email Security ArchitectureCisco IronPort Email Security Appliance

    VirusDefense

    CISCO IRONPORT ASYNCOSEMAIL PLATFORM

    Data Loss Prevention

    Secure Messaging

    INBOUND SECURITY

    OUTBOUND CONTROL

    MAIL TRANSFERAGENT

    SpamDefense

  • 17

    Cisco IronPort Virus Outbreak FiltersThe First Line of Defense

    Early Protectionwith

    IronPort Virus Outbreak Filters

  • 18

    Multi-Layer Virus DefenseZero Hour Malware Prevention and AV Scanning

    Virus Outbreak Filters Anti-Virus

    T = 0

    -zip (exe) files

    T = 5 mins

    -zip (exe) files-Size 50 to 55 KB

    T = 15 mins

    -zip (exe) files

    -Size 50 to 55KB

    -Price in the filename

    An analysis over one year:

    Average lead time over 13 hoursOutbreaks blocked 291 outbreaksTotal incremental protection . over 157 days

  • 19

    Man

    agem

    ent

    Email Security ArchitectureCisco IronPort Email Security Appliance

    CISCO IRONPORT ASYNCOSEMAIL PLATFORM

    Data Loss Prevention

    Secure Messaging

    INBOUND SECURITY

    OUTBOUND CONTROL

    MAIL TRANSFERAGENT

    SpamDefense

    VirusDefense

  • 20

    Risks for the Organization

    Top Risk: Employees Biggest Impact: Customer Data

    12%

    10%

    5% 4%7%

    Personal client information

    44%

    21%

    4% 8%4%

    Intellectual Property

    Personnel Information

    Information marked Confidential

    Top Data Loss Types

  • 21

    Data Loss PreventionComprehensive, Accurate, Easy

    Comprehensive100+ Pre-defined templates

    Regulatory compliance

    Multiple parameters

    Key words, proximity, etc.

    Accurate

    One-click activation

    Policy enable/disable

    Easy

  • 22

    Email EncryptionInstant Deployment, Zero Management Cost

    Automated key management

    No desktop software requirements

    No new hardware required

    Gateway encrypts message

    Message pushed to recipient

    Cisco Registered Envelope Service

    User opens secured message in browser

    User authenticates and receives message key

    Key is stored

    Decryptedmessage is displayed

  • 23

    Man

    agem

    ent

    Email Security ArchitectureCisco IronPort Email Security Appliance

    CISCO IRONPORT ASYNCOSEMAIL PLATFORM

    Data Loss Prevention

    Secure Messaging

    INBOUND SECURITY

    OUTBOUND CONTROL

    MAIL TRANSFERAGENT

    SpamDefense

    VirusDefense

  • 24

    Cisco IronPort Email Security ManagerSingle view of policies for the entire organization

    Mark and Deliver Spam

    Delete Executables

    Archive all mail Virus Outbreak Filters

    disabled for .doc files

    Allow all media files Quarantine executables

    Categories: by Domain, Username, or LDAP

    IT

    SALES

    LEGAL

    IronPort Email Security Manager serves as a single,versatile dashboard to manage all theservices on the appliance. PC Magazine

  • 25

    Email Volumes

    Spam Counters

    Policy Violations

    Virus Reports

    Outgoing Email Data

    Reputation Service

    System Health View

    Single view across the organization

    Real Time insight into email traffic and security threats

    Actionable drill down reports

    Mul

    tiple

    dat

    a po

    ints

    Consolidated Reports

    Comprehensive InsightUnified Business Reporting

  • 26

    Visibility Into Email MessagesMessage Tracking

    What happened to the email I sent 2 hours ago?

    Track IndividualEmail Messages

    Who else received similar emails?

    Forensics toEnsure Compliance

  • 2009 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID 27

    Email SecurityHos

Click here to load reader

Reader Image
Embed Size (px)
Recommended