1. Securing Your Email - Data Loss Prevention Deniz Kaya Microsoft, Cisco, Ironport, Mile2 Instructor CCSI, CCNP, MCT, MCSE, ICSI, ICSP, CPTS

2. IronPort Gateway Security Products Web Security |Email Security |Security Management | Encryption EMAIL Security Appliance WEB Security Appliance Security MANAGEMENT Appliance IronPort SenderBase APPLICATION-SPECIFIC SECURITY GATEWAYS CLIENTS BLOCK Incoming Threats PROTECT Corporate Assets Data Loss Prevention Encryption CENTRALIZE Administration Internet ENCRYPTION Appliance 3. IronPort + Cisco Market Leadership

Customer Leadership

- Over 6,000 customers globally

- 99% customer retention rate

Technology Leadership

- Industry leading email and Web security applications and management tools

Global Leadership

- Worldwide business operations

- Global technology infrastructure

4. The IronPort SenderBase Network Global Reach Yields Benchmark Accuracy

5B+ queries daily

150+ Email and Web parameters

35% of the Worlds Traffic

IronPort EMAIL Security Appliances IronPort WEB Security Appliances IronPort SenderBase Combines Email & Web Traffic Analysis

View intobothEmail & Web traffic dramatically improves efficacy

80% of spam contains URLs

Email is a key distribution vector for Web-based malware

5. IronPort Consolidates the Network PerimeterFor Security, Reliability and Lower Maintenance After IronPort Groupware Firewall IronPort Email Security Appliance Internet Users Before IronPort Anti-Spam Anti-Virus Policy Enforcement Mail Routing Internet Firewall Groupware Users Encryption Platform MTA DLP Scanner DLP Policy Manager 6. IronPort ArchitectureMulti-Layered Email Security MANAGEMENT TOOLS THE IRONPORT A SYNC OS EMAIL PLATFORM SPAM DEFENSE VIRUS DEFENSE DATA LOSS PREVENTION EMAIL ENCRYPTION 7. IronPort AsyncOSUnmatched Scalability and Security IronPort AsyncOS is a scalable and secure operating system, optimized for messaging Advanced Email Controls protect reputation and downstream systems Standards-based Integration replaces legacy systems with ease MANAGEMENT TOOLS THE IRONPORT A SYNC OS EMAIL PLATFORM SPAM DEFENSE VIRUS DEFENSE DATA LOSS PREVENTION EMAIL ENCRYPTION 8. Multi-layer Spam Defense Best-of-Breed Protection at the Gateway IronPort Reputation Filters: the outer layer defense IronPort Anti-Spam :stops the broadest array of threats spam, phishing, fraud and more MANAGEMENT TOOLS THE IRONPORT A SYNC OS EMAIL PLATFORM SPAM DEFENSE VIRUS DEFENSE DATA LOSS PREVENTION EMAIL ENCRYPTION 9. SenderBase Data Makes the Difference Complaint Reports Spam Traps Message Composition DataGlobal Volume Data URL Lists CompromisedHost Lists Web Crawlers IP Blacklists& Whitelists Additional Data SenderBase Data Data Analysis/ Security Modeling SenderBase Reputation Scores -10 to +10 Parameters Threat Prevention in Realtime 10. Introducing IronPort Spam Defense

Multi-layer spam defense designed to:

• Stop spam quickly

• Stop spam accurately

Reputation Worlds first and best sender based reputation service - Blocks 80% of spam at gateway - World class accuracy SBRS IPAS Who? How? What? Where? Worlds most accurate content based spam engine - 98% catch rate - World class accuracy 11. IronPort Anti-Spam Accuracy Powered By Context Adaptive Scanning Engine WHAT? HOW? WHO? WHERE?

All text inside an image

Random dots appear within the message

Nearly identical color scheme in 100,000s spamtrap msgs

Verdict BLOCK

IP address recently started sending email

Message originated from dial-up IP address

Sending IP address located in Russia

Message leaves trace of spamware tool

12. IronPort Reputation Filters Dell Case Study

Dells challenge:

• Dell currently receives26Mmessages per day

• Only1.5Mare legitimate messages

• 68 existing gatewaysrunning Spam Assassin were not accurate

IronPort solution:

• Reputation Filters block over19Mmessages per day

• 5.5Mmessages per day scanned by anti-spam engine

• Replaced68servers with8IronPort C60s

Accuracy of spam filtering increased10x

Servers consolidated by70%

Operating costs reduced by75%

IronPort has increased the quality and reliability of our network operations, while reducing our costs. -- Tim Helmsetetter Manager, Global Collaborative Systems Engineering and Service Management, DELL CORPORATION 13. Multi-layer Virus Defense Best-of-Breed Protection at the Gateway IronPort Virus Outbreak Filters : stop outbreaks 13 hours ahead of traditional signatures McAfee and Sophos Anti-Virus: signature-based solutions with industry leading accuracy MANAGEMENT TOOLS THE IRONPORT A SYNC OS EMAIL PLATFORM SPAM DEFENSE VIRUS DEFENSE DATA LOSS PREVENTION EMAIL ENCRYPTION 14. IronPort Outbreak Filters Close the Reaction Time Gap 15. How Virus Outbreak Filters Work Dynamic Quarantine In Action

T = 0

zip (exe) files

T = 5 mins -zip (exe) files -Size 50 to 55 KB.

T = 10 mins

zip (exe) files

Size 50 to 55KB

Price in thename file

T = 8 hours

Release messagesif signatureupdate is in place

Messages Scanned & Deleted Fine-grained Rules, Multiple Parameters: Attachment Type, Attachment Size, URLs, Filenames & More 16. Industry Leading Signatures from Sophos and McAfee Anti-Virus

Integrated Sophos anti-virus engine

• High performance in-line scanning

Easy to deploy and manage

• Intuitive user interface

• Single view with Mail Flow Monitor

• Auto updates

• Lower TCO with integrated solution

17. IronPort Data Loss Prevention Inbound/Outbound Policy Enforcement Integrated Scanning makes DLP deployments quick & easy Integrated Remediation eases work flow burden MANAGEMENT TOOLS THE IRONPORT A SYNC OS EMAIL PLATFORM SPAM DEFENSE DATA LOSS PREVENTION VIRUS DEFENSE EMAIL ENCRYPTION 18. Data Loss Prevention Multi-Faceted Problem

Regulatory Compliance

• HIPAA, GLBA, PCI, SOX Regulations

• Scan for sensitive information and block infractions

• Secure business partner communication

Acceptable Use

• Block offensive content

• Enforce messaging policy (attachment size, etc)

• Add legal disclaimers to outgoing mails

Intellectual Property Protection

• Block messages containing confidential data

• Prevent email communications with competitor

19. PCI Applies to Nearly Every Industry PCI Not Just for Retail Utilities E-Commerce Transportation Restaurant Financial/ Insurance Retail Service Provider Healthcare Federal Mobile Universities Sports and Entertainment State Agencies 20. The Payment Card Industry (PCI)Data Security Standard

Published January 2005

Impacts ALL whoprocess, transmit, or store cardholder data

Also applies to 3 rd -party hosting companies, information storage companies, etc.

Monthly fines ranging from $5,000 to $50,000 formissed deadlines

Has global reach

Source: pcisecuritystandards.org Not Published yet Latin American CEMEA 2008 TBD 2008 TBD 2008 TBD Canada DEC 2009 DEC 2009 DEC 2009 Asia MAR-DEC 2008 MAR-DEC 2008 Negotiated individually Western Europe DEC 2008 DEC 2007 SEP 2007 US Level 3 Level 2 Level 1 Theater 21. Data Loss Prevention Foundation Integrated Scanning Users

• Integrated Scanning Makes DLP Deployments Quick & Easy

Outbound Mail Weighted Content Dictionaries Compliance Dictionaries Attachment Scanning Custom Content Filters Smart Identifiers 22. Data Loss Prevention Foundation Integrated Remediation Users

• Integrated Remediation Eases Work Flow Burden

Outbound Mail Remediation:Quarantine Remediation Notification Remediation:Reporting Encrypt The Message 23. IronPort Email Encryption Dont RemediateAccelerate MANAGEMENT TOOLS THE IRONPORT A SYNC OS EMAIL PLATFORM SPAM DEFENSE DATA LOSS PREVENTION VIRUS DEFENSE EMAIL ENCRYPTION 24. Encryption Market Evolution The Technical View Encryption technology is the foundation forbusiness class email Secure Envelopes S/MIME, PGP, Secure Webmail

Single, Integrated Platform

No Certificate Complexity

Universal Reach

Multi-Platform Deployment

Certificate Requirements

Sender/Receiver Plug-Ins

IronPort PXE Legacy Encryption Solutions 25. IronPort PXE: Sending a Message Instant Deployment, Zero Management Costs IronPort Hosted Keys Gateway encrypts message User opens IronPort PXE in browser User authenticates & gets message key Password Decrypted message displayed Messagepushed to Recipient Key Stored 26. IronPort PXE: Receiving a Message Seamless End-User Experience View message Enter password Open Attachment 27. Management for Organizations of All Sizes

IronPort Email Security Manager unified policy management

IronPort Email Security Monitor enterprise-class reporting system

Management Interfaces simple integration and increased productivity

MANAGEMENT TOOLS THE IRONPORT A SYNC OS EMAIL PLATFORM SPAM DEFENSE VIRUS DEFENSE DATA LOSS PREVENTION EMAIL ENCRYPTION 28. IronPort Email Security Manager Single view of policies for the entire organization IT SALES LEGAL

Mark and Deliver Spam

Delete Executables

Archive all mail

Virus Outbreak Filters disabled for .doc files

Allow all media files

Quarantine executables

Email Security Manager serves as a single, versatile dashboard to manage all the services on the appliance. -- PC Magazine 2/22/05 Categories: by Domain, Username, or LDAP 29. Cisco Self-Defending Network (SDN)

Cisco Security- Portfolio @ a Glance

• Network & End-point Security

• Content & Application Security

• Systems & Security Management

30. The Portfolio at a Glance Content and Application Security

Content Security

Reputation based, zero-day defense

Capability to address diverse attacks types and techniques

Secure all sources of attack

Application Security

Layer 7 protection for applicationand data vulnerabilities

XML traffic validation and inspection

Enhanced deep packet inspection

Product Highlights:

• Ironport Email

• Ironport Web

• Intrusion Prevention Systems

Product Highlights:

• ACE XML Gateway

• Web Application Firewall

31. Systems Approach to Stop Malware: Visibility and Control Intrusion Prevention

Detection

Precision response

Content Security

Email SPAM

Web filtering

Endpoint Security

Host IPS

AV solutions

Firewall and VPN

Traffic access control

Encryption

Centralized Policy Management and Monitoring 32. Ciscos Security Portfolio Offers End-to-End Compliance with PCI Requirements 33. Cisco Data Loss Prevention Solution NAC, CSA, IronPort, and TrustSec IronPort NAC Appliance ASA printer

IronPort

Prevent data loss at perimeter

Mail policy verification

Logs transaction

Encrypts mail message and notifies recipient

NAC Appliance

Verifies CSA and endpoint posture

TrustSec

TrustSec

Enforces data policy throughrole-based access control

Cisco Security Agent

Scan files for sensitive data

Prevents copying to external media

Prevents transfer with internetwork applications

Prevents bypass of gateway security policy

Internet Internet Internet Internet Hi Joan,Could you send those files over? SureBob,Ill find a way to get those files to you! 34. Preventing Data Leakage and DisclosureSelf-Defending Network Applied Data Center Employees Network Edge Tape Devices Application Server CiscoMDS 9000 C-Series E-Mail Security Appliance Internet Corporate Network

Cisco Security Agent

Prevents endpoint data loss

Prevents bypass of Cisco IronPort network protection

Inspects and classifies content (similar to Cisco IronPort) in a future release

Partners Customers Remote Employees

Storage Media Encryption

Prevention of unauthorized access and loss of data at rest

Full integration with SAN fabric and management

Secure, highly available service

IronPort

Prevent data loss at network perimeter

Inspect and control content

Address privacy regulations

Take advantage of existing anti-spam and anti-spyware infrastructure

35. Self-Defending Network in the Campus

Centralized threat management, including correlation and mitigation

Centralized policy and device management across entire Cisco infrastructure for IPS, VPN, and firewall

Web and mail content scanning to reduce malware introduction and propagation

Layer 3 7 inspection and traffic control

Converged remote site and userIPsec and SSL VPN services

Trojan horse and spyware to control channel monitoring and mitigation

Gateway and Internet Services

Prevent exploits of vulnerabilities on PCs and other endpoints

Minimize the entrance and propagation of new threats on trusted PCs

Enforce access controls to trusted, untrusted, and guest users

Protect and isolate intra-LAN segments

Policy Enforcement and Endpoint Protection Threat Management and Policy Control Cisco Security Management Suite Cisco ASA 5500 Firewall, VPN, and IPS Cisco IPS 4200 Series Sensors Network Admission Control FWSM and Cisco ASA 5500 Series Cisco IronPort Cisco ASA 5500 CSC Cisco Security Agent Endpoint Security Policy and Posture Centralized Policy and Threat Management Traffic and Admission Control Targeted Attack Protection Web and Mail Malware Scan Intra-LAN Policy Enforcement Internet Public WAN 36. Self-Defending Network in the Data Center Cisco ASA ACS Cisco Security MARS Cisco WAAS WebServers Cisco ACE Cisco Security Agent Cisco Security Agent Cisco Security Agent Application Servers DatabaseServers AXG(Web Applications) Cisco Security Agent Cisco Security Agent Cisco MDSwith SME Tier 1/2/3Storage Tape/OffsiteBackup AXG (B2B) CSM Cisco Security Agent-MC CW-LMN

Data-Center Edge

Firewall and IPS

DoS protection

Application protocol inspection

Web Services security

VPN termination

E-mail and Web access control

Cisco Catalyst 6000 FWSM

Web Access

Web security

Application security

Application isolation

Content inspection

SSL encryption and offload

Server hardening

Applications and Database

XML, SOAP, and AJAX security

DoS prevention

Application-to-application security

Server hardening

Storage

Data encryption

• In motion

• At rest

Stored data access control

Segmentation

Management

Tiered access

Monitoring and analysis

Role-based access

AAA access control

Cisco IronPortE-Mail Security AXG(DHTMLto XML) Cisco IronPortWeb Security Cisco IronPortWeb Security 37. Access to the presentations

http://www.newhorizons.bg/powerpoint/802.1x.ppt

http://www.newhorizons.bg/powerpoint/Layer2_Attacks.ppt

http://www.newhorizons.bg/powerpoint/ Ironport-DLP .ppt

38. New Horizons' Partners