Home >Documents >IronPort Messaging Security - Arrow FILE/IronPort.pdf · PDF file• 150+ Email and...

IronPort Messaging Security - Arrow FILE/IronPort.pdf · PDF file• 150+ Email and...

Date post:18-Feb-2019
Category:
View:215 times
Download:0 times
Share this document with a friend
Transcript:

IronPort Messaging Security

PROTECTING OVER 350 MILLION EMAIL BOXES WORLDWIDE

Mirko Schneider, IronPort, A CISCO Business Unit

Soft-Tronik Security Day

The Evolution of Reputation Filters to Self Defending Network 3.0

Who is IronPort?

Founded by Email pioneers from in2000 from Hotmail, ListBot, Yahoo

idea: building the fastest and strongest gateway appliance

HQ in California, Silicon Valley

Worldwide 500+ employees

75 in Europe (UK, Germany, Sweden, France, Spain, Italy)

revenue 2005: ~ 70m USD, 2006: ~125m USD

With Soft-Tronik in CZ/SK since2006

Hot News:IronPort now a part of CISCO

The Principles of Industry Leadership

Analyst Leadership Gartners Magic Quadrants 2006: Leader

IDC July 2007: market share leader

Radicati Market Quadrants 2007: Leader

Customer Leadership 52 of the Worlds Largest 100 Companies

20+% of Global 2000

12 of the 15 largest ISPs

Technology Leadership First with custom, high performance MTA

First with Reputation Filtering

First with Virus Outbreak Filters

Web Security | Email Security | Security Management | Encryption

IronPort Gateway Security Products

EMAILSecurity Appliance

WEBSecurity Appliance

Security

MANAGEMENT Appliance

IronPort

SenderBase

APPLICATION-SPECIFIC

SECURITY GATEWAYS

CLIENTS

BLOCK Incoming Threats

PROTECT Corporate Assets

Data Leakage Prevention

Encryption

CENTRALIZE Administration

Internet

ENCRYPTIONAppliance

The Key

A Simple Idea

1. 2. 3.IDENTITY POLICYREPUTATION

?!

Score

IronPort SenderBase NetworkGlobal Reach Yields Benchmark Accuracy

5B+ queries daily

150+ Email and Web parameters

25% of the Worlds Email Traffic

The Dominant Force in Global

Email and Web Traffic Monitoring

80%50%

40%

IronPortCipherTrust

BorderWare

Spam Caught by Reputation

Source: www.ciphertrust.com and www.borderware.com, August 6, 2006

Results in Accuracy and

Advanced Protection

120,0004,000

8,000

IronPortCipherTrust

BorderWare

Network Reach (Contributing Networks)

13 hours*McAfee, Trend, Symantec, Sophos, CA, F-Secure

IronPortVirus Protection Lead

* 6/2005 6/2006. 175 outbreaks identified. Calculated as publicly published signatures from the listed

vendors.

Global Volume

Data

Over 100,000

organizations,

email traffic,

web traffic

Message

Composition

Data

Message size,

attachment volume,

attachment types,

URLs, host names

Spam TrapsSpamCop, ISPs,

customer

contributions

IP Blacklists &

Whitelists

SpamCop, SpamHaus

(SBL), NJABL,

Bonded Sender

Compromised

Host Lists

Downloaded files,

linking URLs,

threat heuristics

Web site

Composition

Data

SORBS, OPM,

DSBL

Other Data

Fortune 1000, length

of sending history,

location, where the

domain is hosted,

how long has it been

registered, how long

has the site been up

Complaint

Reports

Spam, phishing,

virus reports

Spamvertized URLs,

phishing URLs,

spyware sites

Domain Blacklists

& Safelists

IronPort SenderBase Reputation150 parameters for each IP

www.senderbase.org

Leading Edge TechnologyReputation Filtering Sets off Industry Scramble

July 21, 2003

IronPort Reputation Filters

February 16, 2003

IronPort SenderBase

June 28, 2004

Symantec Brightmail Reputation Service

June 4, 2004

CipherTrustTrustedSource

November 9, 2004

Proofpoint MLX Dynamic Reputation

June 14, 2005

Trend MicroAcquiresKelkea ReputationProduct

May 23, 2005

Recurrent Pattern Detection

20042003 2005

The Leader in Email SecurityIronPort C-Series

IronPort Email Security Appliances

High Performance Email Security

Appliances Stopping Spam, Viruses, and

Enforcing Compliance

IronPort C350/C650IronPort C100

IronPort X1050

Product Consolidation at

the Network PerimeterFor Security, Reliability and Lower Maintenance

Anti-Spam

Anti-Virus

Policy Enforcement

Mail Routing

Before IronPort

IronPort Email Security Appliance

Internet

Firewall

MTAs

Groupware

Users

After IronPort

Internet

Users

Groupware

Firewall

IronPort Architecture for Multi-Layered Email Security

MANAGEMENT TOOLS

THE IRONPORT ASYNCOS EMAIL PLATFORM

SPAMDEFENSE

POLICY ENFORCEMENT

VIRUSDEFENSE

EMAIL AUTHENTICATION

IronPort AsyncOS

Unmatched Scalability and Security

AsyncOS scalable and secure OS optimized for messaging

Advanced Email Controls protect reputation and downstream systems

Standards-based Integration replaces legacy systems with ease

MANAGEMENT TOOLS

THE IRONPORT ASYNCOS EMAIL PLATFORM

SPAMDEFENSE

POLICY ENFORCEMENT

VIRUSDEFENSE

EMAIL AUTHENTICATION

IronPort AsyncOS

Revolutionary Email Platform

Traditional Email GatewaysAnd Other Appliances IronPort Email Security Appliance

200Incoming/Outgoing

Connections

Low Performance/DoS Potential

Single QueueFor all Destinations

Queue BackupDelays All Mail

Per-DestinationQueues

Fault-Toleranceand

Custom Control

10,000Incoming/Outgoing

Connections

High Performance/Sure Delivery

Multi-layer Spam DefenseBest of Breed

IronPort Reputation Filters the outer layer defense IronPort Anti-Spam - stops the broadest array of threats spam, phishing, fraud

MANAGEMENT TOOLS

THE IRONPORT ASYNCOS EMAIL PLATFORM

SPAMDEFENSE

POLICY ENFORCEMENT

VIRUSDEFENSE

EMAIL AUTHENTICATION

Spam Grows And Changes

100+% growth in volume per year

Growth in size2003 : ~ 2KB per mail2007: ~ 30KB per email

Growth in viaretiesImage Spam, PDF, Excel,

Spam TrendsThrough Mid-July, 2007

Spam volumes ticking up

New spam trends emerging

PDF spam

Shows that spammers continue to develop new techniques at a rapid pace

Several open source blacklists under DDOS attacks in last 4 weeks

SURBL, Spamhaus, URIBL all affected

SenderBase not affected

0

10

20

30

40

50

60

70

80

90

Jan-

06

Feb-

06

Mar-

06

Apr-

06

May-

06

Jun-

06

Jul-

06

Aug-

06

Sep-

06

Oct-

06

Nov-

06

Dec-

06

Jan-

07

Feb-

07

Mar-

07

Apr-

07

May-

07

Jun-

07

Jul-

07

Sp

am

Vo

lum

e (

BN

)

0

5

10

15

20

25

30

35

40

Imag

e S

pam

%

Average Daily Spam Image Spam %

New Spam Follows

PDF spam, Excel Spam, ...

MP3 Spam OutbreakOctober 17th, 2007

Spam sent as MP3 audio files

files named after popular songs / musicians to fool recipients

files randomized by changing audio speed and content

represented 1% of spam volumes on day of outbreak

Outbreak Description

IronPort Protection

MP3 Spam Example

Volume & Catch Rate

Stopped MP3 spam within minutes through combination of several technologies

Reputation Filters: proactively blocked majority of MP3 spam by identifying bots sending spam

IronPort Anti-Spam: issued rules based on file type, file content, message size and other information to catch remaining spam

0

5

10

15

20

25

30

21:00 2:00 7:00 12:00 17:00 22:00

Time (GMT)

80%

85%

90%

95%

100%

Volume (thousands) IronPort Catch Rate

Future of Spam

Volume of Spam compared to worldwide e-mail traffic

2007-2011

Year Volume

2007 75%

2008 78%

2009 80%

2010 81%

2011 82%Source : Radicati Group, april 2007

Multi-Layered SecurityPreventive + Reactive = Defense in Depth

Reactive

Layer+

Immediate Reaction to Threats

Extremely High Performance

Coarse Outer Layer

Blocks or Rate Limits

Adapts Over Time

Computationally Intensive

Fine-grained Inner Layer

Delete or Quarantine

Preventive

Layer

blocks~ 80%

of spam

IronPort SenderBase NetworkGlobal Reach Yields Benchmark Accuracy

5B+ queries daily

150+ Email and Web parameters

25% of the Worlds Email Traffic

The Dominant Force in Global

Email and Web Traffic Monitoring

80%50%

40%

Click here to load reader

Reader Image
Embed Size (px)
Recommended