Sushant Rao,Senior Product Manager

www.mailfrontier.com

Emerging Threats:Stop Spam, Virus, and Phishing Outbreaks through End-to-End Attack Monitoring

2

Threats Are More Complex & Dangerous

3

Typical Attacks Are Worldwide Events

4

Attack Lifecycle

5

Typical Approaches in Email Security

Sender ReputationMessage Content

Attachment

Real Spam Attack

7

Messages Scored: What’s the Right Number?

Re: Loan info - 15 years 6.0%

Re: Loan info - 15 years 6.0%

You are pre-approved

You are pre-approvedSpam that hit user’s inbox

Legitimate emailcaught by filter

8

Reputation Services

Sender ID Framework Validates sender’s claimed identity

Reputation ServiceEvaluates sender’s reputation

9

Content Evaluation (Bayesian)

10

Community Response

11

Content Analysis 80% effectiveness 0.5% false positive rate

There’s No One Way

Sender’s Identification & Reputation

• 70% effectiveness

• 1.0% false positive rate

Community Response

• 75% effectiveness

• 0.25% false positive rate

12

Chained: High Effectiveness, High False Positive

70% effectiveness

1.0% false positive rate

75% effectiveness

0.25% false positive rate

80% effectiveness0.5% false positive rate

Overall 70% Effectiveness1.0% False Positive Rate

13

Chained: High Effectiveness, High False Positive

70% effectiveness

1.0% false positive rate

75% effectiveness

0.25% false positive rate

80% effectiveness0.5% false positive rate

Overall 94% Effectiveness1.5% False Positive Rate

14

Chained: High Effectiveness, High False Positive

70% effectiveness

1.0% false positive rate

75% effectiveness

0.25% false positive rate

80% effectiveness0.5% false positive rate

Overall 98% Effectiveness1.75% False Positive Rate (1 in 50)

15

Messages Judged: Good, Spam, or Likely Spam

Overall98% Effectiveness0.0% False Positive Rate for Definite

Real Virus Attack

17

18

http://itmanagement.earthweb.com/columns/executive_tech/article.php/3316511

19

Virus Attack Timeline

Time

20

Decisive Anti-Virus Technology

21

Responsive Anti-Virus Technology

22

Predictive Anti-Virus Technology

23

Multiple Technologies Detect & Protect

Conventional Signature Protection SimulationBehavior Monitoring & Pattern Heuristics

MailFrontierTime Zero Virus

Technology

24

Time Zero Virus Technologies

Deceptive File Type Detection

invoice.txt really invoice.exe

Statistical Attachment Analysis

picture.jpg .exe

25

Time Zero Virus Technologies

Deceptive File Type Detection Statistical Attachment Analysis

MIME Exploit Protection Dangerous Attachment Blocking

.exe

.bat

.pif

picture.jpg .exe

resume.bat

File name is picture.jpg File type is .exe

26

Statistical Attachment Analysis

069 139 139 012

.TXT.JPG .DOC .EXE

119 111 114 100

Gateway Server

069 139 139 211

invoice.txt invoice.txt

069 139 139 211

? ?

ORIs it invoice.txt? Is it invoice.exe?

27

Statistical Attachment Analysis

069 139 139 012119 111 114 100

Gateway Server

069 139 139 211

invoice.txt invoice.txt

069 139 139 211

==

invoice.exe

OR

.TXT.JPG .DOC .EXE

Real Phishing Attack

29

Consumer Phish

30

Phishing for Enterprise Information

31

Phishing is Not Spam

What is the Difference between Spam and Fraud?

Spam But Fraud

How does it arrive? Sneaks in the back door. Walks in the front door.

How does it make its offer?

Looks bad, seems far-fetched.

Looks plausible, seems credible.

What is it trying to do? Tries to sell you something.

Tries to steal something from you.

32

A Phishing Attack

Sending Machines Phish Web Sites

66.165.106.111

152.146.187.172

161.58.214.148

195.75.241.4

212.250.162.8

Receivers

61.152.175.161

210.114.175.226

211.23.187.151

Mary

Tomas

Andy

Tonia

George

John

Frank

Tim

Herman

Luann

Ramona

Evan

Jan

Scott

Venkat

CharliePhil

Elisa

Dom

Joe

Lana

June

Chao

Vadim

Oliver

33

Phishing Protection

Other Enterprise Email Threats

35

Zombies – Compromised Internal Nodes

Mail Server

Enterprise Network

Internet

XOnly legitimate emails are sent

Emails from Zombiesare identified and quarantined

36

Directory Harvest Attacks

Enterprise Network

37

Outbound Compliance – Regulatory & Corporate

CONFIDENTIAL

Mail Server

Enterprise Network

Virus

Policy Violation

CONFIDENTIAL

Disguised Text

C*NFIDENTIAL

C*NFIDENTIALOnly legitimate emails are sent

MailFrontier Gateway

39

MailFrontier Cognite: End-To-End Email Attack Monitoring

40

MailFrontier – Security Against All Threats

41

MailFrontier – All Threats, 1 Product

Typical Mail Data Center

Mail Data Center Consolidatedwith MailFrontier Gateway

e.g. Microsoft Exchange

e.g. Microsoft Exchange

42

MailFrontier: Effortless Control

Powerful Reporting Provides Quick

Insight

43

MailFrontier:High Performance

44

1400+ Enterprise Customers • 98% Retention

Healthcare Transportation Nonprofit

RetailEducation Real Estate

Hospitality

Financial Services

Software

Media/Publishing

Pharmaceutical

Telecommunications Manufacturing

Technology

Government

Consumer Goods Financial ServicesRetail

Media/Publishing

Consumer Goods

45

Extraordinary Awards & ReviewsExtraordinary Awards & Reviews

NetworkWorld Top-Rated Enterprise Anti-Spam Software “…MailFrontier’s ASG put up some impressive results in terms of blocking spam and letting legitimate mail pass.” – September 15, 2003

Recommends MailFrontier be included on “Short List” of products evaluated for large-scale, high-performance anti-spam systems – December 20, 2004

Red Herring Top 100 Private Companies/InnovatorsRecognizing the company for its innovation and strategy – May 2004 and December 2004

CRN Recommended“MailFrontier's hands-off approach can help ease the administration burden on IT departments.” – June 7, 2004

InfoWorld Rated Excellent“MailFrontier had the easiest installation…provides lots of control to the admin…[and] provides excellent accuracy.” – September 27, 2004

IT WEEK Editor’s Choice – 5 out of 5 Stars  “MailFrontier Gateway Appliance m500 setup was easy…and took less than an hour..lt really blocks all unwanted email.” – June 6, 2005

46

MailFrontier - The Leader in Email Security

Best Protection • Effortless Control • High Performance

Appliances • Software

47

Powerful Protection without Complexity

“MailFrontier offered me a solution that delivered on every front.”

-- Kristi ReeseExchange Administrator