IronPort: The Leader in Email Security
PROTECTING OVER 340 MILLION EMAIL BOXES WORLDWIDE
Fredrik Myrelid
Nordic & Baltic Technical Manager
IronPort Systems, Inc.
IronPort Systems:
The Leader in Email Security
IronPort C-Series
Email Security Appliance
• Industry-leading technology
– AsyncOS, powers the world’s fastest
MTA
– SenderBase, the world’s first & largest
HTTP & SMTP traffic
monitoring network
• Industry-leading customers
– Over 50% of the world’s largest ISPs,
media & technology companies choose
IronPort
Fixing Email: The Steps Required
1.
IDENTITY
2.
REPUTATION
3.
POLICY
Internet
private
ISPs
DNS
public
IronPort is the First to Implement DomainKeys
Challenges at the Email Gateway
The typical symptoms everyone headlines on….
• Email Security
Managing volumes of SPAM and false positive issues
Viruses
Denial of Service attacks, Directory Harvesting, Fraud etc etc
• Policy & Legal Compliance
But what about the bigger picture?
• Availability of email services
• Performance & Latency issues
• Authentication
•
•
•
•
Massive Admin & Operations overhead
Huge Complexity
Visibility, Reporting & Statistics
Future-proofing the infrastructure, new services etc
Summarised as..
• Lost Productivity (a management issue)
– At the desktop (users are asked to define spam)
– IT Admin (to setup, fine tune and monitor spam)
• Consumption of valuable IT resource (an
operational issue)
–
–
–
–
Network bandwidth (wasted on 70% spam)
CPU and memory at the gateway (could be used on genuine mail)
Disk storage (archive everything that arrives, inc. spam)
Increased real-estate (in order to scale with the right performance)
• Legal liability (a risk management issue)
– Offensive content
– Contravention of legislation (Data Protection, Basel II, SOX,
HIPPA etc)
– Spam zombies (brand risk, blacklisting)
IronPort Consolidates the Email Perimeter
Before IronPort
After IronPort
Internet
Firewall
Internet
Firewall
MTAs
Anti-Spam
Anti-Virus
IronPort Email Security Appliance
Policy Management
Mail Routing
Groupware
Users
Groupware
Users
IronPort Reduces Administration
Advanced Technology Automates Manual Tasks
Centralized management: make
Changes only once
Stop viruses in average 15 hours
Before the anti virus signature is available
Anti-spam updates:
up to 60,000 rules/day,
every 5-10 min
No fine tuning or
Training necessary
Lowest fales positive rates
eliminates support calls
IronPort Email Security Appliance
Centralized & scheduled
reporting: You never
Need to sort throguh logs again
No manual white- or
black lists necessary
Automatic rate limiting
protects against Denial of Service
without your intervention
“These IronPorts run themselves”
Joe Chodi, CTO of Major League Baseball
Test configuration changes
withouth making them active
IronPort Architecture for
Multi-Layered Email Security
MANAGEMENT TOOLS
SPAM
DEFENSE
VIRUS
DEFENSE
• IronPort Reputation
Filters
• IronPort Virus Outbreak
Filters
• Brightmail
• IronPort Anti-Spam
• Sophos Anti-Virus
CONTENT
SCANNING
• IronPort Content Filters
• PostX and PGP
ASYNCOS™ MTA PLATFORM
AsyncOS:
Revolutionary MTA Platform
Traditional Email Gateways
And Other Appliances
IronPort Email Security Appliance
200
Incoming/Outgoing
Connections
Low Performance
and Potential DoS
10,000
Incoming/Outgoing
Connections
High
Performance,
Predictable
Delivery
Single Queue
For all Destinations
Queue Backup
Delays All Mail
Per-Destination
Queues
Fault-Tolerance
and
Custom Control
Directory Harvest Attack
Prevention
Virtual Gateway
Technology
Intelligent Bounce
Handling
Protects Against:
Theft of your user database by
spammers
Protects Against:
Inadvertent blockage of your
corporate mail
Protects Against:
Blacklisting of your IPs from
intentional NDRs
Unique Advantage:
Integrates with
SenderBase to track global attacks
Unique Advantage:
Provides up to 256 unique IP
addresses per appliance
Unique Advantage:
Separate IP address for NDRs, Inconversation recipient checking
AsyncOS™
Standards Based Integration
LDAP
DNS
• Integrates with all standard LDAP servers including
Active Directory™
• Carrier-class client and cache on-box
• High performance client resolves millions of record per
hour
• Configure separate DNS servers per domain
Advanced
Networking
• 802.1Q VLAN Tagging for network security
• NIC failover for redundancy
• Loopback interfaces for load balancer integration
Essential
Mail
Operations
• Alias, masquerade, and routing tables
• Powerful header operations
• Store tables on box or in LDAP directory
Multi-Layered Spam & Virus Defense:
Preventive + Reactive = Defense in Depth
Preventive
Layer
Reactive
Layer
- IronPort
Reputation
Filtering
- Virus Outbreak
Filters
- Brightmail
- IronPort
AntiSpam
-Sophos Anti
- Virus
+
Immediate Reaction
to Threats
Adapts Over Time
Extremely High
Performance
Computationally
Intensive
Coarse Outer Layer
Fine-grained Inner Layer
Blocks or Rate Limits
Delete or Quarantine
Black and White Lists
SenderBase :
®
Data Makes the Difference
Parameters
• Complaint Reports
• Spam Traps
Threat Prevention in Realtime
• Message
Composition Data
• Global Volume Data
• URL Lists
• Compromised
Host Lists
• Web Crawlers
• IP Blacklists
& Whitelists
SenderBase
Data
Data Analysis/
Security Modeling
SenderBase
Reputation Scores
-10 to +10
• Additional Data
Data Breadth
Data Quantity
• Combine HTTP & SMTP data
• Over 200,000 sources
• Over 5 billion emails per day
• 8 of the top 10 ISPs, universities
• Over 90 SMTP parameters tracked
• Over 20 HTTP parameters tracked
& businesses
• Worldwide sources, including
Americas, Europe & Asia
Data Quality
• Over 3 years of experience
ensuring data integrity
• SourceRank assesses source
quality by cross correlating
multiple sources with known
benchmarks
IronPort Mail Flow
80% Bad Mail
STOPPED BEFORE
You have accepted
connection
www
IronPort
SenderBase
Work Queue
Reputation
Filters

Exchange,
Lotus/Domino,
Groupwise
Anti
Spam

Anti
Virus

Content
Filters

Virus
Outbreak
Filters 
Clean, legitimate Mail!
SMTP
Client

Nordea Phishing / Sender IP
IronPort Reputation Filters Stop
80% of Hostile Mail at the Door….
+10
Trusted Policy
Reputation
Filtering
Incoming Mail
Good, Bad, and “Grey”
or Unknown Email
Anti-Spam
Engine
Accepted Policy
Untrusted Policy
Rejected Policy
-10
• IronPort uses identity & reputation to apply policy
• Sophisticated response to sophisticated threats
Traffic Shaping:
Mail Flow Control NOT Filtrering
Dell
• Dell’s challenge:
– Dell receives over 26M mail per day
– Only 1.5M legitimate emails
– 68 existing gateways using Spam Assassin with high false
positive rates
• IronPort’s solution:
– Reputation filters blocks over 19M emails per day
– 5.5M emails per day scanned & removed by Brightmail
– Replaced 68 servers with 8 IronPort C60s
• Accuracy of spam filtering increased 10x
• Server consolidation with 70%
• Operational costs reduced with over 75%
“IronPort has
increased the
quality and
reliability of
our network
operations,
while
reducing our
costs.”
-- Tim Helmsetetter
Manager, Global
Collaborative Systems
Engineering and
Service Management,
Dell Corporation
IronPort Outbreak Filters
Over 140 Virus Outbreaks Detected, Average Lead Time of 15 hours
“Virus Outbreak
Filters helped us from
the first day we had it
and it saves us
significant
clean up costs during
major
virus outbreaks.”
Mark S. Dial
E-Messaging Team,
Tellabs
Virus
Date
Virus Threat Level
Raised
First Anti-virus Signature
Available
Outbreak Filter
Lead Time
Bagle.BO
5/31/2005
14:32 PM
16:34 PM
2:02 hours
Bagle BB
2/27/2005
10:39 AM (2/27)
4:22 AM (3/1)
41:43 hours
Mydoom.BL
4/28/2005
19:52 PM
21:43 PM
1:51 hours
MyTob.V
4/3/2005
4:19 AM
9:36 AM
5:17 hours
MyTob.J
3/24/2005
23:30 PM
22:38 PM (the next day)
23:08 hours
Sober.L
3/7/2005
16:10 PM
18:28 PM
2:18 hours
Sober.K
2/21/2005
5:58 AM
7:00 AM
1:02 hours
Mydoom.BB
2/15/2005
18:08 PM
22:54 PM (the next day)
28:46 hours
How Virus Outbreak Filters Work
Dynamic Quarantine In Action
Messages
Scanned &
Deleted
T=0
– zip (exe) files
T = 5 mins
- zip (exe) files
- Size 50 to 55 KB.
T = 10 mins
T = 8 hours
– zip (exe) files
– Size 50 to 55KB
– “Price” in the
name file
– Release messages
if signature
update is in place
Industry Leading Signatures
from Sophos Anti-Virus
• Integrated Sophos®
anti-virus engine
– High performance in-line
scanning
• Easy to deploy and
manage
– Intuitive user interface
– Single view with Mail Flow
Monitor
– Auto updates
– Lower TCO with integrated
solution
Easy Custom Filter Generation
Protect your intellectual property
& enforce acceptable use
IronPort Content
Scanning Engine
High
Performance
Flexible
Fine Grained
Incoming / Outgoing
Mail
LDAP Server
Queries
Pre- defined
HIPAA, GLB,
SOX Filters
Encrypt
Archive
BCC to Compliance
Officer
Notify Legal Personnel
Remove Attachment
Return to Sender
Bounce Email
Drop Email
Customer
Specific
Filters
IronPort Email Security Manager
Single view of policies for the entire organization
Domain, Email Address,
or LDAP Group
• Allow all media files
• Quarantine executables
IT
• Mark and Deliver Spam
• Delete Executables
SALES
• Archive all mail
• Virus Outbreak Filters
disabled for .doc files
LEGAL
IronPort Centralized Management
• Log in anywhere, control everywhere
– New systems automatically configure themselves
– Mesh network = no single point of failure
• Elegant solution for two systems to 100
– Simple interface highlights configuration anomalies
– Apply changes to a machine, group, or cluster
SJ1 Machine
SJ2 Machine
SJ3 Machine
San Jose Group
D2 Machine
D1 Machine
D3 Machine
Dublin Group
IRONPORT CLUSTER
T1 Machine
T2 Machine
T3 Machine
Tokyo Group
Enterprise Reporting & Management
•
Proves the IronPort ROI
–
•
Show effectiveness of
reputation, spam, and
virus filtering
In-depth reporting on all
senders
–
Includes global traffic
data from SenderBase
•
Easy integration with existing •
monitoring
–
–
–
Alert Center (via email)
SNMP
Reporting API
Choice of
management
interfaces
–
–
Effortless
Graphical User
Interface (GUI)
Powerful
Command Line
Interface (CLI)
The IronPort Advantage
•
IronPort Minimizes the Total Cost of Ownership for your E-mail
Infrastructure
–
–
–
–
–
–
–
•
IronPort increases the availability of your email
–
•
Administrative burden reduced with more than 75%, let’s IT staff do more with less
Increased User productivity
Powerful Management & Reporting tools for small to global organizations, as well as ISP’s
Server consolidation
Reduced load on the network infrastructure
Ease of use
Flexible Filtering solutions – Tailored to your needs
Protection against Denial of Service Attacks, Directory Harvesting
IronPort makes you sleep better at night!
–
–
–
Industry leading Anti-Virus Protection – 15 hours ahead of competition
Multi dimentional Anti-Spam Protection
• Most accurate for the broadest span of threats
• Powered by SenderBase (www.senderbase.org)
Unmatched performance – Scalability from the smallest organization to largest ISP’s
The IronPort C-Series offers comprehensive &
consolidated email security
Thank you
Fredrik Myrelid
IronPort Systems, Inc.
[email protected]
The IronPort C-Series offers comprehensive &
consolidated email security
Descargar

IronPort Product Presentation - STALLION