DOCSLIB.ORG

Cisco Ironport Email & Web Security

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text

Load more

Cisco IronPort Email & Web Security Frédéric HER, CISSP Systems Engineer, Africa Cisco IronPort Solutions [email protected] Presentation_ID © 2009 Cisco Systems, Inc. All rights reserved. Cisco Confidential 1 Cisco IronPort Unparalleled Market Leadership IronPort funded in 2000, acquired by Cisco in 2007 IronPort Positioned in the “Leaders” Quadrant in Magic Quadrant Report 20,000+ customers globally 400 million users protected IronPort is positioned as a leading 40% of Fortune 100 player in the messaging security companies appliance market 8 of the 10 largest Service Providers 7 of the 10 largest Banks Named IronPort the market share 99%+ customer renewal leader in the email security appliance rates market 2 The Cisco IronPort Story Application-Specific Security Gateways BLOCK Incoming Threats: Spam, Phishing/Fraud Internet Viruses, Trojans, Worms SensorBase Spyware, Adware (The Common Security Database) Unauthorized Access APPLICATION-SPECIFIC SECURITY GATEWAYS EMAIL WEB Security Gateway Security Gateway MANAGEMENT Appliance 3 Cisco IronPort Email Security Cisco IronPort Email Security Appliance Presentation_ID © 2009 Cisco Systems, Inc. All rights reserved. Cisco Confidential 4 Email Challenges Standard Email does not natively offer what is expected Junk Mail Privacy & Control Viruses Regulations 5 Cisco IronPort Consolidates the Network Perimeter For Security, Reliability and Lower Maintenance Before Cisco IronPort After Cisco IronPort Internet Internet Firewall Firewall Encryption Platform DLP MTA Scanner Anti-Spam Anti-Virus DLP Policy Cisco IronPort Email Security Appliance Manager Policy Enforcement Mail Routing Groupware Groupware Users Users 6 Spam Trends 300 • Record spam volumes and criminal botnet activity ) s n 250 o li il b ( e 200 m lu o V m150 a p S y il a 100 D e g ra e 50 v A 0 8 8 8 8 8 8 8 8 8 8 8 8 9 9 9 9 9 9 9 9 9 9 9 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 - - - - - - l- - - - - - - - - - - - l- - - - - n b r r y n u g p ct v c n b r r y n u g p ct v a e a p a u J u e o e a e a p a u J u e o J F M A M J A S O N D J F M A M J A S O N Month 7 Spam Sophistication Increasing TEXT SPAM ATTACHMENT SPAM (PDF, EXCEL, MP3) 2005 2007 2006 2008 IMAGE SPAM TARGETED ATTACKS Your Equitable Bank account Your Equitable BankYour Equitableaccount is closed, call isBank closed, account call usis closed, now at call (802)354-4250us now at (802)354-4250 us now at (802)354-4250 Image Spam 8 Cisco IronPort SensorBase • Statistics on more than 30% of the world’s e-mail traffic • New threats & alerts detection • More than 200 parameters to build reputation scores •Data Volume • Message Structure E-Mail Reputation Filters • Complaints Reputation Score • Blacklists, whitelists • Off-line data • URL blacklists & whitelists Web Reputation Filters • HTML Content Reputation Score • Domain Info • Known “bad” URLs • Website history… 9 Email Security Architecture Cisco IronPort Email Security Appliance INBOUND Spam Virus SECURITY Defense Defense MAIL TRANSFER CISCO IRONPORT ASYNCOS AGENT EMAIL PLATFORM Data Loss Secure Management OUTBOUND CONTROL Prevention Messaging 10 Cisco IronPort AsyncOS Revolutionary Email Delivery Platform Traditional Email Gateways Cisco IronPort Email Security and Other Appliances Appliances 200 Low Performance/ 1K – 10K High Performance/ Connections Peak Delivery Issue Connections Sure Delivery Unable To Leverage Disk I/O Limited Solely Bottlenecks Full Capability CPU By CPU Capacity Components 11 Advanced Controls for Security and Efficiency And to protect against the risk of being blacklisted Destination Controls IronPort Virtual Gateways ? Internet 163.24.127.3 163.24.127.3 Internet 163.24.127.4 163.24.127.5 1. Protect internal servers 1. Protects the reputation of a domain 2. Rules per destination domain 2. Relies on different IP addresses for sending messages Email Authentication (DomainKeys, DKIM, SPF, SIDF) 12 Email Security Architecture Cisco IronPort Email Security Appliance INBOUND Spam Virus SECURITY Defense Defense MAIL TRANSFER CISCO IRONPORT ASYNCOS AGENT EMAIL PLATFORM Data Loss Secure Management OUTBOUND CONTROL Prevention Messaging 13 Anti-Spam Defense in Depth SensorBase IronPort Anti-Spam Reputation Filtering Verdict > 99% Catch Rate Spam Blocked Before < 1 in 1 million Entering Network False Positives 14 SensorBase Reputation Filtering Real Time Threat Prevention • Known good is delivered • Suspicious Reputation IronPort is rate limited Filtering Anti-Spam & spam filtered Incoming Mail Good, Bad, and • Known bad is Unknown Email blocked Cisco’s Internal Message Category % Messages Stopped by Reputation Filtering 93.1% 700,876,217 Email Experience: Stopped as Invalid recipients 0.3% 2,280,104 Spam Detected 2.5% 18,617,700 Virus Detected 0.3% 2,144,793 Stopped by Content Filter 0.6% 4,878,312 Total Threat Messages: 96.8% 728,797,126 Clean Messages 3.2% 24,102,874 Total Attempted Messages: 752,900,000 15 Email Security Architecture Cisco IronPort Email Security Appliance INBOUND Spam Virus SECURITY Defense Defense MAIL TRANSFER CISCO IRONPORT ASYNCOS AGENT EMAIL PLATFORM Data Loss Secure Management OUTBOUND CONTROL Prevention Messaging 16 Cisco IronPort Virus Outbreak Filters The First Line of Defense Early Protection with IronPort Virus Outbreak Filters 17 Multi-Layer Virus Defense Zero Hour Malware Prevention and AV Scanning Virus Outbreak Filters Anti-Virus T = 15 mins T = 5 mins T = 0 -zip (exe) files -zip (exe) files -zip (exe) files -Size 50 to 55 KB -Size 50 to 55KB -“Price” in the filename An analysis over one year: Average lead time …………………………over 13 hours Outbreaks blocked ………………………291 outbreaks Total incremental protection ……………. over 157 days 18 Email Security Architecture Cisco IronPort Email Security Appliance INBOUND Spam Virus SECURITY Defense Defense MAIL TRANSFER CISCO IRONPORT ASYNCOS AGENT EMAIL PLATFORM Data Loss Secure Management OUTBOUND CONTROL Prevention Messaging 19 Risks for the Organization Top Risk: Employees Biggest Impact: Customer Data Top Data Loss Types 4% 7% 8% 4% 5% 4% 10% Information marked 44% Personal client Confidential 12% information 21% Personnel Information Intellectual Property 20 Data Loss Prevention Comprehensive, Accurate, Easy Comprehensive 100+ Pre-defined templates Regulatory compliance Easy One-click activation Policy enable/disable Accurate Multiple parameters Key words, proximity, etc. 21 Email Encryption Instant Deployment, Zero Management Cost Message pushed to recipient User opens secured message in browser Gateway encrypts message Key is stored User authenticates and receives message key Decrypted Cisco Registered Envelope Service message is displayed Automated key management No desktop software requirements No new hardware required 22 Email Security Architecture Cisco IronPort Email Security Appliance INBOUND Spam Virus SECURITY Defense Defense MAIL TRANSFER CISCO IRONPORT ASYNCOS AGENT EMAIL PLATFORM Data Loss Secure Management OUTBOUND CONTROL Prevention Messaging 23 Cisco IronPort Email Security Manager Single view of policies for the entire organization Categories: by Domain, Username, or LDAP • Allow all media files • Quarantine executables IT • Mark and Deliver Spam SALES • Delete Executables • Archive all mail • Virus Outbreak Filters LEGAL disabled for .doc files “IronPort Email Security Manager serves as a single, versatile dashboard to manage all the services on the appliance.” – PC Magazine 24 Comprehensive Insight Unified Business Reporting Consolidated Reports Single view across the organization Email Volumes Spam Counters Real Time insight into Policy Violations email traffic and Virus Reports security threats Outgoing Email Data Multiple data points Reputation Service Actionable drill System Health View down reports 25 Visibility Into Email Messages Message Tracking What happened to the email I sent 2 hours ago? 9Track Individual Email Messages Who else received similar emails? 9 Forensics to Ensure Compliance 26 Email Security Hosted Offerings Cisco IronPort Hosted Email Security Presentation_ID © 2009 Cisco Systems, Inc. All rights reserved. Cisco Confidential 27 Choice Maximizes Flexibility Full Continuum of Deployment Options Appliances Hosted Hybrid Hosted Managed Award-Winning Dedicated Best of Both Fully Managed Technology SaaS Worlds on Premises Infrastructure Backed by Service Level Agreements 28 Cisco IronPort Web Security Overview Cisco IronPort Web Security Appliance Presentation_ID © 2009 Cisco Systems, Inc. All rights reserved. Cisco Confidential 29 Malware Threat Distribution Malware Infections Email Vector Web Vector Time Malware infection vectors are shifting from email to Web 30 Malware Evades Legacy Defenses URL classification is reactive, has low coverage Predictable, easy to classify Hundreds of millions of sites Thousands of new sites per hour Signatures are reactive and Big CANNOT keep up Head Long Tail Traffic Volume # of Sites 31 Exploited Websites An Invisible Threat 32 Drive-By Scareware - Full-screen pop-up simulates real AV software, asks you to buy full version to clean machine. - Fakes scan of c:\ drive and pretends to find viruses even on Linux or Mac OS X! 33 The limits of legacy solutions Low Performance – not suitable for current usage of Web High Latency Low Security: often only URL filtering ….or only Antivirus and no efficient protection against Malware 34 Next Generation Secure Web Gateway Before Cisco IronPort After Cisco IronPort Internet Internet Firewall Firewall Web Proxy & Caching Anti-Spyware Anti-Virus Cisco IronPort WSA Anti-Phishing
Recommended publications
  • IDC Marketscape: Worldwide Web Security 2016 Vendor Assessment

    IDC Marketscape: Worldwide Web Security 2016 Vendor Assessment

    IDC MarketScape IDC MarketScape: Worldwide Web Security 2016 Vendor Assessment Robert Westervelt Elizabeth Corr IDC MARKETSCAPE FIGURE FIGURE 1 IDC MarketScape Worldwide Web Security Vendor Assessment Source: IDC, 2016 Please see the Appendix for detailed methodology, market definition, and scoring criteria. March 2016, IDC #US41000015 IDC OPINION The Web security market is in a state of transition as organizations race to identify and extend control and visibility to a significantly growing mobile workforce. Web security vendors are also adapting to extend visibility and control over software-as-a-service (SaaS)–based services, which can be easily adopted by employees through their mobile devices to support file sharing and collaboration. The rapidly evolving threat landscape is also forcing Web security gateway makers to catch up with more powerful offerings. Criminal attack campaigns target users through Web site drive-by attacks, often from legitimate Web sites, where malicious code scans Web browsers and browser components to exploit Flash and Java vulnerabilities. These risks have led to highly visible threats, including a continued barrage of banking malware. Attacks are increasingly being delivered via hijacked advertising networks, weaponizing legitimate sites where the ads are hosted. Ransomware is also being detected in greater amounts and can spread through a drive-by attack, links shared on social media sites, or through malicious files hosted on popular SaaS services. Organizations are seeking more robust Web security capabilities. Web security deployment models are rapidly changing as organizations address how to enforce security policies on remote workers, branch offices, and mobile devices. The standard on-premises approach is one of three main deployment options available to customers, but SaaS and hybrid deployment models are increasingly being adopted.
  • Cyberpro November 20, 2008

    Cyberpro November 20, 2008

    Volume 1, Edition 14 CyberPro November 20, 2008 Keeping Cyberspace Professionals Informed Officers The articles and information appearing herein are intended for President educational purposes to promote discussion in the public interest and to Larry K. McKee, Jr. keep subscribers who are involved in the development of Cyber-related concepts and initiatives informed on items of common interest. The Senior Analyst newsletter and the information contained therein are not intended to Jim Ed Crouch provide a competitive advantage for any commercial firm. Any ------------------------------ misuse or unauthorized use of the newsletter and its contents will result CyberPro Research in removal from the distribution list and/or possible administrative, civil, Analyst and/or criminal action. Kathryn Stephens The views, opinions, and/or findings and recommendations contained in this summary are those of the authors and should not be construed as an official position, policy, or decision of the United States Government, CyberPro Archive U.S. Department of Defense, or National Security Cyberspace Institute. To subscribe or unsubscribe to this newsletter click here CyberPro News Subscription. Please contact Larry McKee , ph. (757) 871-3578, regarding CyberPro subscription, sponsorship, and/or advertisement. All rights reserved. CyberPro may not be published, broadcast, rewritten or redistributed without prior NSCI consent. 110 Royal Aberdeen Smithfield, VA 23430 ph. (757) 871 - 3578 CyberPro National Security Cyberspace Institute P a g e | 1 Volume
  • Blue Coat Systems 2860.Qxp

    Blue Coat Systems 2860.Qxp

    Magic Quadrant for Secure Web Gateway Gartner RAS Core Research Note G00160130, Peter Firstbrook, Lawrence Orans, 11 September 2008 R2860 09172009 Secure Web gateway solutions protect Web-surfing PCs from infection and enforce company policies. Incumbent providers have been slow to respond to changing demands, while new vendors are struggling to get the right product mix and prove their mettle in the demanding enterprise market. WHAT YOU NEED TO KNOW This document was revised on 16 September 2008. For more information, see the Corrections page on gartner.com. • Organizations need to purchase a strategic product that has a road map coinciding with long-term needs – which would mean sacrificing current functionality – or accept a tactical solution that solves current needs and will likely need to be replaced in the midterm to long term. • If URL-filtering reporting is a key requirement, then traditional URL-filtering vendors represent the best choice. • Given that malicious software (malware) filtering is a key requirement, products must offer proactive “zero day” malware detection techniques that do not rely on previous knowledge of the malware, as well as signature-based detection techniques. Products should inspect bidirectional Layer 4 through Layer 7 network traffic across all ports and protocols. • Application control is the least-mature secure Web gateway (SWG) feature. • Large enterprises will have a smaller field of candidates to select from because of scalability and reliability demands. MAGIC QUADRANT Market Overview An SWG is a solution that filters unwanted software/malware from user-initiated Web/Internet traffic and enforces corporate and regulatory policy compliance. To achieve this goal, SWGs must, at a minimum, include URL filtering, malicious-code detection and filtering, and application controls for popular Web-based applications, such as instant messaging (IM) and Skype.
  • Corporate Web Security - Market Quadrant 2016 ∗

    Corporate Web Security - Market Quadrant 2016 ∗

    . The Radicati Group, Inc. Palo Alto, CA 94301 . Phone: (650) 322-8059 . www.radicati.com . THE RADICATI GROUP, INC. Corporate Web Security - Market Quadrant 2016 ∗ ........ An Analysis of the Market for Corporate Web Security Solutions, Revealing Top Players, Trail Blazers, Specialists and Mature Players. May 2016 SM ∗ Radicati Market Quadrant is copyrighted May 2016 by The Radicati Group, Inc. Reproduction in whole or in part is prohibited without expressed written permission of the Radicati Group. Vendors and products depicted in Radicati Market QuadrantsSM should not be considered an endorsement, but rather a measure of The Radicati Group’s opinion, based on product reviews, primary research studies, vendor interviews, historical data, and other metrics. The Radicati Group intends its Market Quadrants to be one of many information sources that readers use to form opinions and make decisions. Radicati Market QuadrantsSM are time sensitive, designed to depict the landscape of a particular market at a given point in time. The Radicati Group disclaims all warranties as to the accuracy or completeness of such information. The Radicati Group shall have no liability for errors, omissions, or inadequacies in the information contained herein or for interpretations thereof. Corporate Web Security - Market Quadrant 2016 TABLE OF CONTENTS RADICATI MARKET QUADRANTS EXPLAINED ............................................................................... 2 MARKET SEGMENTATION – CORPORATE WEB SECURITY ..........................................................