View
138
Download
20
Category
Tags:
Preview:
DESCRIPTION
Symantec Messaging Gateway. Stéphane Jacobs. Pre-sales Consultant. Symantec Messaging Gateway Small Business Edition. Purpose built appliance that prevents spam, viruses, and phishing attacks from reaching email servers Small Business Edition Targets 250 users and below - PowerPoint PPT Presentation
Citation preview
Symantec Messaging GatewayStéphane JacobsPre-sales Consultant
2
Symantec Messaging Gateway Small Business Edition
• Purpose built appliance that prevents spam, viruses, and phishing attacks from reaching email servers
• Small Business Edition– Targets 250 users and below– Same enterprise class protection – Installation in minutes– Small Business friendly per-
appliance pricing and licensing
Symantec Global Intelligence Network
3
Managed devices in 70+ countries
120 Million Threat/ Virus Submission Systems
40,000+ Sensors in 200+ Countries
> 10,000 Security Professionals
Vulnerability Database
Fraud: Spam& Phishing
Honeypot Network
25,000+ vulnerabilities in database
2+ Million Probe Network Accounts
Virtual network of 8000+ IP addresses
• 55,000+ technologies from over 8000 vendors
• Capturing previously unseen threats and attack methods
• Statistics on 1+ Billion email messages a day
• Geo-location capabilities on servers and zombies
2B+ events logged daily Over 100,000 security alerts generated annually
200,000 daily code submissions
4
Symantec’s Approach to Messaging Security
• Advanced Content Filtering
• Content Encryption• Data Loss Prevention
Integration• Compliance
• Unified Control and Management
• Continuous Automatic Spam and Virus updates
• On-demand Reporting• Virtual appliance
• Best Antispam and Antivirus
• Personalized Protection
• Adaptive Reputation Management
• Global Intelligence Network
Greater Control Easy ManagementBetter Protection
...From the Leader in Enterprise Security
Managed devices in 70+ countries
120 Million Threat/ Virus Submission Systems
40,000+ Sensors in 200+ Countries
PROTECT
Inbound Protection:
Effective & Accurate AV & AS
Adaptive Reputation Management (Global and Self-Learning Local Reputation)
World’s Largest Global Intelligence Network
• Spam– 99% Effective
– <1 in 1 million false positives
– Anti-phishing
– Adaptive Reputation Mgmt stops 90% at connection
• Viruses– Leading AV engine
– Day Zero
•Content Filtering– Offensive language
– Confidential information
20+ Layers of Protection
• Global Reputation
• Local Reputation
• Image spam
• PDF spam
• Zombie attacks
• BATV backscatter
• Directory Harvest
• Language filters
Uncompromising Protection
Best in Class Antispam Protection
• Greater than 99% effectiveness• Accuracy of over 99.9999%
• Less than one false positive in every one million legitimate emails
6
Symantec Brightmail Antispam Engine
Managed by Symantec Managed by customers (optional)
• High Volume Spam Sources
• Safe Sources• Inputs from Global
Intelligence Network
Reputation Filtering
• Fraud URLs• HTTP URLs• Adult URLs
URL Filters
• Header Analysis• Language Analysis• Content Analysis• Structural Analysis• Image Analysis
Heuristics
• Body Hash• Body Fuzzy Signatures• Attachment Signatures
Signatures
• Personal Allowed and Blocked Lists
• Personal Language Filters
• Admin-Defined Allowed and Blocked Senders List
Allow and Block Lists
• Tag Validation to Protect against Bounce Attacks
• Configurable Group Policies
• Flexible Remediation
Bounce Attack Prev.
7
Adaptive Reputation Management
Global reputation• Leverages reputation service from Brightmail
BLOC and patented Probe Network• Tracks millions of known spam and safe
senders based on IP
Local reputation• Self-learning local reputation scoring
tracked by each scanner• Used by connection classification to defer
connections of likely spam senders• Effectively tracks mixed reputation and
distributed low volume senders
Connection Classification
• Assigns system resources differentially based on connection class
• Guarantees higher quality of service to senders with better reputations
• Filters out up to 90% of spam traffic based on reputation
Best in Class Antivirus Protection
• Over 40 consecutive perfect scores (VB100 designation) from VirusBulletin, since 1999 – “excellent scanning speeds and the usual impeccable detection”
• Top performer in AV-Test benchmarks, with no false positives, fast scan speed, rootkit detection, and malware cleaning
Symantec Antivirus Engine
• Signature-based Virus Definitions
• Script-Blocking• Bloodhound™ Heuristic
Definitions• Day Zero Malware Protection• Mail/zip Bomb Protection• Decomposer and File Typer
for Attachment Scanning
• Multi-threaded Scanning for Performance
• Mass-mailer Cleanup• Heuristic- and Behavior-based
IM Monitoring• LiveUpdate• Multi-threaded Scanning• Repair Engine• Flexible Workflow with
Multiple Dispositions
8
Outbound Control
9
CONTROL
Outbound Control:
Advanced Content Filtering
Data Loss Prevention Regulatory Compliance Flexible Policy-based
Workflow and Rule sets Pre-built Templates and
Dictionaries Compliance Folders
• Email and attachments– Compliance
– Intellectual Property
– Sensitive Information
– Inappropriate
• Structured Data Matching– Fingerprinting
– Exact data protection
– Related data matching
10
Advanced Content Filtering Framework
• Centralized Management• Pre-built Policies,
Patterns, and Templates• Graphical Condition
Builder
Policy Management
• Regular Expressions• Pre-built Dictionaries• Structured Data Matching• True File Typing• Text Extraction and
Attachment Scanning
Detection
• Compliance Folders• Access Controls• Multiple Verdicts• Hold-for-Review
Workflow• Graphical Incident
Manager
Incident Management
• Notifications• Enforce TLS Encryption• Tag for Archiving• Header/Message
Modification• Bounce Message
Remediation
• Pre-built Reports with Flexible Options
• Automated Report Generation
• Illustrate Liability and Risk Reduction
Reporting
Symantec Brightmail Content Filtering Engine
Encrypted Communications
Choice in Email Encryption
11
• Symantec Content Encryption, a hosted option leveraging Symantec.cloud
• Symantec PGP Universal Gateway Email, for extensible on-premises encryption
Cus
tom
er N
etw
ork
Users
Admin
Email Server M
essa
ging
G
atew
ay
Policy
Configuration
Unencrypted Recipient
Encrypted Recipient
Unencrypted Communications
PGP
GW
Em
ail
22
Cus
tom
er N
etw
ork
Users
Admin
Email Server
Mes
sagi
ng G
atew
ayPolicy
Configuration
Unencrypted Recipient
Encrypted Recipient
Unencrypted Communications
TLS
Encryption
Encrypted Email Based on Policies
Encrypted Response
Powerful and Easy to Use Management
12
MANAGE
Management and Administration
Unified Control and Management
Frequent Automatic Spam/Virus Updates
Comprehensive Logging and Alerts
On-Demand Reporting and Intelligence
Virtual Appliance
• Setup in minutes– No tuning requirements
– Adapts to local environment
• Minimize administrative effort– Role based administration
– End user self service quarantine
– Dashboard and automated reporting
– Message tracking and auditing
• Benefit from virtualization– Supports mixed physical / VMware
environments
– Save on hardware costs
– Simply backup and high availability
Virtual vs. Physical Appliance Option
Hypervisor
• Compatible with VMWare ESX 3.5 and ESXi 3.5 servers
• Same software license for virtual and traditional appliance
Model 8340
Platform 1 Rack UnitSingle Processor2x160GB
Segment Small and Medium Businesses
• Dedicated Scanners or Dedicated Control Center
• Combined Scanner/Control Center: Suitable for smaller organizations
13
14
Out-Of-The-Box ReportingFull set of reporting options• Dashboard - quantifies all known
email threats• Executive Summaries• Over 50 preset reports• Flexible reporting workflow• Scheduled report generation and
export options
Benefits• Gain insight into performance• Identify Email and IM security
trends• Track potential compliance issues
• Sender• Recipient• Subject• etc.
• Time message processed• Sender • Recipient • Subject of the message• Disposition (spam, virus, blocked
sender, etc)• Actions Taken
Simple Message TrackingFilter with multiple criteria
Retrieve Message Status
Drill down for detailed forensics
2
3
1
15
16
Flexible Compliance Administration• Create additional administrator accounts
– Specify desired level of management privileges
– Specify list of administrators who can use Control Center
– Specify administrators who can access compliance folders
• Customize administrator rights– Full Administrator rights (View and Modify any
page in Control Center)
– Limited access to restrict access to certain settings
– Differentiate between View and Modify access
Thank you!
Copyright © 2011 Symantec Corporation. All rights reserved. Symantec and the Symantec Logo are trademarks or registered trademarks of Symantec Corporation or its affiliates in the U.S. and other countries. Other names may be trademarks of their respective owners.
This document is provided for informational purposes only and is not intended as advertising. All warranties relating to the information in this document, either express or implied, are disclaimed to the maximum extent allowed by law. The information in this document is subject to change without notice.
Stéphane JacobsStephane_jacobs@symantec.com
Key Benefits
•Uncompromising Protection•Unique Antispam – Effective on botnets and adapts to your local threat conditions with greater than 99% effectiveness and 99.9999% false positive rate
•Best Antivirus – Unparallel VB100 testing results•Advanced Content Filtering – Protect confidential information
•Powerful and Easy-to-Use Management •Out-of-box Installation – Less than 15 min setup time•Zero Tuning – No administrative work is required to train the rulesets•Continuous Automated Updates – From Symantec Global Intelligence Network
•Smart Investment, Today and Tomorrow •Save on hardware by implementing the Virtual appliance on hardware of choice, including ones currently owned
•Lower total cost of ownership with minimal ongoing administrative overhead
Best of Breed Technologies
19
19
20
•Compared to Barracuda, Symantec has•Better protection – 8% more effective than Barracuda; and Barracuda had almost 9x more false positives than Symantec did1.
•Easier to manage – Zero ruleset maintenance, and no tuning required.•Lower total cost of ownership – Lowest on-going costs; scalable appliance
•Compared to Cisco Virus and Spam Blocker, Symantec has•Smarter appliance – Industry’ only global AND local IP reputation technology•Better antivirus – Day zero antivirus protection included
•Compared to McAfee, Symantec has•Better antispam – McAfee has substantial administrative burden to train rulesets•Better antivirus - Symantec has more than 40 consecutive VB100 awards for the last 10 years. McAfee has failed 11 times since 19992.
Competitive Comparison
1 InfoWorld Technology of the Year Award, 2005-2008, winner for Best Anti-Spam/Mail Security Solution.2 VirusBulletin100 Awards 1999 to 2009
Challenge #1: Spam Continues to Flood Servers and Employee Inboxes
21
21
Source: Symantec State of Spam Report
2009
Spam
as
a Pe
rcen
tage
of E
mai
l Vol
ume
2001Severity/Complexity
PDF Spam
ASCIISimple Text
HTML
Phishing
Image Spam
419 Spam
8%
90%
Intellectual Property
Competitive Source Code Engineering Specs Strategy Documents Pricing
Customer, Employee, Patient Data
Regulatory Compliance HIPAA, GLBA, PCI,
State Data Privacy, Caldicott, PIPEDA
SSN, Credit Card Numbers, Health Info
Company Confidential
Reputation Press Release Quarterly Earnings M&A CEO Internal Email
• 1:400 emails contain confidential information• Over 90% of data loss caused by breakdowns in process
controls by good employees
22
Challenge #2: Sensitive Data is Leaving the Enterprise, Risking Brand and Reputation
22
23
Reducing False Positives with Structured Data Matching• Matching to database extracts
– Protect the exact data you care about – not just a pattern that looks like a credit card number, but your customers’ actual credit card numbers
– Protect data that is difficult to describe and only important if related - e.g. Employee first name, last name and salary
• Once a fingerprint has been created from these data, the administrator can specify what defines a violation– E.g. fields required for a match
First Name Last Name Social Security Hair Color
Kayla Douglas 770-12-6909 Black
Karen Whitcomb 149-60-0533 BlondBrian Hubert 227-01-2294 BrownClare Mata 476-68-0222 Red
Ralph Hansen 221-20-9165 Brown
Felipe Fulmer 698-01-7121 Gray
Symantec Data Loss Prevention Integration
• Protect confidential data across endpoint, network, and storage systems
• New integration: – Simplifies deployment and
management– Ensures high availability and
performance
24
25
Challenges
• Generating Management Reports• Keeping Systems Current• Responding to End User Requests• Managing Policies Across Systems• Managing Spiraling Energy Costs
Challenge #3: Messaging Infrastructure is Increasing in Cost and Complexity 8 AM
9 AM
10 AM
11 AM
Noon
1 PM
2 PM
3 PM
4 PM
Midnight
8:15 AMTargeted Attack Occurs
9:00 AMHelp Desk is Bombarded All
Day
10:30 AMInstall System Updates, Manually Adjust Policies
11:45 AMGenerate Reports for
Executive Review
1:30 PMSearch Through Spam Quarantine for Missing
Emails
2:45 PMChange Block Lists Based on Message Audit Results
12:00 MidnightExecutive Calls: Can’t Find
My Email!
• IT Budgets and Headcount are Flat• IT Responsibilities are Growing
25
26
Streamlined System Management
• Automated filter downloads and statistics• Antivirus LiveUpdate process• Simple software updates • Automated email alerts• Granular backup and restore• Configurable logging levels• SNMP support
Upsell/Crosssell
28
Easy Up-sell/Cross-sell Opportunities
Add Messaging Gateway Small Business Edition to provide comprehensive end-to-end protection, securing both inbound and outbound email and instant message traffic from phishing threats.
One affordable Messaging Gateway Small Business Edition appliance at the messaging gateway can drastically reduce spam volumes—relieving stress at the mail server level.
Customer Benefit • Plug & Play Email and IM protection• Lowe TCO and save costs on mail servers
Partner Opportunity • Easy up-sell from Symantec portfolio • Additional revenue
Mail Servers
29
Competitive Displacements
Customer Benefit • Better protection technologies• Much less administrative overhead• Hardware scalability and flexibility • Lower Total Cost of Ownership (TCO)
Partner Opportunity • Easy and centralized management• Focus more on higher revenue consulting services than day-to-
day administration • Improve customer relationship
Summary
Symantec Brightmail GatewayProduct Recognition
“Symantec takes the prize with superior anti-spam and anti-malware capabilities, strong
enterprise-class features, excellent management and reporting tools, and a very
polished and easy-to-use administrative interface.”
Symantec … shows a level of sophistication and ease of use that
only comes from being a class leader for a long time, and having all the
sharp edges rounded off.
Product Excellence Award: Server
Appliance
-InfoWorld 2008 Technology of the Year Awards4th Consecutive Year
- Best Messaging Security
Leader, Magic Quadrant2010 Secure E-Mail Gateways
31
Leader, Forrester Wave2009 Email Filtering
31
32
Customer Confidence In Symantec
We protect over 800M mailboxes at over 100,000 customers, including…
32
33
Global Support Presence
29 regional support centers70 regional delivery partners
• Experts with certifications from more than 20 industry associations and technology providers including:
– Microsoft, Cisco, Sun, HP, IBM, SNIA, and CISSP
• Rapid resolution of multi-vendor cases provided through:
– Cooperative support agreements with more than 200 vendors
– TSANet board membership
• Support delivered in 10 languages• Awards:
– SSPA Star Award (Service and Support Professionals Assoc.)
– Omega’s NorthFace ScoreboardSM Award
– WebStar Award from Supportgate.com
• Global programs to extend support delivery through partners
More than 2400 highly trained global support professionals
34
What To Do Next
Try the product!• 30-day evaluation www.symantec.com/trybrightmail
Compare effectiveness and accuracy• Greater than 99% effectiveness, less than 1 in a
million false positives
Symantec and our partners can help assess, plan and deploy successfully!
Backup
35
Messaging Gateway ArchitectureSymantec Global Intelligence Network
Advanced Content Filtering
Antispam
Adap
tive
Repu
tatio
n M
gmt. Antivirus Data Loss
Prevention
Embedded MTA• SMTP• IM
• SMTP• IM
36
IM Proxy
Policy Engine
Message processing and verdict analysis
Man
agem
ent I
nter
face
• Reputation• Rules• Signatures• Heuristics• Definitions
Encryption*
* Native TLS encryption, Integration with encryption partners 36
Recommended