View
212
Download
0
Category
Preview:
Citation preview
TrustPort Net GatewayEmail traffic protection
WWW.TRUSTPORT.COM
Keep It Secure
• Entry point protection– Clear separation of the risky internet and secured intranet– Malware and spam blocked before reaching endpoints– No need to remove threats individually on every computer
• Unified security concept– Compact user interface– Remote control of the solution possible– Easy analysis of traffic and incidents
Advantages of centralised email protection
WWW.TRUSTPORT.COM
Keep It Secure
Handling email traffic
TrustPort Net Gateway
Mail serverFirewall
TrustPort Net Gateway
Mail serverFirewall
WWW.TRUSTPORT.COM
Keep It Secure
Principal components of incoming email protection
Receiving SMTPserver Backup of
messages
Antivirus and
antispam kernel Sending
SMTP server
WWW.TRUSTPORT.COM
Keep It Secure
• Antispam shield• Blacklists and whitelists• DNS records• Greylisting• Autowhitelist
Receiving SMTPserver
WWW.TRUSTPORT.COM
Keep It Secure
Receiving SMTPserver
Antispam shield
TrustPort Net
Gateway
WWW.TRUSTPORT.COM
Keep It Secure
Basic whitelist and blacklist
*@company.com*@company.czsupport@net.cz
info@company.comsupport@company.czcontact@company.cz
*@company.net*@company.org
LDAP
AD Text
WWW.TRUSTPORT.COM
Keep It Secure
Blacklists and whitelists
Blacklist of banned servers
Blacklist of banned senders
Whitelist of trusted recipients
Whitelist of trusted senders
Whitelist of trusted servers
Exceptions
WWW.TRUSTPORT.COM
Keep It Secure
To:To:
From:From:
Greylisting
TrustPort Net
GatewayIP:IP:
WWW.TRUSTPORT.COM
Keep It Secure
• Criteria for the rules– direction– sender – recipient– IP address range
• Action to follow – forward– backup– delete
Backup of messages
WWW.TRUSTPORT.COM
Keep It Secure
• Scanning by multiple antivirus engines• Filtering out unwanted attachments
• Checking DKIM, SPF• Checking DNS blacklists• Forbidden words• User regulars
• Database of regular rules• Checking for image spam• Bayes analysis
• Point evaluation
Antivirus and
antispamkernel
Fully adjustableby the user
Partiallyadjustableby the user
WWW.TRUSTPORT.COM
Keep It Secure
User filters
• Forbidden words
creditfreeofferviagra
• Regular rules
Part: headersField: fromRegular: @company.com
Part: bodyRegular: (free|share)ware
Antivirus and
antispam kernel
+ 10 000
- 5000
+ 2000
WWW.TRUSTPORT.COM
Keep It Secure
Using DKIM
Generatinghash of the message
Decrypting the electronic signature
WWW.TRUSTPORT.COM
Keep It Secure
Using SPF
HELO:
MAIL From:
IP:
IP:
IP:
IP:
WWW.TRUSTPORT.COM
Keep It Secure
Bayes analysis
Regular rules
Spamdictionary
Ham dictionary
Bayes analysis
spam
ham
User rules
Updates
WWW.TRUSTPORT.COM
Keep It Secure
• Sending electronic mail to one target mail server– Fixed IP address
• Sending electronic mail to several target servers– Delivery table– MX records– Delivery table combined
with MX records
Sending SMTP server
WWW.TRUSTPORT.COM
Keep It Secure
Components of outgoing email protection
Sending SMTPserver
Antivirus kernel
Receiving SMTP server
WWW.TRUSTPORT.COM
Keep It Secure
Components of outgoing email protection
Receiving SMTPserver
Antivirus kernel
Sending SMTP server
• sender control based on computer address• sender control based on email address• whitelist of trusted senders
• scanning using selected engines• filtering out unwanted attachments
• adding to autowhitelist• truncating dangerous headers• sending out
WWW.TRUSTPORT.COM
Keep It Secure
Sending SMTP server
Autowhitelist
From: peter.jones@company.com
To: joe.davis@gmail.com
From: joe.davis@gmail.com
To: peter.jones@company.com
WWW.TRUSTPORT.COM
Keep It Secure
Product certifications
Virus BulletinReactive and
proactive test, average values
(April 2011)
@HOME
WWW.TRUSTPORT.COM
Keep It Secure
Product certifications @HOME
Virus Bulletin (April 2011)
TrustPort Antivirus
Avast Free Antivirus
AVG Internet Security
Eset NOD32 Antivirus
Kaspersky Anti-Virus
McAfee VirusScan
Microsoft Forefront Endpoint Protection
RAP test, overall detection 98.02% 95.27% 92.55% 93.33% 93.30% 84.71% 91.94%
RAP test, reactive detection 99.63% 97.02% 95.27% 94.49% 94.63% 85.05% 93.52%
RAP test, proactive detection 93.18% 90.02% 84.38% 89.86% 89.32% 83.69% 87.18%
WWW.TRUSTPORT.COM
Keep It Secure
Product certifications
Average on-demanddetection of malware
Missed samples (the lower the better)
@HOME
AV-Comparatives (April 2011)
WWW.TRUSTPORT.COM
Keep It Secure
Product certifications @HOME
AV-Comparatives
TrustPort Antivirus
Avast Free Antivirus
AVG Anti-Virus
Eset NOD32 Antivirus
Kaspersky Anti-Virus
McAfee Antivirus Plus
Microsoft Security Essentials
Norton AntiVirus
Overall on-demand detection(April 2011)
99.2% 98.4% 91.4% 97.5% 97.0% 96.8% 95.8% 95.5%
Detection of potentially unwanted apps(December 2010)
99.5% 96.9% - 97.7% 97.6% 98.7% 92.7% 99.6%
Thank you for your attention!
Recommended