Upload
jeremy-francis
View
214
Download
0
Embed Size (px)
Citation preview
BorderWare Security Platform
Solution Update
BorderWare Security Platform
Solution Update
August 2007 © Copyright 2006 BorderWare Technologies Inc. All Rights Reserved. 2
AgendaAgenda
Market opportunity Customer Requirements BSP - Comprehensive Security BorderWare Security Platform…a closer look BorderWare Security Network
BorderWare Security Platform
Market opportunity
BorderWare Security Platform
Market opportunity
August 2007 © Copyright 2006 BorderWare Technologies Inc. All Rights Reserved. 4
Source: IDC, 2007
Convergence of Secure Content & Threat ManagementConvergence of Secure Content & Threat Management
August 2007 © Copyright 2006 BorderWare Technologies Inc. All Rights Reserved. 5
Source: IDC, 2007
BorderWare Solutions
Convergence of Secure Content & Threat ManagementConvergence of Secure Content & Threat Management
August 2007 © Copyright 2006 BorderWare Technologies Inc. All Rights Reserved. 6
Market OpportunityMarket Opportunity
Worldwide SCM Product Revenue by Segment 2003 - 2009
-
500
1,000
1,500
2,000
2,500
3,000
2003 2004 2005 2006 2007 2008 2009
Antispyware Web Filtering Messaging Security Antivirus
Worldwide SCM Product Revenue by Segment 2003 - 2009
-
500
1,000
1,500
2,000
2,500
3,000
2003 2004 2005 2006 2007 2008 2009
Antispyware Web Filtering Messaging Security Antivirus
$4,605 $5,406 $6,100 $6,714 $7,266($ in 000s) 1 Anti-Virus2 E-mail filtering / Anti-Spam3 Network Intrusion Detection4 Firewall5 Encryption6 SSL VPN7 Wireless LAN Security8 Data Security9 VPN for Remote Office or Partners
10 Host Intrusion Detection
Top Areas for Security Investment in 2006
Source: Merrill Lynch.
Source: IDC.
The Secure Content Management Market was a $6.2B market in 2005 and is growing at 16.3%
IT spending on security remains the top priority on CIO’s wish lists ahead of BI, desktop OS’s & applications, ERP and SOA/web services
August 2007 © Copyright 2006 BorderWare Technologies Inc. All Rights Reserved. 7
Worldwide Secure Content Management Revenue by Segment, 2004-2010 ( $M)Worldwide Secure Content Management Revenue by Segment, 2004-2010 ( $M)
2004 2005 2006 2007 2008 2009 2010
2005-2010
CAGR (%)
Antivirus 3,693.0 4,331.3 5,012.7 5,693.3 6,360.7 6,823.9 7,283.0 11.0
Antispyware 117.0 294.5 397.7 485.9 544.9 575.0 565.0 13.9
Web filtering
423.5 549.0 650.8 732.6 786.7 861.0 926.3 11.0
Messaging security
675.4 919.0 1,210.1 1,553.4 1,901.5 2,369.2 2,804.4 25.0
Total 4,908.9 6,093.8 7,271.4 8,465.3 9,593.7 10,629.2 11,578.7 13.7
IDC 2006 - Worldwide Secure Content Management 2006-2010, Forecast Update and 2005 Vendor Shares: The Convergence of Secure Content and Threat Management
August 2007 © Copyright 2006 BorderWare Technologies Inc. All Rights Reserved. 8
Security ConcernsSecurity Concerns
37%
39%
39%
40%
44%
51%
52%
27%
33%
36%
38%
33%
49%
44%
Mobile clients
Increasing volume andcomplexity of network traffic
Increasing complexity ofsecurity solutions
Security Budget too small
Business executivesfollowing security policy
Increasing sophistication ofattacks
Employees following securitypolicy
2006 2005
How would you rate the items below on the threat each poses to your company’s enterprise network security? (Scale: 5=Significant threat; 1= no threat)
Top 2 boxes (rating of 4 or 5)IDC 2007
BorderWare Security Platform
Customer Requirements
BorderWare Security Platform
Customer Requirements
August 2007 © Copyright 2006 BorderWare Technologies Inc. All Rights Reserved. 10
Today’s Extended EnterpriseToday’s Extended Enterprise
VoIP
PDA’sWebApps
EnterpriseApps
Proliferation ofThreat VectorsProliferation ofThreat Vectors
MobilePhones
Office Apps
IM
Laptops
Data Leakage•Brand Risk•Legal Risk•Privacy
Data Leakage•Brand Risk•Legal Risk•Privacy
August 2007 © Copyright 2006 BorderWare Technologies Inc. All Rights Reserved. 11
Today - Perimeter Security InfrastructureToday - Perimeter Security Infrastructure
Email Security IM Security Web Security
• Lack of comprehensive security• Complexity in management
• Limited scalability & redundancy• Expensive to own & operate
August 2007 © Copyright 2006 BorderWare Technologies Inc. All Rights Reserved. 12
Customer RequirementsCustomer Requirements
EmailEmail WebWeb IMIM
Inbound
Protection
Outbound
Content
Infrastructure
Management
• Ease of management• Consolidated policy management• Application specific reporting• Availability and Scalability
• Distributed deployment – central management• Modular deployment• Application control• Low TCO
• Reduce SPAM - employee productivity
• React quickly to new SPAM• Protect against malicious
scripts and Viruses• DoS, DHA attack protection• Protect against Phishing,
Pharming, Spyware attacks• Network Resources
• Pass compliance audits• Intellectual property
protection• Privacy protection• Reduce legal liability -
acceptable use• Data Leakage Protection
• Protect against malicious scripts and viruses
• Phishing/Pharming protection – embedded URLs – blended threat
• Privacy protection• Reduce legal liability –
acceptable use• Access Control• Audit and forensic
analysis• Data Leakage
Protection
• HTML embedded viruses and malicious scripts
• Spyware/Malware protection
• Phishing, Pharming protection
• Monitor/block social networking sites – Facebook, blogs, wikis, etc
• Data Leakage Protection
• Reduce legal liability – acceptable use
August 2007 © Copyright 2006 BorderWare Technologies Inc. All Rights Reserved. 13
The Analysts Agree…The Analysts Agree…
“As communications channels become more diverse, an effective content inspection policy needs to span not only e-mail but also Web mail, IM, blog postings, chat rooms and so on if it is to be comprehensive. Moreover, having separate policy and policy definitions, groups and directories is nonsensical…A single policy engine that can define communications policy across all modes of communications for groups and users is necessary…” Gartner 2006
“The key to scalability is to provide a component architecture for enforcement but with a single management layer to apply policy” Gartner 2006
“Content inspection, compliance, and retention policies must cut across all communications media rather than be silos in themselves. Organizations do not want to create a new Health Insurance Portability and Accountability Act (HIPAA) or ethical-wall policy for each communication medium.” Gartner 2006
BorderWare Security Platform
Comprehensive Security
BorderWare Security Platform
Comprehensive Security
August 2007 © Copyright 2006 BorderWare Technologies Inc. All Rights Reserved. 15
BorderWare Security PlatformBorderWare Security Platform
Protect Virus, spam, malware, spyware,
bots, zombies, image spam, … Integrated - Email, Web, IM Detect, correlate and block
blended threats
Control Content Management Meet compliance requirements Enforce corporate policies
Manage Centralized Policy Centralized Management Scalable High Availability
August 2007 © Copyright 2006 BorderWare Technologies Inc. All Rights Reserved. 16
Web Drive by DownloadsMalware, Spyware
DoS, DHA, Protocol attacks
Spam & phishing
Blended ThreatsMulti-application
Viruses, worms, Trojans
BorderWare Security PlatformSecurity for Email, IM and WebBorderWare Security PlatformSecurity for Email, IM and Web
Acceptable Use Policy• Real time monitor & block• Policy enforcement• Web reputation filtering
Data Leakage Protection• IP protection• Accidental disclosure• Anomaly detection
Compliance• Government regulations• Industry compliance• Email encryption
August 2007 © Copyright 2006 BorderWare Technologies Inc. All Rights Reserved. 17
Reputation scoring for Web, email, IM, and VoIP Half billion sources of threat information from email, IM, Web, VoIP Proactive defense to block unwanted and malicious content at perimeter Seamless integration with BorderWare Security Platform Pinpoint accuracy with domain and user reputations
Over Half Billion Sources
Good
Reject
Comprehensive Security
Real-time, multi-application reputation servicesBorderWare Security NetworkReal-time, multi-application reputation servicesBorderWare Security Network
August 2007 © Copyright 2006 BorderWare Technologies Inc. All Rights Reserved. 18
BenefitsBenefits
Low TCO
Comprehensive security
Reduced complexity
Investment protection
High Performance
BorderWare Security Platform BenefitsBorderWare Security Platform Benefits
CapabilitiesCapabilities
Integrated, appliance delivery, easy management
360o security protection, control and management
Integrated by design, single software platform
Modular architecture
On-demand scalability through intelligent clustering
Enhanced messaging security made simple, scalable, and affordable
BorderWare Security Platform
A closer look….
BorderWare Security Platform
A closer look….
August 2007 © Copyright 2006 BorderWare Technologies Inc. All Rights Reserved. 20
BSP Core Value PropositionBSP Core Value Proposition
Comprehensive Security Ease of Use High Performance Availability Lower Total Cost of Ownership (TCO)
50% less cost to own & operate
Enhanced messaging security made simple, scalable, & affordable
August 2007 © Copyright 2006 BorderWare Technologies Inc. All Rights Reserved. 21
Comprehensive Security:Real-Time, Proactive Threat ProtectionComprehensive Security:Real-Time, Proactive Threat Protection
Web, IM and Email Integrated Protection
Reputation Anti-Virus Anti-Spam Anti-Phishing Zero Hour Virus Protection Malware Protection
Comprehensive Content Monitoring and Filtering
Intercept Engine
Anti-Virus
Anti-Spam
Anti-Phishing
DoS & DHA
Th
reat
Pre
ven
tio
n
Anti-Malware
PROTECT
August 2007 © Copyright 2006 BorderWare Technologies Inc. All Rights Reserved. 22
Detect & Block malicious emailDetect & Block malicious email
Image analysis engine enhances to detect the latest variants of image spam
Intercept engine detects obfuscated URL’s to prevent blended phishing attacks
PROTECT
Improve Email Threat Detection
[email protected] Victim http://www.paypal.com@
%32%32%30%2E%36%38%2E%32%31%34%2E%32%31 %33
August 2007 © Copyright 2006 BorderWare Technologies Inc. All Rights Reserved. 23
Detect & Block malicious emailDetect & Block malicious email PROTECT
Improve Spam Detection
LegalJoe Victim
Update 2
Detect and block PDF and ZIP spam
August 2007 © Copyright 2006 BorderWare Technologies Inc. All Rights Reserved. 24
BorderWare Quarantine ServerBorderWare Quarantine Server
Dedicated quarantine solution Scales to 100,000 enterprise users Policy-driven domain support Customized plain text or HTML spam digest layout
Multiple languages End user-defined Trusted and Blocked Senders Lists
Imported on a scheduled basis View, release, trust or block sender, and delete messages
directly from the spam digest message Customize frequency of notifications and the language
templates for the spam digest
PROTECT
Eliminate False PositivesImprove Gateway Performance
August 2007 © Copyright 2006 BorderWare Technologies Inc. All Rights Reserved. 25
BorderWare Quarantine ServerBorderWare Quarantine Server
SP-1000 Quarantine Server Up to 100,000 users 2 x Intel Xeon 3.2 GHz CPU with 2 GB RAM 4 x Gigabit Ethernet NIC 4 x 146 GB SCSI HDD (584 GB total, 292 GB effective), RAID 1+0,
hot swap 2 x power supply, hot swap
SP-200 Quarantine Server Up to 5,000 users 1 x Intel Celeron D 3.2 GHz CPU with 1 GB RAM 3 x Gigabit Ethernet NIC 1 x 80 GB HDD
PROTECT
New
August 2007 © Copyright 2006 BorderWare Technologies Inc. All Rights Reserved. 26
BSP Weighted DictionariesBSP Weighted Dictionaries
Provides intelligent & granular enforcement of corporate & compliance policies For example:
> Diagnosis name by itself may not be a compliance violation
> Diagnosis name, Patient Number & the word “terminal” may be a violation
Used for Content scanning for email Objectionable Content Filtering (OCF) for email, Web & IM Spam dictionaries (email)
CONTROL
Reduce False Positives
August 2007 © Copyright 2006 BorderWare Technologies Inc. All Rights Reserved. 27
IM Protocols & ClientsIM Protocols & Clients
AIM (AOL) AIM 5.9 or previous version for Windows Apple iChat 3.1.5 Pidgin (GAIM) for Linux 1.5 & greater
XMPP/Jabber Google Talk for Windows (Google Talk Web client is not supported) Psi Jabber Client 0.10 for Windows Kopete for Linux 0.12
Windows Live Messenger Windows Live Messenger 8.1 for Windows
Yahoo! Messenger Yahoo! Messenger 8.1 for Windows
CONTROL
Secure Popular IM Clients
Rel 7.1
Rel 7.1
August 2007 © Copyright 2006 BorderWare Technologies Inc. All Rights Reserved. 28
Download Size Limit for WebDownload Size Limit for Web
Administrators define a size limit for Web downloads, files larger than this size will be blocked.
Manage network resources
MANAGE
Rel 7.1
August 2007 © Copyright 2006 BorderWare Technologies Inc. All Rights Reserved. 29
BSP Installation WizardBSP Installation Wizard MANAGE
Simplify BSP Installation
August 2007 © Copyright 2006 BorderWare Technologies Inc. All Rights Reserved. 30© Copyright 2007 BorderWare Technologies Inc. All Rights Reserved. 30
Reporting & Logging EnhancementsReporting & Logging Enhancements
Report Generation 14 pre-canned reports Derived from various system logs, then stored in the database Ad hoc or scheduled Pre-defined reports for Web & IM
Report Viewing PDF format Emailed to specific users CSV and HTML formats
Separate Email, Web & IM Logs
MANAGE
Improve system visibility
Rel 7.1
Rel 7.1
Rel 7.1
August 2007 © Copyright 2006 BorderWare Technologies Inc. All Rights Reserved. 31
Centralized Management & ClusteringCentralized Management & Clustering
Centralized Management is a different & complimentary function to Clustering
Clustering Used for high-availability Load balancing of messages at a single site Comprised of systems with identical configurations
Centralized Management Used to centrally manage & monitor multiple clusters &
multiple systems at many sites Accommodates a heterogeneous mix of configurations
MANAGE
August 2007 © Copyright 2006 BorderWare Technologies Inc. All Rights Reserved. 32
ClusteringClustering MANAGE
New York
Clustered systems form a single logical unit
The entire cluster is managed from a single node(the cluster Primary)
August 2007 © Copyright 2006 BorderWare Technologies Inc. All Rights Reserved. 33
Centralized ManagementCentralized Management MANAGE
Any BorderWare Security Platform can be licensed as the Centralized Management console
New York London Hong Kong
August 2007 © Copyright 2006 BorderWare Technologies Inc. All Rights Reserved. 34
Centralized Management Centralized Management MANAGE
Manage multiple systems at the same time Manage geographically dispersed systems on different network segments over
LAN & WAN connections Manage individual systems & clusters of systems Ensure consistent configuration across all systems Increase reliability, scalability & flexibility Reduce Administration overhead Supports global configuration & local policies Centralized reporting & mail history searches No extra hardware required Totally secure & can be used over public networks
Cost option that must be licensed 30 day evaluation is available
Simplify Administration & Deployment Rel 7.1
August 2007 © Copyright 2006 BorderWare Technologies Inc. All Rights Reserved. 36
Centralized Management LicensingCentralized Management Licensing MANAGE
New York London Hong Kong
A license key is required to enable the manager system
Number of managed nodes = 8 Price = 8 x License price
August 2007 © Copyright 2006 BorderWare Technologies Inc. All Rights Reserved. 37
Web & IM LDAP AuthenticationWeb & IM LDAP Authentication
Simplifies Web & IM user authentication & provides Cluster support Web & IM users can authenticate by:
Local System Users where the user is defined directly on the BSP system & is suitable for single system deployments.
LDAP Mirrored Users where the user information is imported from an LDAP directory (i.e., mirrored) & is suitable for single & clustered system deployments.
LDAP Authenticated Users where the user is authenticated directly against an LDAP directory (i.e., not mirrored) & is suitable for single & clustered system deployments.
MANAGE
Simplify Deployment Rel 7.1
August 2007 © Copyright 2006 BorderWare Technologies Inc. All Rights Reserved. 38
Configurable Web & IM NotificationsConfigurable Web & IM Notifications MANAGE
Enhance Policy Customization
Configurable notifications for sender, recipient & administrator Configurable by Default, User, Group or Domain Policy
Rel 7.1
August 2007 © Copyright 2006 BorderWare Technologies Inc. All Rights Reserved. 39
Web & IM Activity ScreensWeb & IM Activity Screens
Displays connection time, message IDs, source, destination, status & final disposition.
MANAGE
Increase System Visibility Rel 7.1
August 2007 © Copyright 2006 BorderWare Technologies Inc. All Rights Reserved. 40
Message History SearchesMessage History Searches
Mail History has been replaced by Message History and searches across mail, Web & IM
MANAGE
Simplify Operations & Administration Rel 7.1
BorderWare Security NetworkBorderWare Security Network
August 2007 © Copyright 2006 BorderWare Technologies Inc. All Rights Reserved. 42
Reputation ServicesReputation Services
Designed to combat Spam and unwanted content by measuring the reputation of message sources
Virtually all existing reputation services are limited to email Most reputation services focus on email volumes Increases in volume are interpreted as suspicious activity Over reliance on past activity, ignoring current behaviour Examples
SenderBase – Ironport – www.senderbase.org TrustedSource – Secure Computing –
www.trustedsource.org
August 2007 © Copyright 2006 BorderWare Technologies Inc. All Rights Reserved. 43April 2007 © Copyright 2006 BorderWare Technologies Inc. All Rights Reserved. 43
Challenges with Reputation Service Challenges with Reputation Service
Organizations suffer from Incorrect assignment of poor reputation due to
> Spoofed email > Shared mail relay> Shared IP by managed service
Assignment of poor reputation caused by> Botnet (infected PC)> Individual malicious user
Identifying real cause of poor reputation is difficult Removal from block lists is difficult
August 2007 © Copyright 2006 BorderWare Technologies Inc. All Rights Reserved. 44April 2007 © Copyright 2006 BorderWare Technologies Inc. All Rights Reserved. 44
Problems with ISP and Managed ServicesProblems with ISP and Managed Services
Managed services and ISP provide mail relay service to many customers via a single (or multiple) IP addresses
As a result, customers reputation is shared among multiple organizations (domains)
If one organization is infected by a botnet or sends viruses Resulting lower reputation across entire IP affecting all
customers
August 2007 © Copyright 2006 BorderWare Technologies Inc. All Rights Reserved. 45
BSN is “Next” GenerationBSN is “Next” Generation
BSN incorporates more than just spam and volume information, some examples:
BSN tracks recent virus behavior from IP addresses Allows known virus senders to be outright
rejected. Systems that have been accidentally infected can be temporarily rejected until they get clean
BSN classifies and tracks “dial-up” accounts Can be used to reject all mail from dial-
ups, which are often zombie and botnet systems
Good recipients vs. Bad recipients being tracked
August 2007 © Copyright 2006 BorderWare Technologies Inc. All Rights Reserved. 46April 2007 © Copyright 2006 BorderWare Technologies Inc. All Rights Reserved. 46
BSN enhanced “Domain Reputation”BSN enhanced “Domain Reputation”
BorderWare Patent Pending technology for identifying reputation by domain and sender
Intelligently analyses and correlates Overall IP address reputation Domain name for each IP User (envelope sender) from each IP
August 2007 © Copyright 2006 BorderWare Technologies Inc. All Rights Reserved. 47April 2007 © Copyright 2006 BorderWare Technologies Inc. All Rights Reserved. 47
Domain Reputation BenefitsDomain Reputation Benefits
Shared mail relays and ISPs Good senders maintain good reputation Bad senders maintain bad reputation
Mitigate spoofed email BSN tracks domain IPs that are sending good email Attempts to send email from a different IP is detected as
spoofed
Protection against Back Scatter (bounce back) Isolate mailer daemon messages sending bounce backs BSN prevents NDRs from affecting user's reputations
August 2007 © Copyright 2006 BorderWare Technologies Inc. All Rights Reserved. 48April 2007 © Copyright 2006 BorderWare Technologies Inc. All Rights Reserved. 48
BSN Public PortalBSN Public Portal
Putting it all together… DEMO! http://bsn.borderware.com/sand
August 2007 © Copyright 2006 BorderWare Technologies Inc. All Rights Reserved. 49
BSN Server Nodes
BSN Data Center
Customer Systems
Three Tier Architecture
How does BSN work?How does BSN work?
August 2007 © Copyright 2006 BorderWare Technologies Inc. All Rights Reserved. 50
Using BorderWare Security NetworkUsing BorderWare Security Network
BorderWare Security Network has distinct value propositions
Product Integration
Public Portal
April 2007 © Copyright 2006 BorderWare Technologies Inc. All Rights Reserved. 50
August 2007 © Copyright 2006 BorderWare Technologies Inc. All Rights Reserved. 51
BSN Product IntegrationBSN Product Integration
Information from BSN can be used in two ways within the BorderWare Security Platform:
1. To reject connections during SMTP conversation> Known malicious senders can be rejected right away to
prevent spam, spyware, and virus mail from being delivered
> Rejects 60-90% of all bad messages at the front door
2. In the BSP Intercept decision strategy> Behavior information can be used to help decide message
disposition
> Provides “second opinion” for questionable emails
August 2007 © Copyright 2006 BorderWare Technologies Inc. All Rights Reserved. 52
BSN Product IntegrationBSN Product Integration
April 2007 © Copyright 2006 BorderWare Technologies Inc. All Rights Reserved. 52
BorderWare suggested defaults:• Intercept Connection Control
Lenient
Standard
Aggressive
• Intercept Anti-Spam Aggressiveness
August 2007 © Copyright 2006 BorderWare Technologies Inc. All Rights Reserved. 53
BSN Product IntegrationBSN Product Integration
April 2007 © Copyright 2006 BorderWare Technologies Inc. All Rights Reserved. 53
For those that like to dabble:
August 2007 © Copyright 2006 BorderWare Technologies Inc. All Rights Reserved. 54
BSN Key MessagesBSN Key Messages
BSN is next generation reputation solution offering proactive protection through behavioral analysis
Blocks 60-90% of all spam, viruses, spyware, and malicious content at the front door. As email volumes rise, your infrastructure costs don’t have to.
Provides a real time granular view of content from multiple users and domains. Better data means better results.
BSN is seeing what others are not. E.g. domain lookup data and “worst behaved” list.
August 2007 © Copyright 2006 BorderWare Technologies Inc. All Rights Reserved. 55
Let’s get tacticalLet’s get tactical
BSN = Door opener for new and existing customers Target end users with high interest in their Internet
reputation> Financial Services, Insurance, Retail, Government
Perform a BSN Domain look up for these prospects Make it real for the prospect
> Perform the same look up with SenderBase and Trusted Source in two other tabs within your browser
> http://www.senderbase.org; http://www.trustedsource.org
BSN is more accurate and granular over other reputations such as Sender Base and Trusted Source
August 2007 © Copyright 2006 BorderWare Technologies Inc. All Rights Reserved. 56
Supporting documentation Supporting documentation
Copy of Presentation BSP FAQ on new features Promotional information coming for existing
customers. Updated pricing which includes Centralized
management
Thank You
Q&A
Thank You
Q&A