BorderWare Security Platform Solution Update. August 2007© Copyright 2006 BorderWare Technologies Inc. All Rights Reserved. 2 Agenda Market opportunity

BorderWare Security Platform

Solution Update


Solution Update

August 2007 © Copyright 2006 BorderWare Technologies Inc. All Rights Reserved. 2

AgendaAgenda

Market opportunity Customer Requirements BSP - Comprehensive Security BorderWare Security Platform…a closer look BorderWare Security Network


Market opportunity


Market opportunity


Source: IDC, 2007

Convergence of Secure Content & Threat ManagementConvergence of Secure Content & Threat Management


Source: IDC, 2007

BorderWare Solutions

Convergence of Secure Content & Threat ManagementConvergence of Secure Content & Threat Management


Market OpportunityMarket Opportunity

Worldwide SCM Product Revenue by Segment 2003 - 2009

-

500

1,000

1,500

2,000

2,500

3,000

2003 2004 2005 2006 2007 2008 2009

Antispyware Web Filtering Messaging Security Antivirus

Worldwide SCM Product Revenue by Segment 2003 - 2009

-

500

1,000

1,500

2,000

2,500

3,000

2003 2004 2005 2006 2007 2008 2009

Antispyware Web Filtering Messaging Security Antivirus

$4,605 $5,406 $6,100 $6,714 $7,266($ in 000s) 1 Anti-Virus2 E-mail filtering / Anti-Spam3 Network Intrusion Detection4 Firewall5 Encryption6 SSL VPN7 Wireless LAN Security8 Data Security9 VPN for Remote Office or Partners

10 Host Intrusion Detection

Top Areas for Security Investment in 2006

Source: Merrill Lynch.

Source: IDC.

The Secure Content Management Market was a $6.2B market in 2005 and is growing at 16.3%

IT spending on security remains the top priority on CIO’s wish lists ahead of BI, desktop OS’s & applications, ERP and SOA/web services


Worldwide Secure Content Management Revenue by Segment, 2004-2010 ( $M)Worldwide Secure Content Management Revenue by Segment, 2004-2010 ( $M)

2004 2005 2006 2007 2008 2009 2010

2005-2010

CAGR (%)

Antivirus 3,693.0 4,331.3 5,012.7 5,693.3 6,360.7 6,823.9 7,283.0 11.0

Antispyware 117.0 294.5 397.7 485.9 544.9 575.0 565.0 13.9

Web filtering

423.5 549.0 650.8 732.6 786.7 861.0 926.3 11.0

Messaging security

675.4 919.0 1,210.1 1,553.4 1,901.5 2,369.2 2,804.4 25.0

Total 4,908.9 6,093.8 7,271.4 8,465.3 9,593.7 10,629.2 11,578.7 13.7

IDC 2006 - Worldwide Secure Content Management 2006-2010, Forecast Update and 2005 Vendor Shares: The Convergence of Secure Content and Threat Management


Security ConcernsSecurity Concerns

37%

39%

39%

40%

44%

51%

52%

27%

33%

36%

38%

33%

49%

44%

Mobile clients

Increasing volume andcomplexity of network traffic

Increasing complexity ofsecurity solutions

Security Budget too small

Business executivesfollowing security policy

Increasing sophistication ofattacks

Employees following securitypolicy

2006 2005

How would you rate the items below on the threat each poses to your company’s enterprise network security? (Scale: 5=Significant threat; 1= no threat)

Top 2 boxes (rating of 4 or 5)IDC 2007


Customer Requirements


Customer Requirements


Today’s Extended EnterpriseToday’s Extended Enterprise

VoIP

PDA’sWebApps

EnterpriseApps

Proliferation ofThreat VectorsProliferation ofThreat Vectors

MobilePhones

Office Apps

eMail

IM

Laptops

Data Leakage•Brand Risk•Legal Risk•Privacy

Data Leakage•Brand Risk•Legal Risk•Privacy


Today - Perimeter Security InfrastructureToday - Perimeter Security Infrastructure

Email Security IM Security Web Security

• Lack of comprehensive security• Complexity in management

• Limited scalability & redundancy• Expensive to own & operate


Customer RequirementsCustomer Requirements

EmailEmail WebWeb IMIM

Inbound

Protection

Outbound

Content

Infrastructure

Management

• Ease of management• Consolidated policy management• Application specific reporting• Availability and Scalability

• Distributed deployment – central management• Modular deployment• Application control• Low TCO

• Reduce SPAM - employee productivity

• React quickly to new SPAM• Protect against malicious

scripts and Viruses• DoS, DHA attack protection• Protect against Phishing,

Pharming, Spyware attacks• Network Resources

• Pass compliance audits• Intellectual property

protection• Privacy protection• Reduce legal liability -

acceptable use• Data Leakage Protection

• Protect against malicious scripts and viruses

• Phishing/Pharming protection – embedded URLs – blended threat

• Privacy protection• Reduce legal liability –

acceptable use• Access Control• Audit and forensic

analysis• Data Leakage

Protection

• HTML embedded viruses and malicious scripts

• Spyware/Malware protection

• Phishing, Pharming protection

• Monitor/block social networking sites – Facebook, blogs, wikis, etc

• Data Leakage Protection

• Reduce legal liability – acceptable use


The Analysts Agree…The Analysts Agree…

“As communications channels become more diverse, an effective content inspection policy needs to span not only e-mail but also Web mail, IM, blog postings, chat rooms and so on if it is to be comprehensive. Moreover, having separate policy and policy definitions, groups and directories is nonsensical…A single policy engine that can define communications policy across all modes of communications for groups and users is necessary…” Gartner 2006

“The key to scalability is to provide a component architecture for enforcement but with a single management layer to apply policy” Gartner 2006

“Content inspection, compliance, and retention policies must cut across all communications media rather than be silos in themselves. Organizations do not want to create a new Health Insurance Portability and Accountability Act (HIPAA) or ethical-wall policy for each communication medium.” Gartner 2006


Comprehensive Security




BorderWare Security PlatformBorderWare Security Platform

Protect Virus, spam, malware, spyware,

bots, zombies, image spam, … Integrated - Email, Web, IM Detect, correlate and block

blended threats

Control Content Management Meet compliance requirements Enforce corporate policies

Manage Centralized Policy Centralized Management Scalable High Availability


Web Drive by DownloadsMalware, Spyware

DoS, DHA, Protocol attacks

Spam & phishing

Blended ThreatsMulti-application

Viruses, worms, Trojans

BorderWare Security PlatformSecurity for Email, IM and WebBorderWare Security PlatformSecurity for Email, IM and Web

Acceptable Use Policy• Real time monitor & block• Policy enforcement• Web reputation filtering

Data Leakage Protection• IP protection• Accidental disclosure• Anomaly detection

Compliance• Government regulations• Industry compliance• Email encryption


Reputation scoring for Web, email, IM, and VoIP Half billion sources of threat information from email, IM, Web, VoIP Proactive defense to block unwanted and malicious content at perimeter Seamless integration with BorderWare Security Platform Pinpoint accuracy with domain and user reputations

Over Half Billion Sources

Good

Reject


Real-time, multi-application reputation servicesBorderWare Security NetworkReal-time, multi-application reputation servicesBorderWare Security Network


BenefitsBenefits

Low TCO

Comprehensive security

Reduced complexity

Investment protection

High Performance

BorderWare Security Platform BenefitsBorderWare Security Platform Benefits

CapabilitiesCapabilities

Integrated, appliance delivery, easy management

360o security protection, control and management

Integrated by design, single software platform

Modular architecture

On-demand scalability through intelligent clustering

Enhanced messaging security made simple, scalable, and affordable


A closer look….


A closer look….


BSP Core Value PropositionBSP Core Value Proposition

Comprehensive Security Ease of Use High Performance Availability Lower Total Cost of Ownership (TCO)

50% less cost to own & operate

Enhanced messaging security made simple, scalable, & affordable


Comprehensive Security:Real-Time, Proactive Threat ProtectionComprehensive Security:Real-Time, Proactive Threat Protection

Web, IM and Email Integrated Protection

Reputation Anti-Virus Anti-Spam Anti-Phishing Zero Hour Virus Protection Malware Protection

Comprehensive Content Monitoring and Filtering

Intercept Engine

Anti-Virus

Anti-Spam

Anti-Phishing

DoS & DHA

Th

reat

Pre

ven

tio

n

Anti-Malware

PROTECT


Detect & Block malicious emailDetect & Block malicious email

Image analysis engine enhances to detect the latest variants of image spam

Intercept engine detects obfuscated URL’s to prevent blended phishing attacks

PROTECT

Improve Email Threat Detection

[email protected] Victim http://www.paypal.com@

%32%32%30%2E%36%38%2E%32%31%34%2E%32%31 %33


Detect & Block malicious emailDetect & Block malicious email PROTECT

Improve Spam Detection

LegalJoe Victim

Update 2

Detect and block PDF and ZIP spam


BorderWare Quarantine ServerBorderWare Quarantine Server

Dedicated quarantine solution Scales to 100,000 enterprise users Policy-driven domain support Customized plain text or HTML spam digest layout

Multiple languages End user-defined Trusted and Blocked Senders Lists

Imported on a scheduled basis View, release, trust or block sender, and delete messages

directly from the spam digest message Customize frequency of notifications and the language

templates for the spam digest

PROTECT

Eliminate False PositivesImprove Gateway Performance


BorderWare Quarantine ServerBorderWare Quarantine Server

SP-1000 Quarantine Server Up to 100,000 users 2 x Intel Xeon 3.2 GHz CPU with 2 GB RAM 4 x Gigabit Ethernet NIC 4 x 146 GB SCSI HDD (584 GB total, 292 GB effective), RAID 1+0,

hot swap 2 x power supply, hot swap

SP-200 Quarantine Server Up to 5,000 users 1 x Intel Celeron D 3.2 GHz CPU with 1 GB RAM 3 x Gigabit Ethernet NIC 1 x 80 GB HDD

PROTECT

New


BSP Weighted DictionariesBSP Weighted Dictionaries

Provides intelligent & granular enforcement of corporate & compliance policies For example:

> Diagnosis name by itself may not be a compliance violation

> Diagnosis name, Patient Number & the word “terminal” may be a violation

Used for Content scanning for email Objectionable Content Filtering (OCF) for email, Web & IM Spam dictionaries (email)

CONTROL

Reduce False Positives


IM Protocols & ClientsIM Protocols & Clients

AIM (AOL) AIM 5.9 or previous version for Windows Apple iChat 3.1.5 Pidgin (GAIM) for Linux 1.5 & greater

XMPP/Jabber Google Talk for Windows (Google Talk Web client is not supported) Psi Jabber Client 0.10 for Windows Kopete for Linux 0.12

Windows Live Messenger Windows Live Messenger 8.1 for Windows

Yahoo! Messenger Yahoo! Messenger 8.1 for Windows

CONTROL

Secure Popular IM Clients

Rel 7.1

Rel 7.1


Download Size Limit for WebDownload Size Limit for Web

Administrators define a size limit for Web downloads, files larger than this size will be blocked.

Manage network resources

MANAGE

Rel 7.1


BSP Installation WizardBSP Installation Wizard MANAGE

Simplify BSP Installation

August 2007 © Copyright 2006 BorderWare Technologies Inc. All Rights Reserved. 30© Copyright 2007 BorderWare Technologies Inc. All Rights Reserved. 30

Reporting & Logging EnhancementsReporting & Logging Enhancements

Report Generation 14 pre-canned reports Derived from various system logs, then stored in the database Ad hoc or scheduled Pre-defined reports for Web & IM

Report Viewing PDF format Emailed to specific users CSV and HTML formats

Separate Email, Web & IM Logs

MANAGE

Improve system visibility

Rel 7.1

Rel 7.1

Rel 7.1


Centralized Management & ClusteringCentralized Management & Clustering

Centralized Management is a different & complimentary function to Clustering

Clustering Used for high-availability Load balancing of messages at a single site Comprised of systems with identical configurations

Centralized Management Used to centrally manage & monitor multiple clusters &

multiple systems at many sites Accommodates a heterogeneous mix of configurations

MANAGE


ClusteringClustering MANAGE

New York

Clustered systems form a single logical unit

The entire cluster is managed from a single node(the cluster Primary)


Centralized ManagementCentralized Management MANAGE

Any BorderWare Security Platform can be licensed as the Centralized Management console

New York London Hong Kong


Centralized Management Centralized Management MANAGE

Manage multiple systems at the same time Manage geographically dispersed systems on different network segments over

LAN & WAN connections Manage individual systems & clusters of systems Ensure consistent configuration across all systems Increase reliability, scalability & flexibility Reduce Administration overhead Supports global configuration & local policies Centralized reporting & mail history searches No extra hardware required Totally secure & can be used over public networks

Cost option that must be licensed 30 day evaluation is available

Simplify Administration & Deployment Rel 7.1


Centralized Management LicensingCentralized Management Licensing MANAGE

New York London Hong Kong

A license key is required to enable the manager system

Number of managed nodes = 8 Price = 8 x License price


Web & IM LDAP AuthenticationWeb & IM LDAP Authentication

Simplifies Web & IM user authentication & provides Cluster support Web & IM users can authenticate by:

Local System Users where the user is defined directly on the BSP system & is suitable for single system deployments.

LDAP Mirrored Users where the user information is imported from an LDAP directory (i.e., mirrored) & is suitable for single & clustered system deployments.

LDAP Authenticated Users where the user is authenticated directly against an LDAP directory (i.e., not mirrored) & is suitable for single & clustered system deployments.

MANAGE

Simplify Deployment Rel 7.1


Configurable Web & IM NotificationsConfigurable Web & IM Notifications MANAGE

Enhance Policy Customization

Configurable notifications for sender, recipient & administrator Configurable by Default, User, Group or Domain Policy

Rel 7.1


Web & IM Activity ScreensWeb & IM Activity Screens

Displays connection time, message IDs, source, destination, status & final disposition.

MANAGE

Increase System Visibility Rel 7.1


Message History SearchesMessage History Searches

Mail History has been replaced by Message History and searches across mail, Web & IM

MANAGE

Simplify Operations & Administration Rel 7.1

BorderWare Security NetworkBorderWare Security Network


Reputation ServicesReputation Services

Designed to combat Spam and unwanted content by measuring the reputation of message sources

Virtually all existing reputation services are limited to email Most reputation services focus on email volumes Increases in volume are interpreted as suspicious activity Over reliance on past activity, ignoring current behaviour Examples

SenderBase – Ironport – www.senderbase.org TrustedSource – Secure Computing –

www.trustedsource.org

August 2007 © Copyright 2006 BorderWare Technologies Inc. All Rights Reserved. 43April 2007 © Copyright 2006 BorderWare Technologies Inc. All Rights Reserved. 43

Challenges with Reputation Service Challenges with Reputation Service

Organizations suffer from Incorrect assignment of poor reputation due to

> Spoofed email > Shared mail relay> Shared IP by managed service

Assignment of poor reputation caused by> Botnet (infected PC)> Individual malicious user

Identifying real cause of poor reputation is difficult Removal from block lists is difficult


Problems with ISP and Managed ServicesProblems with ISP and Managed Services

Managed services and ISP provide mail relay service to many customers via a single (or multiple) IP addresses

As a result, customers reputation is shared among multiple organizations (domains)

If one organization is infected by a botnet or sends viruses Resulting lower reputation across entire IP affecting all

customers


BSN is “Next” GenerationBSN is “Next” Generation

BSN incorporates more than just spam and volume information, some examples:

BSN tracks recent virus behavior from IP addresses Allows known virus senders to be outright

rejected. Systems that have been accidentally infected can be temporarily rejected until they get clean

BSN classifies and tracks “dial-up” accounts Can be used to reject all mail from dial-

ups, which are often zombie and botnet systems

Good recipients vs. Bad recipients being tracked


BSN enhanced “Domain Reputation”BSN enhanced “Domain Reputation”

BorderWare Patent Pending technology for identifying reputation by domain and sender

Intelligently analyses and correlates Overall IP address reputation Domain name for each IP User (envelope sender) from each IP


Domain Reputation BenefitsDomain Reputation Benefits

Shared mail relays and ISPs Good senders maintain good reputation Bad senders maintain bad reputation

Mitigate spoofed email BSN tracks domain IPs that are sending good email Attempts to send email from a different IP is detected as

spoofed

Protection against Back Scatter (bounce back) Isolate mailer daemon messages sending bounce backs BSN prevents NDRs from affecting user's reputations


BSN Public PortalBSN Public Portal

Putting it all together… DEMO! http://bsn.borderware.com/sand


BSN Server Nodes

BSN Data Center

Customer Systems

Three Tier Architecture

How does BSN work?How does BSN work?


Using BorderWare Security NetworkUsing BorderWare Security Network

BorderWare Security Network has distinct value propositions

Product Integration

Public Portal

April 2007 © Copyright 2006 BorderWare Technologies Inc. All Rights Reserved. 50


BSN Product IntegrationBSN Product Integration

Information from BSN can be used in two ways within the BorderWare Security Platform:

1. To reject connections during SMTP conversation> Known malicious senders can be rejected right away to

prevent spam, spyware, and virus mail from being delivered

> Rejects 60-90% of all bad messages at the front door

2. In the BSP Intercept decision strategy> Behavior information can be used to help decide message

disposition

> Provides “second opinion” for questionable emails




BorderWare suggested defaults:• Intercept Connection Control

Lenient

Standard

Aggressive

• Intercept Anti-Spam Aggressiveness




For those that like to dabble:


BSN Key MessagesBSN Key Messages

BSN is next generation reputation solution offering proactive protection through behavioral analysis

Blocks 60-90% of all spam, viruses, spyware, and malicious content at the front door. As email volumes rise, your infrastructure costs don’t have to.

Provides a real time granular view of content from multiple users and domains. Better data means better results.

BSN is seeing what others are not. E.g. domain lookup data and “worst behaved” list.


Let’s get tacticalLet’s get tactical

BSN = Door opener for new and existing customers Target end users with high interest in their Internet

reputation> Financial Services, Insurance, Retail, Government

Perform a BSN Domain look up for these prospects Make it real for the prospect

> Perform the same look up with SenderBase and Trusted Source in two other tabs within your browser

> http://www.senderbase.org; http://www.trustedsource.org

BSN is more accurate and granular over other reputations such as Sender Base and Trusted Source


Supporting documentation Supporting documentation

Copy of Presentation BSP FAQ on new features Promotional information coming for existing

customers. Updated pricing which includes Centralized

management

Thank You

Q&A

Thank You

Q&A

Documents

BorderWare Security Platform Solution Update. August 2007© Copyright 2006 BorderWare Technologies Inc. All Rights Reserved. 2 Agenda Market opportunity