Upload
camden-ramsell
View
219
Download
4
Tags:
Embed Size (px)
Citation preview
Paul VanbosterhautManaging Director, Vircom Europe
January 2007
ModusGate™ 4.4 Smart Email Assurance Gateway
Not Just Warmed-over Open Source Technology…… And Not Just Any Supplier
Corporate Overview
• Headquartered in Montreal, Canada
• Focused on email security since 1995 Own well-architected technology
o Not open to hackers and spammerso Promptly adapts to new threats or regulationso Flexible to incorporate specific customer requirements
Mature Technology Industry-acclaimed
• > 10 years, >100 countries and >1.000 clients
• Millions of protected mailboxes
• Multiple awards for performance and value
Agenda
• Corporate Overview
• Modus™ Smart Email Assurance Technology
• Modus™ Solutions
• Lowest Total Cost of Ownership
• Conclusion
Modus™ Smart Email Assurance
• Modus Protection Blocks:
o DoS & Harvesting attempts,o Spoofing attempts…
Intercepts viruses, worms… Stops forbidden attachments Filters spam Policy management
• Modus Administration Automation Delegation Monitoring
• Advanced Features
Modus™ Protection Network-level protection
• Blocks most obvious spam without receiving the email (about 70+%): Verifies sending method
and envelope profile Validates the sender and
checks sender’s reputation• Protects against DoS
attacks, Open Relay and harvesting (validation) attacks
• Performs Email Encryption• Very low CPU usage
Why it won’t do it alone:It would cause high false-positive rates with no opportunity to recover the valid email
Perimeter Defence:1. Protocol filter2. Reputation Filters:
- Reverse DNS lookup- SPF mechanism- RBL’s- Accreditation DB’s
3. Block DHA attack4. Connection limits5. Block connections6. Mail Relay Control7. SMTP security
- SMTP Authentication- 128-bit TLS Encryption
Modus™ ProtectionForbidden attachments
• Blocks e-mails with specific file formats attached Efficient even against hidden
extensions Out-of-the-box file list
(customizable) Network, domain and user
configurable• Supports/enforces your
corporate policy• Fall-back option in case of
unblocked viruses• Discard obvious unwanted
files without calling the anti-virus engine
Why it won’t do it alone:It won’t replace a reliable anti-virus engine
Modus™ ProtectionAnti-virus engine
• 24/7 updated virus protection from trusted vendors: McAfee™ Norman Data Defence™
o Incl. Noman’s SandBOX zero-hour defence
• Locks viruses away from your users’ inboxes
• Acts as an extra precaution in virus-protected environments
Why it won’t do it alone:Anti-virus engines do not block spam
Modus™ ProtectionWhitelist / Blacklist
• Can block or allow email from specified senders: Based on sender’s address Multi-level configuration Ultra-Secure Mailbox™
feature• Guarantees that e-mail
from trusted senders will not be scanned and blocked
• Allows users to block e-mail other than spam
Why it won’t do it alone:List management can become time consuming
Modus™ ProtectionEmail content extractor
• Purifies the message body and adds advanced email metrics for further analysis
• Neutralizes all forms of hidden malicious code
• Analyzes the email structure in search of known spam characteristics
Why it won’t do it alone:This method only detects spam with malformed HTML or MIME encoding
Modus™ ProtectionCustom Sieve scripts
• Allows corporate policy management: Parental/Manager Review Internal policies…
• Allows administrator to write custom scripts: To alter the SCA engine’s
behavior As Fallback option to block
virus, worm or trojan outbreaks
Why it won’t do it alone:Scripting can become time consuming and can’t keep up with today’s spam volume
• Can be applied: Before all scanning Before AS scanning After all scanning
Modus™ ProtectionSCA engine
• Uses stacked layers of predictive and statistical technologies to block even the most advanced forms of Spam, Image Spam & Phish: Sequential content analysis E-mail metrics analysis Content sampling
• Unparalleled accuracy 98,2% catch rate <0,1% false positives
• Real-time updates
Why it won’t do it alone:While the SCA is the smartest technology in the stack, the previous specialized layers are essential
BayesianBayesian
Content ExtractionContent Extraction
LanguageLanguage FilteringFiltering
HeuristicHeuristic
Image SpamImage Spam
SCA Components
BayesianBayesian
Content ExtractionContent Extraction
LanguageLanguage FilteringFiltering
HeuristicHeuristic
Image SpamImage Spam
SCA Components
Automated Updates
• 24/7 Automated Anti-Spam & anti-Phishing Updates Up to every 15 minutes.
• Matchless self-learning mechanism Honeypots/Spamtraps
User feedback:o ISP partners,o Corporate users
• Supported by Human Analysis Vircom’s SpamBuster Team
o Minimal False Positiveso Every input benefits to All
Not your own staff !
Modus™ Administration
• Automation Dynamic Population of User’s DB AV, AS & AP Auto-updates Automatic Quarantine Cleaning
• Delegation Quarantine Report Web Quarantine
o Personal Quarantine Reviewo User settings
• WebManagement WebAdmin WebMonitor
Modus™ AdministrationAutomation
• Account Management Dynamic Population of Users’ DB Authentication Proxy
• Automatic 24/7 Updates Anti-Virus, anti-Spam & anti-Phishing
Modus™ AdministrationUser Authority Delegation
• Quarantine Reports (all users) Ability to View, Delete and Release false-positives Ability to Report false positives and Whitelist senders Scheduled and on-demand High user customizability of Report:
o Possibility to select only desired items for report
o Possibility to select language
Modus™ AdministrationUser Authority Delegation
• Web Quarantine (authorized users) Personal Quarantine Management
o View, Delete, Release… Personal Settings (as authorized)
o ModusScan severity level & behavior (Block, Tag or Delete)o Attachment blockingo Whitelist & blacklisto Language filteringo Quarantine reportingo …
Modus™ AdministrationDomain Authority Delegation
• WebAdmin (domain administrators) User Management Domain Management
Modus™ AdministrationWebMonitor
• Performance & Monitoring Mail Traffic System Health
Modus™ AdministrationWebMonitor
• Message Audit Log Track status of every unique email Configurable tracking period (per user, domain or system) Web search & exporting for auditing/discovery Store parsed email headers/body parts for search /processing
Advanced Features
• Fault-Tolerant Deployment ModusBlockade Clustering option Data centralization with external database support
• Policy Management Sieve-based Scripting Engine:
o Quarantine, copy, redirect & refuse emails based on policy ruleso Content based email intercept for moderator/parental approvalo Force encrypted delivery of email based on content
Applies on different traffic types (incoming, outgoing, routed & internal) Applies at different scanning levels (before all scanning, before AS
scanning or after all scanning)
• Email Encryption 128-bit TLS Encryption
o Mail traffic and Authentication
• Customization Fully brand-able .Net Web Quarantine and Quarantine report
Agenda
• Corporate Overview
• Modus™ Smart Email Assurance Technology
• Modus™ Solutions
• Lowest Total Cost of Ownership
• Conclusion
ModusGate™Email Assurance Gateway
• Features Modus Smart Email Assurance Technology
• Installs in front of any mail server Caches emails during mail server failures Dynamic population of users’ DB (LDAP, Active
Directory…)
• Suitable for both low or high volume environments Supports from 10 up to 100.000+ mailboxes Supports thousands of domains and mailservers Supports clustered configurations (ModusBlockade™)
• Offers eMail VPN Capabilities
• Has a customizable end user web interface
• Available as software or complete appliance!
ModusGate™Standard Deployment
• ModusGate in front of Mail Server(s)
ModusGate™SMB Deployment
• ModusGate on Mail Server (< 100 Mailboxes/Users)
MS Exchange/SBS
Firewall
Quarantine
ModusGate™Email Assurance Appliance
• Features Modus Smart Email Assurance Technology• Fully secure appliance based on the powerful
Celestix Scorpio II appliance platform Intel Pentium 4 2.4 GHz processor with a 400/533/800
Front Side Bus 1 GB DDR Memory 80 GB Hard drive 2 Intel Gigbit Ethernet Controllers & 2 Intel 10/100 Mbps
Ethernet Controllers 1U Rackmount Form Factor with LAN status, Ethernet
Ports & LCD display on front panel• Web-based Appliance Console
Full secured web-based administration interface Seven step installation process for rapid deployment
ModusGate™Email Assurance Appliance
• Appliance Secure Web Administration
Agenda
• Corporate Overview
• Modus™ Smart Email Assurance Technology
• Modus™ Solutions
• Lowest Total Cost of Ownership The cost of Spam The cost of anti-Spam
• Conclusion
The Cost of SpamVircom’s Cost Calculator
The Costs of Confined SpamI - Product Setup Costs
• Solution costs Hardware
o Appliance or Platform costs (incl. OS) Software Service contracts (Support & Maintenance)
• Annual subscription anti-Spam, anti-Phishing, anti-Virus…
• Installation & initial set-up
• Client plug-in installation (if required)
This is relatively easy to calculate.This is relatively easy to calculate.It usually represents between It usually represents between 5 to 20%5 to 20% of the of the
total coststotal costs
The Costs of Confined SpamII - Administration Costs
• System Tuning Perimeter Defence, anti-Spam Tuning/Learning…
• Quarantine management
• Specific User/Group Settings
Account Management o Users & Aliases,o Authentication…
User/Group Settings
• System & Software Maintenance
This represents between This represents between 10 to 25%10 to 25% of the total cost. of the total cost.Top-Tier solutions try to automate these processes.Top-Tier solutions try to automate these processes.
The Costs of Confined SpamIII - Productivity Losses
• Let-through Spam (False Negatives)
• Quarantine Management: Quarantine Review False-Positives Release and Report Sender Whitelisting
• User Settings
Productivity losses represents between Productivity losses represents between 55 to 85%55 to 85% of the total cost! of the total cost!
While productivity loss is the key factor While productivity loss is the key factor considered to calculate the cost of spam, most considered to calculate the cost of spam, most
vendors forget this same factor when they vendors forget this same factor when they calculate the TCO of their anti-Spam solution.calculate the TCO of their anti-Spam solution.
The Cost of Confined SpamComparing anti-Spam Solutions
* Source: Vircom – Assessing The Cost of Confined Spam, 2007
$0,00
$50,00
$100,00
$150,00
$200,00
$250,00
$300,00
$350,00
1 2 3 4 5 6 7 8 9
Solution Cost IT Administration Cost Productivity Loss
Vircom
The Cost of Confined SpamFerris Research
* Source: Ferris Research – Calculating Spam Cost in Your Organization - February 2005 - Report #511
The Cost of Confined SpamIDC
* Source: IDC - The True Cost of SPAM and Value of Anti-SPAM Solutions Study, 2004
Agenda
• Corporate Overview
• Modus™ Smart Email Assurance Technology
• Modus™ Solutions
• Lowest Total Cost of Ownership
• Conclusion
The Modus™ Benefits
• Trust your email. Today. Forever. Protects your mail infrastructure
o Offers perimeter defense, anti-Virus and Anti-Spamo Insures email availability
Protects your users/employeeso Protects them from fraud (anti-Phishing & anti-Spoofing)o Offers authenticated access to personal Quarantine
Protects your companyo Protects against inbound & outbound threatso Encrypts critical data (128-bit TLS Encryption)o Protects against information leakage or abusive language
• Offers Lowest Total Cost of Ownership (TCO) Automated Modus Administration Authority Delegation (Quarantine Report & Web) Performance & Monitoring
Customer Services
• Silver Care (Standard) Business hour telephone support Updates & upgrades Knowledge-base access List Server participation
• Gold Care Silver Care plus… 24/7 telephone support (Priority 1 Calls ONLY) Guaranteed 30 minute qualified response
• Installation support
• Optimization support
• Training
Modus™ Clients