Professional Documents
Culture Documents
Ironport: The Leader in Email Security: Protecting Over 340 Million Email Boxes Worldwide
Ironport: The Leader in Email Security: Protecting Over 340 Million Email Boxes Worldwide
Fredrik Myrelid
Nordic & Baltic Technical Manager
IronPort Systems, Inc.
IronPort Systems:
The Leader in Email Security
IronPort C-Series
Email Security Appliance
• Industry-leading technology
– AsyncOS, powers the world’s fastest
MTA
– SenderBase, the world’s first & largest
HTTP & SMTP traffic
monitoring network
• Industry-leading customers
– Over 50% of the world’s largest ISPs,
media & technology companies choose
IronPort
Fixing Email: The Steps Required
1. IDENTITY
2. REPUTATION 3. POLICY
Internet
private ISPs
public
DNS
Firewall Firewall
MTAs
Anti-Spam
Anti-Virus
IronPort Email Security Appliance
Policy Management
Mail Routing
Groupware Groupware
Users Users
IronPort Reduces Administration
Advanced Technology Automates Manual Tasks
Anti-spam updates:
Centralized management: make Stop viruses in average 15 hours up to 60,000 rules/day,
Changes only once Before the anti virus signature is available every 5-10 min
No fine tuning or
Lowest fales positive rates Training necessary
eliminates support calls
MANAGEMENT TOOLS
200 High
10,000
Incoming/Outgoing Low Performance Performance,
Incoming/Outgoing
Connections and Potential DoS Predictable
Connections
Delivery
Preventive Reactive
Layer Layer
- IronPort - Brightmail
Reputation
Filtering
+ - IronPort
AntiSpam
- Virus Outbreak -Sophos Anti
Filters - Virus
Parameters
• Complaint Reports
• Spam Traps
• Message Threat Prevention in Realtime
Composition Data
• Global Volume Data
• URL Lists
• Compromised
Host Lists
• Web Crawlers
SenderBase
SenderBase Data Analysis/ Reputation Scores
• IP Blacklists Security Modeling
& Whitelists Data -10 to +10
• Additional Data
Data Quantity Data Quality
Data Breadth
• Combine HTTP & SMTP data • Over 200,000 sources • Over 3 years of experience
ensuring data integrity
• Over 5 billion emails per day • 8 of the top 10 ISPs, universities
& businesses • SourceRank assesses source
• Over 90 SMTP parameters tracked quality by cross correlating
• Worldwide sources, including multiple sources with known
• Over 20 HTTP parameters tracked Americas, Europe & Asia
benchmarks
IronPort Mail Flow
Work Queue
Exchange,
Lotus/Domino,
Groupwise
Clean, legitimate Mail!
Nordea Phishing / Sender IP
IronPort Reputation Filters Stop
80% of Hostile Mail at the Door….
+10
Trusted Policy
Reputation Anti-Spam
Accepted Policy
Filtering Engine
Untrusted Policy
Incoming Mail Rejected Policy
Good, Bad, and “Grey”
or Unknown Email -10
“Virus Outbreak
Filters helped us from
the first day we had it
and it saves us
significant
clean up costs during
major
virus outbreaks.”
Mark S. Dial
E-Messaging Team,
Tellabs
Virus Date Virus Threat Level First Anti-virus Signature Outbreak Filter
Raised Available Lead Time
Bagle.BO 5/31/2005 14:32 PM 16:34 PM 2:02 hours
Bagle BB 2/27/2005 10:39 AM (2/27) 4:22 AM (3/1) 41:43 hours
Mydoom.BL 4/28/2005 19:52 PM 21:43 PM 1:51 hours
MyTob.V 4/3/2005 4:19 AM 9:36 AM 5:17 hours
MyTob.J 3/24/2005 23:30 PM 22:38 PM (the next day) 23:08 hours
Sober.L 3/7/2005 16:10 PM 18:28 PM 2:18 hours
Sober.K 2/21/2005 5:58 AM 7:00 AM 1:02 hours
Mydoom.BB 2/15/2005 18:08 PM 22:54 PM (the next day) 28:46 hours
How Virus Outbreak Filters Work
Dynamic Quarantine In Action
Messages
Scanned &
Deleted
• Integrated Sophos®
anti-virus engine
– High performance in-line
scanning
IronPort Content
Scanning Engine
Encrypt
Archive
High BCC to Compliance
Performance Officer
Notify Legal Personnel
Flexible Remove Attachment
Fine Grained Return to Sender
Bounce Email
Incoming / Outgoing Drop Email
Mail
IRONPORT CLUSTER
Enterprise Reporting & Management
Fredrik Myrelid
IronPort Systems, Inc.
fmyrelid@ironport.com