Securing email comprehensive messaging security
1 / 24

Securing Email: Comprehensive Messaging Security - PowerPoint PPT Presentation

  • Uploaded on

Securing Email: Comprehensive Messaging Security. Kip Trout, Proofpoint Regional Sales Manager. Agenda. What is Messaging Security? Major Spam Trends Outbound Content Security & Compliance The Proofpoint Solution. Outbound Threats Followed. Inbound Threats Came First. Spam.

I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
Download Presentation

PowerPoint Slideshow about 'Securing Email: Comprehensive Messaging Security' - avalon

An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.

- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
Securing email comprehensive messaging security

Securing Email: Comprehensive Messaging Security

Kip Trout, Proofpoint

Regional Sales Manager


  • What is Messaging Security?

  • Major Spam Trends

  • Outbound Content Security & Compliance

  • The Proofpoint Solution

Proofpoint Confidential

What is messaging security

Outbound Threats Followed

Inbound Threats Came First


Corporate governance











Denial of service



Security, privacy and compliance












Intellectual property

Directory harvest

What is Messaging Security?

Security threats have always been a problem to enterprises


SMTP, HTTP, IM and FTP services

Proofpoint Confidential

3 major trends
3 Major Trends

  • Rise in spam volumes

  • Rise of botnets

  • Rise of image- based spam

  • End users believe effectiveness has declined

  • Shorter, more intense, spam attacks

  • Spam circumvents filters, drops true effectiveness

Spam continues to be a problem facing organizations

Proofpoint Confidential

Spam volume continues to increase
Spam Volume Continues to Increase

  • Continued increase

    • Average spam volume

      > 3-4x in 12 months

  • Why?

    • Business is expanding

    • Spam is increasing

  • What can you do?

    • Best spam protection

    • Capacity planning

Proofpoint Confidential

Why effectiveness matters
Why Effectiveness Matters


Volume (msg/day) 500 Thousand 2 Million 2 Million

Effectiveness 94% 95%99%

Spam getting through 30,000 100,000 20,000

# Users 20,000 25,000 25,000

Spam/User 1.5 spams 4 spams 0.8 spams

Better effectiveness = less spam in users’ Inbox = fewer Help Desk calls

Proofpoint Confidential

Spam accuracy 2006 99 effectiveness

Spam Accuracy, 2006: 99% Effectiveness






Proofpoint Confidential

Spam attacks in the old days

(Launch Spam Attack

“Buy Viagra”)




Bad Guy

Bad Guy

At Time = 0

At Time = 0

(Launch Spam Attack)

At Time = 0

Spam Attacks in the Old Days

Spam attacks today botnets

IRC Server

Bad Guy


Spam Attacks Today: Botnets

(Sends Instructions)

(Listen for Instructions)

(Receive Instructions)

(Launch Image Spam Attack)

Embedded images often randomized

7181 122413e0682085f68c2b947a53af02cc

7181 28de627c92a20b1043deebfa5f7715f8

7181 6280188bd69ab41fd9764df2a10978f5

7181 6e8a670f65570b1daf52dd3ae10c3a4c

7181 e3bdd4b0073a502544df4f07647764db

Embedded Images, Often Randomized

  • Possible variants are endless– signatures are useless!

  • Proofpoint MLX includes

    • Image Fuzzy Matching

    • Web URL Reputation

Proofpoint Confidential

Image fuzzy matching a
Image Fuzzy Matching A

Feature Description:

  • GIF80 and JPG80 algorithms

  • Effective against 3 image obfuscation techniques

    • Randomizations in unused Color Map entries (invisible)

    • Randomizations in bottom of image (appear as black lines)

    • Randomization in GIF Terminator (invisible)

  • Proofpoint algorithms correctly identify these randomizations

GIF Signature

Screen Descriptor

Global Color Map

Image Descriptor

Local Color Map

Raster (Image) Data

GIF Terminator

Proofpoint Confidential

Image fuzzy matching b
Image Fuzzy Matching B

Feature Description:

  • Detects altered but similar images, even if alteration inside image

  • Effective against 2 obfuscation techniques:

    • Images with randomized (pixilated) borders

    • Images with randomized pixels throughout image

  • Proofpoint algorithms correctly identify these obfuscations

Proofpoint Confidential

Ocr resistant animated gif
OCR Resistant Animated GIF

Viewable image contains “pump and dump” spam...

… but in slow motion…

Proofpoint Confidential

Ocr resistant animated gif1
OCR Resistant Animated GIF

Note that this is a transparent GIF, but only the parts required to complete the image are transparent!

Frame 1 contains broken text

Frame 2 (transparent GIF) appears after 10ms completing the image

Both images contain broken text – OCR Resistant!

Proofpoint Confidential

What is the double tax on spam effectiveness
What Is the Double Tax on Spam Effectiveness?

  • Tax #1– Increased volume = perceived drop

    • Perceived drop in effectiveness

    • Volumes of spam result in higher spams in inbox

    • End Users phone helpdesk

  • Tax #2 – Sophistication = true drop

    • True effectiveness decline

    • Filters unable to handle image based spam

    • Exchange, Notes, Groupwise servers are also taxed

    • End Users phone helpdesk

Proofpoint Confidential

Why are some solutions failing
Why Are Some Solutions Failing?

“Static” technologies

  • Relying on exact matches of spam senders and content

  • New spam is dynamic in nature – IPs, images, content

  • Permutations are endless!

  • Reputation

    • Examples: Competitor’s “global reputation based” solutions

    • How: Match sending IP addresses and rules

    • Problem: Image-based spam comes from botnets, with rotating IPs.

  • Signature

    • Examples: Large providers of signature based solutions

    • How: Match copy of email (or partial copy) against database

    • Problem: Image-based spam’s random images & text; endless permutations

Proofpoint’s MLX technology is dynamic and well-suited to the dynamic nature of spam

Proofpoint Confidential

2007 proofpoint forrester survey
2007 Proofpoint-Forrester Survey

  • Nearly 33% of companies employ staff to read outbound email.

  • More than 25% of companies terminated employees for violating email policies.

  • 56% say it is “important” or “very important” to reduce the risks of outbound email.

  • Companies estimate nearly 1 in 5 emails contains content that poses a legal, financial or regulatory risk.

Read the Proofpoint-Forrester Research report:

Proofpoint Confidential

Recent incidents
Recent Incidents

  • Dec 2006: Texas Woman's University emails names, addresses and SSNs of 15,000 TWU students over a non-secure connection

  • Nov 2006: University of Virginia Student Financial Services sent e-mail messages to students containing 632 other students' Social Security numbers

  • Oct 2006: Bowling Green Police Dept. website has personal information on nearly 200 people the police had contact with: names, Social Security, & driver's license numbers

  • Oct 2006: Republican National Committee inadvertently emailed a list of donors' names, SSNs and races to a New York Sun reporter

  • Mar 2006: Google mistakenly posts internal ad projections

  • Mar 2006: Blue Cross Blue Shield says contractor took 27,000 social security numbers

  • Feb 2006: Slip-up spills beans on Dell notebooks

See a chronological list of security breaches at:

Source: ZDNet, Bradenton,

Proofpoint Confidential

Why is this happening
Why is this Happening?

P(Data Loss) =

no. of channels x data availability

  • Email is everywhere

    • 70% of corporate data lives in email

  • File Servers

  • Desktops

  • Laptops

  • USB Thumb Drives

  • Email

    • biggest thru 2010*

  • Weblogs

  • HTTP (WebMail)

  • FTP

  • Instant Messaging

  • New Channels

* Source: Gartner #G00138425, 3/15/06

Proofpoint Confidential

What to do
What to Do

  • Define Policies

    • Document

    • Communicate

    • Train

  • Map Technology Solution to Requirements

    • Corporate governance content

    • Structured

    • Unstructured

    • Auto-Encrypted

    • Inbound as well as Outbound

  • It’s not just Email anymore

    • Webmail, Blogs, IM, FTP sites, too

Proofpoint Confidential

Securing email comprehensive messaging security

Proofpoint Solution

Proofpoint Attack Response Center

Network Content Sentry

Secure Messaging

Dynamic Reputation

Spam Detection

Virus Protection

Zero-Hour Anti-Virus

Regulatory Compliance

Digital Asset Security

Web-based Management Interface & Policy Engine

Smart Search

Hosted Service

Virtual Appliance



Proofpoint Confidential

Over 1200 delighted customers
Over 1200 Delighted Customers

  • Please contact Proofpoint directly for customer references, case studies, and names of industry leaders using Proofpoint.

  • Kip Trout

    Proofpoint Sales

    314-481-1516 office

    314-560-3226 cell

Proofpoint Confidential

Learn more
Learn More

  • Free Forrester Research & Proofpoint Report: “Outbound Email and Content Security in Today’s Enterprise”


  • Free white paper on how MLX technology fights image-based spam:


Proofpoint Confidential

Download a trial version
Download a Trial Version

Kip Trout 314.481.1516

Proofpoint Confidential