1 / 24

Securing Email: Comprehensive Messaging Security

Securing Email: Comprehensive Messaging Security. Kip Trout, Proofpoint Regional Sales Manager. Agenda. What is Messaging Security? Major Spam Trends Outbound Content Security & Compliance The Proofpoint Solution. Outbound Threats Followed. Inbound Threats Came First. Spam.

avalon
Download Presentation

Securing Email: Comprehensive Messaging Security

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Securing Email: Comprehensive Messaging Security Kip Trout, Proofpoint Regional Sales Manager

  2. Agenda • What is Messaging Security? • Major Spam Trends • Outbound Content Security & Compliance • The Proofpoint Solution Proofpoint Confidential

  3. Outbound Threats Followed Inbound Threats Came First Spam Corporate governance Viruses 101010101010101 101010101010101 0101010101010101 0101010101010101 Phishing 101010101010101 101010101010101 0101010101010101010101 01010101010101010 Denial of service 101010101010101 101010101010101 Security, privacy and compliance 101010101010101 101010101010101 01010101010101010 01010101010101 1010101010101010 1010101010101010 01010101010101010 01010101010101010 1010101010101010 1010101010101010 Botnets Intellectual property Directory harvest What is Messaging Security? Security threats have always been a problem to enterprises Enterprise SMTP, HTTP, IM and FTP services Proofpoint Confidential

  4. 3 Major Trends • Rise in spam volumes • Rise of botnets • Rise of image- based spam • End users believe effectiveness has declined • Shorter, more intense, spam attacks • Spam circumvents filters, drops true effectiveness Spam continues to be a problem facing organizations Proofpoint Confidential

  5. Spam Volume Continues to Increase • Continued increase • Average spam volume > 3-4x in 12 months • Why? • Business is expanding • Spam is increasing • What can you do? • Best spam protection • Capacity planning Proofpoint Confidential

  6. Why Effectiveness Matters 2004Now Volume (msg/day) 500 Thousand 2 Million 2 Million Effectiveness 94% 95%99% Spam getting through 30,000 100,000 20,000 # Users 20,000 25,000 25,000 Spam/User 1.5 spams 4 spams 0.8 spams Better effectiveness = less spam in users’ Inbox = fewer Help Desk calls Proofpoint Confidential

  7. “> 99% accuracy” Spam Accuracy, 2006: 99% Effectiveness 100 99 98 97 96 Proofpoint Confidential

  8. (Launch Spam Attack “Buy Viagra”) Company University Hospital Bad Guy Bad Guy At Time = 0 At Time = 0 (Launch Spam Attack) At Time = 0 Spam Attacks in the Old Days

  9. IRC Server Bad Guy Organization Spam Attacks Today: Botnets (Sends Instructions) (Listen for Instructions) (Receive Instructions) (Launch Image Spam Attack)

  10. 7181 122413e0682085f68c2b947a53af02cc 7181 28de627c92a20b1043deebfa5f7715f8 7181 6280188bd69ab41fd9764df2a10978f5 7181 6e8a670f65570b1daf52dd3ae10c3a4c 7181 e3bdd4b0073a502544df4f07647764db Embedded Images, Often Randomized • Possible variants are endless– signatures are useless! • Proofpoint MLX includes • Image Fuzzy Matching • Web URL Reputation Proofpoint Confidential

  11. Image Fuzzy Matching A Feature Description: • GIF80 and JPG80 algorithms • Effective against 3 image obfuscation techniques • Randomizations in unused Color Map entries (invisible) • Randomizations in bottom of image (appear as black lines) • Randomization in GIF Terminator (invisible) • Proofpoint algorithms correctly identify these randomizations GIF Signature Screen Descriptor Global Color Map Image Descriptor Local Color Map Raster (Image) Data GIF Terminator Proofpoint Confidential

  12. Image Fuzzy Matching B Feature Description: • Detects altered but similar images, even if alteration inside image • Effective against 2 obfuscation techniques: • Images with randomized (pixilated) borders • Images with randomized pixels throughout image • Proofpoint algorithms correctly identify these obfuscations Proofpoint Confidential

  13. OCR Resistant Animated GIF Viewable image contains “pump and dump” spam... … but in slow motion… Proofpoint Confidential

  14. OCR Resistant Animated GIF Note that this is a transparent GIF, but only the parts required to complete the image are transparent! Frame 1 contains broken text Frame 2 (transparent GIF) appears after 10ms completing the image Both images contain broken text – OCR Resistant! Proofpoint Confidential

  15. What Is the Double Tax on Spam Effectiveness? • Tax #1– Increased volume = perceived drop • Perceived drop in effectiveness • Volumes of spam result in higher spams in inbox • End Users phone helpdesk • Tax #2 – Sophistication = true drop • True effectiveness decline • Filters unable to handle image based spam • Exchange, Notes, Groupwise servers are also taxed • End Users phone helpdesk Proofpoint Confidential

  16. Why Are Some Solutions Failing? “Static” technologies • Relying on exact matches of spam senders and content • New spam is dynamic in nature – IPs, images, content • Permutations are endless! • Reputation • Examples: Competitor’s “global reputation based” solutions • How: Match sending IP addresses and rules • Problem: Image-based spam comes from botnets, with rotating IPs. • Signature • Examples: Large providers of signature based solutions • How: Match copy of email (or partial copy) against database • Problem: Image-based spam’s random images & text; endless permutations Proofpoint’s MLX technology is dynamic and well-suited to the dynamic nature of spam Proofpoint Confidential

  17. 2007 Proofpoint-Forrester Survey • Nearly 33% of companies employ staff to read outbound email. • More than 25% of companies terminated employees for violating email policies. • 56% say it is “important” or “very important” to reduce the risks of outbound email. • Companies estimate nearly 1 in 5 emails contains content that poses a legal, financial or regulatory risk. Read the Proofpoint-Forrester Research report: www.proofpoint.com/outbound Proofpoint Confidential

  18. Recent Incidents • Dec 2006: Texas Woman's University emails names, addresses and SSNs of 15,000 TWU students over a non-secure connection • Nov 2006: University of Virginia Student Financial Services sent e-mail messages to students containing 632 other students' Social Security numbers • Oct 2006: Bowling Green Police Dept. website has personal information on nearly 200 people the police had contact with: names, Social Security, & driver's license numbers • Oct 2006: Republican National Committee inadvertently emailed a list of donors' names, SSNs and races to a New York Sun reporter • Mar 2006: Google mistakenly posts internal ad projections • Mar 2006: Blue Cross Blue Shield says contractor took 27,000 social security numbers • Feb 2006: Slip-up spills beans on Dell notebooks See a chronological list of security breaches at: www.privacyrights.org Source: ZDNet, Bradenton, Boston.com Proofpoint Confidential

  19. Why is this Happening? P(Data Loss) = no. of channels x data availability • Email is everywhere • 70% of corporate data lives in email • File Servers • Desktops • Laptops • USB Thumb Drives • Email • biggest thru 2010* • Weblogs • HTTP (WebMail) • FTP • Instant Messaging • New Channels * Source: Gartner #G00138425, 3/15/06 Proofpoint Confidential

  20. What to Do • Define Policies • Document • Communicate • Train • Map Technology Solution to Requirements • Corporate governance content • Structured • Unstructured • Auto-Encrypted • Inbound as well as Outbound • It’s not just Email anymore • Webmail, Blogs, IM, FTP sites, too Proofpoint Confidential

  21. Proofpoint Solution Proofpoint Attack Response Center Network Content Sentry Secure Messaging Dynamic Reputation Spam Detection Virus Protection Zero-Hour Anti-Virus Regulatory Compliance Digital Asset Security Web-based Management Interface & Policy Engine Smart Search Hosted Service Virtual Appliance Appliance Software Proofpoint Confidential

  22. Over 1200 Delighted Customers • Please contact Proofpoint directly for customer references, case studies, and names of industry leaders using Proofpoint. • Kip Trout Proofpoint Sales 314-481-1516 office 314-560-3226 cell ktrout@proofpoint.com Proofpoint Confidential

  23. Learn More • Free Forrester Research & Proofpoint Report: “Outbound Email and Content Security in Today’s Enterprise” • www.proofpoint.com/outbound • Free white paper on how MLX technology fights image-based spam: • http://www.proofpoint.com/mlxwp Proofpoint Confidential

  24. Download a Trial Version www.proofpoint.com/trial Kip Trout ktrout@proofpoint.com 314.481.1516 Proofpoint Confidential

More Related