Ironport Data Loss Prevention

Securing Your Email - Data Loss Prevention Deniz Kaya Microsoft, Cisco, Ironport, Mile2 Instructor CCSI, CCNP, MCT, MCSE, ICSI, ICSP, CPTS

IronPort ® Gateway Security Products Web Security | Email Security | Security Management | Encryption EMAIL Security Appliance WEB Security Appliance Security MANAGEMENT Appliance IronPort SenderBase APPLICATION-SPECIFIC SECURITY GATEWAYS CLIENTS BLOCK Incoming Threats PROTECT Corporate Assets Data Loss Prevention Encryption CENTRALIZE Administration Internet ENCRYPTION Appliance

IronPort + Cisco Market Leadership Customer Leadership - Over 6,000 customers globally - 99% customer retention rate Technology Leadership - Industry leading email and Web security applications and management tools Global Leadership - Worldwide business operations - Global technology infrastructure

The IronPort SenderBase ® Network Global Reach Yields Benchmark Accuracy 5B+ queries daily 150+ Email and Web parameters 35% of the World’s Traffic IronPort EMAIL Security Appliances IronPort WEB Security Appliances IronPort SenderBase Combines Email & Web Traffic Analysis View into both Email & Web traffic dramatically improves efficacy 80% of spam contains URLs Email is a key distribution vector for Web-based malware

IronPort Consolidates the Network Perimeter For Security, Reliability and Lower Maintenance After IronPort Groupware Firewall IronPort Email Security Appliance Internet Users Before IronPort Anti-Spam Anti-Virus Policy Enforcement Mail Routing Internet Firewall Groupware Users Encryption Platform MTA DLP Scanner DLP Policy Manager

IronPort Architecture Multi-Layered Email Security MANAGEMENT TOOLS THE IRONPORT A SYNC OS™ EMAIL PLATFORM SPAM DEFENSE VIRUS DEFENSE DATA LOSS PREVENTION EMAIL ENCRYPTION

IronPort AsyncOS Unmatched Scalability and Security • IronPort AsyncOS is a scalable and secure operating system, optimized for messaging • Advanced Email Controls protect reputation and downstream systems • Standards-based Integration replaces legacy systems with ease MANAGEMENT TOOLS THE IRONPORT A SYNC OS™ EMAIL PLATFORM SPAM DEFENSE VIRUS DEFENSE DATA LOSS PREVENTION EMAIL ENCRYPTION

Multi-layer Spam Defense Best-of-Breed Protection at the Gateway • IronPort Reputation Filters™: the outer layer defense • IronPort Anti-Spam ™ : stops the broadest array of threats – spam, phishing, fraud and more MANAGEMENT TOOLS THE IRONPORT A SYNC OS™ EMAIL PLATFORM SPAM DEFENSE VIRUS DEFENSE DATA LOSS PREVENTION EMAIL ENCRYPTION

SenderBase ® Data Makes the Difference • Complaint Reports • Spam Traps • Message Composition Data • Global Volume Data • URL Lists • Compromised Host Lists • Web Crawlers • IP Blacklists & Whitelists • Additional Data SenderBase Data Data Analysis/ Security Modeling SenderBase Reputation Scores -10 to +10 Parameters Threat Prevention in Realtime

Introducing IronPort Spam Defense Multi-layer spam defense designed to: Stop spam quickly Stop spam accurately Reputation Worlds first and best sender based reputation service - Blocks 80% of spam at gateway - World class accuracy SBRS IPAS Who? How? What? Where? World’s most accurate content based spam engine - 98% catch rate - World class accuracy

IronPort Anti-Spam Accuracy Powered By Context Adaptive Scanning Engine WHAT? HOW? WHO? WHERE? All text inside an image Random dots appear within the message Nearly identical color scheme in 100,000’s spamtrap msgs Verdict BLOCK IP address recently started sending email Message originated from dial-up IP address Sending IP address located in Russia Message leaves trace of spamware tool

IronPort Reputation Filters Dell Case Study Dell’s challenge: Dell currently receives 26M messages per day Only 1.5M are legitimate messages 68 existing gateways running Spam Assassin were not accurate IronPort solution: Reputation Filters block over 19M messages per day 5.5M messages per day scanned by anti-spam engine Replaced 68 servers with 8 IronPort C60s Accuracy of spam filtering increased 10x Servers consolidated by 70% Operating costs reduced by 75% “ IronPort has increased the quality and reliability of our network operations, while reducing our costs.” -- Tim Helmsetetter Manager, Global Collaborative Systems Engineering and Service Management, DELL CORPORATION

Multi-layer Virus Defense Best-of-Breed Protection at the Gateway • IronPort Virus Outbreak Filters  : stop outbreaks 13 hours ahead of traditional signatures • McAfee and Sophos Anti-Virus: signature-based solutions with industry leading accuracy MANAGEMENT TOOLS THE IRONPORT A SYNC OS™ EMAIL PLATFORM SPAM DEFENSE VIRUS DEFENSE DATA LOSS PREVENTION EMAIL ENCRYPTION

IronPort Outbreak Filters Close the Reaction Time Gap

How Virus Outbreak Filters Work Dynamic Quarantine In Action T = 0 zip (exe) files T = 5 mins -zip (exe) files -Size 50 to 55 KB. T = 10 mins zip (exe) files Size 50 to 55KB “ Price” in the name file T = 8 hours Release messages if signature update is in place Messages Scanned & Deleted Fine-grained Rules, Multiple Parameters: Attachment Type, Attachment Size, URLs, Filenames & More

Industry Leading Signatures from Sophos and McAfee Anti-Virus Integrated Sophos ® anti-virus engine High performance in-line scanning Easy to deploy and manage Intuitive user interface Single view with Mail Flow Monitor Auto updates Lower TCO with integrated solution

IronPort Data Loss Prevention Inbound/Outbound Policy Enforcement • Integrated Scanning makes DLP deployments quick & easy • Integrated Remediation eases work flow burden MANAGEMENT TOOLS THE IRONPORT A SYNC OS™ EMAIL PLATFORM SPAM DEFENSE DATA LOSS PREVENTION VIRUS DEFENSE EMAIL ENCRYPTION

Data Loss Prevention Multi-Faceted Problem Regulatory Compliance HIPAA, GLBA, PCI, SOX Regulations Scan for sensitive information and block infractions Secure business partner communication Acceptable Use Block offensive content Enforce messaging policy (attachment size, etc) Add legal disclaimers to outgoing mails Intellectual Property Protection Block messages containing confidential data Prevent email communications with competitor

PCI Applies to Nearly Every Industry PCI Not Just for Retail Utilities E-Commerce Transportation Restaurant Financial/ Insurance Retail Service Provider Healthcare Federal Mobile Universities Sports and Entertainment State Agencies

The Payment Card Industry (PCI) Data Security Standard Published January 2005 Impacts ALL who process, transmit, or store cardholder data Also applies to 3 rd -party hosting companies, information storage companies, etc. Monthly fines ranging from $5,000 to $50,000 for missed deadlines Has global reach Source: pcisecuritystandards.org Not Published yet Latin American CEMEA 2008 TBD 2008 TBD 2008 TBD Canada DEC 2009 DEC 2009 DEC 2009 Asia MAR-DEC 2008 MAR-DEC 2008 Negotiated individually Western Europe DEC 2008 DEC 2007 SEP 2007 US Level 3 Level 2 Level 1 Theater

Data Loss Prevention Foundation Integrated Scanning Users Integrated Scanning Makes DLP Deployments Quick & Easy Outbound Mail Weighted Content Dictionaries Compliance Dictionaries Attachment Scanning Custom Content Filters Smart Identifiers

Data Loss Prevention Foundation Integrated Remediation Users Integrated Remediation Eases Work Flow Burden Outbound Mail Remediation: Quarantine Remediation Notification Remediation: Reporting Encrypt The Message

IronPort Email Encryption  Don’t Remediate…Accelerate MANAGEMENT TOOLS THE IRONPORT A SYNC OS™ EMAIL PLATFORM SPAM DEFENSE DATA LOSS PREVENTION VIRUS DEFENSE EMAIL ENCRYPTION

Encryption Market Evolution The Technical View    Encryption technology is the foundation for business class email Secure Envelopes S/MIME, PGP, Secure Webmail Single, Integrated Platform No Certificate Complexity Universal Reach Multi-Platform Deployment Certificate Requirements Sender/Receiver Plug-Ins IronPort PXE ™ Legacy Encryption Solutions

IronPort PXE: Sending a Message Instant Deployment, Zero Management Costs IronPort Hosted Keys  Gateway encrypts message  User opens IronPort PXE in browser  User authenticates & gets message key Password  Decrypted message displayed Message pushed to Recipient Key Stored

IronPort PXE: Receiving a Message Seamless End-User Experience  View message  Enter password  Open Attachment   

Management for Organizations of All Sizes IronPort Email Security Manager  – unified policy management IronPort Email Security Monitor  – enterprise-class reporting system Management Interfaces – simple integration and increased productivity MANAGEMENT TOOLS THE IRONPORT A SYNC OS™ EMAIL PLATFORM SPAM DEFENSE VIRUS DEFENSE DATA LOSS PREVENTION EMAIL ENCRYPTION

IronPort Email Security Manager Single view of policies for the entire organization IT SALES LEGAL Mark and Deliver Spam Delete Executables Archive all mail Virus Outbreak Filters disabled for .doc files Allow all media files Quarantine executables “ Email Security Manager serves as a single, versatile dashboard to manage all the services on the appliance.” -- PC Magazine 2/22/05 Categories: by Domain, Username, or LDAP

Cisco Self-Defending Network (SDN) Cisco Security- Portfolio @ a Glance Network & End-point Security Content & Application Security Systems & Security Management

The Portfolio at a Glance… Content and Application Security Content Security Reputation based, zero-day defense Capability to address diverse attacks types and techniques Secure all sources of attack Application Security Layer 7 protection for application and data vulnerabilities XML traffic validation and inspection Enhanced deep packet inspection Product Highlights: Ironport Email Ironport Web Intrusion Prevention Systems Product Highlights: ACE XML Gateway Web Application Firewall

Systems Approach to Stop Malware: Visibility and Control Intrusion Prevention Detection Precision response Content Security Email SPAM Web filtering Endpoint Security Host IPS AV solutions Firewall and VPN Traffic access control Encryption Centralized Policy Management and Monitoring

Cisco’s Security Portfolio— Offers End-to-End Compliance with PCI Requirements

Cisco Data Loss Prevention Solution NAC, CSA, IronPort, and TrustSec IronPort NAC Appliance ASA printer IronPort Prevent data loss at perimeter Mail policy verification Logs transaction Encrypts mail message and notifies recipient NAC Appliance Verifies CSA and endpoint posture TrustSec TrustSec Enforces data policy through role-based access control Cisco Security Agent Scan files for sensitive data Prevents copying to external media Prevents transfer with internetwork applications Prevents bypass of gateway security policy Internet Internet Internet Internet Hi Joan, Could you send those files over? Sure Bob, I’ll find a way to get those files to you!

Preventing Data Leakage and Disclosure Self-Defending Network Applied Data Center Employees Network Edge Tape Devices Application Server Cisco MDS 9000 C-Series E-Mail Security Appliance Internet Corporate Network Cisco ® Security Agent Prevents endpoint data loss Prevents bypass of Cisco IronPort network protection Inspects and classifies content (similar to Cisco IronPort) in a future release Partners Customers Remote Employees Storage Media Encryption Prevention of unauthorized access and loss of data at rest Full integration with SAN fabric and management Secure, highly available service IronPort Prevent data loss at network perimeter Inspect and control content Address privacy regulations Take advantage of existing anti-spam and anti-spyware infrastructure

Self-Defending Network in the Campus Centralized threat management, including correlation and mitigation Centralized policy and device management across entire Cisco infrastructure for IPS, VPN, and firewall Web and mail content scanning to reduce malware introduction and propagation Layer 3 – 7 inspection and traffic control Converged remote site and user IPsec and SSL VPN services Trojan horse and spyware to control channel monitoring and mitigation Gateway and Internet Services Prevent exploits of vulnerabilities on PCs and other endpoints Minimize the entrance and propagation of new threats on trusted PCs Enforce access controls to trusted, untrusted, and guest users Protect and isolate intra-LAN segments Policy Enforcement and Endpoint Protection Threat Management and Policy Control Cisco ® Security Management Suite Cisco ASA 5500 Firewall, VPN, and IPS Cisco IPS 4200 Series Sensors Network Admission Control FWSM and Cisco ASA 5500 Series Cisco IronPort Cisco ASA 5500 CSC Cisco Security Agent Endpoint Security Policy and Posture Centralized Policy and Threat Management Traffic and Admission Control Targeted Attack Protection Web and Mail Malware Scan Intra-LAN Policy Enforcement Internet Public WAN

Self-Defending Network in the Data Center Cisco ASA ACS Cisco Security MARS Cisco ® WAAS Web Servers Cisco ACE Cisco Security Agent Cisco Security Agent Cisco Security Agent Application Servers Database Servers AXG (Web Applications) Cisco Security Agent Cisco Security Agent Cisco MDS with SME Tier 1/2/3 Storage Tape/Offsite Backup AXG (B2B) CSM Cisco Security Agent-MC CW-LMN Data-Center Edge Firewall and IPS DoS protection Application protocol inspection Web Services security VPN termination E-mail and Web access control Cisco Catalyst 6000 FWSM Web Access Web security Application security Application isolation Content inspection SSL encryption and offload Server hardening Applications and Database XML, SOAP, and AJAX security DoS prevention Application-to-application security Server hardening Storage Data encryption In motion At rest Stored data access control Segmentation Management Tiered access Monitoring and analysis Role-based access AAA access control Cisco IronPort E-Mail Security AXG (DHTML to XML) Cisco IronPort Web Security Cisco IronPort Web Security

Access to the presentations http://www.newhorizons.bg/powerpoint/802.1x.ppt http://www.newhorizons.bg/powerpoint/Layer2_Attacks.ppt http://www.newhorizons.bg/powerpoint/ Ironport-DLP .ppt

Ironport Data Loss Prevention

More Related Content

What's hot (20)

Viewers also liked (20)

Similar to Ironport Data Loss Prevention (20)

More from dkaya (11)

Recently uploaded (20)

Ironport Data Loss Prevention