Taking your open source email security to the next level
Upcoming SlideShare
Loading in...5
×
 

Like this? Share it with your network

Share

Taking your open source email security to the next level

on

  • 4,457 views

Presentation by Commtouch at WorldHostingDays 2010 describing how hosting providers utilizing open source solutions can save money, increase revenues and improve antispam detection.

Presentation by Commtouch at WorldHostingDays 2010 describing how hosting providers utilizing open source solutions can save money, increase revenues and improve antispam detection.

Statistics

Views

Total Views
4,457
Views on SlideShare
4,457
Embed Views
0

Actions

Likes
0
Downloads
13
Comments
0

0 Embeds 0

No embeds

Accessibility

Upload Details

Uploaded via as Microsoft PowerPoint

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment
  • Data source: Testimonials from Commtouch partners: MTA vendors, Gateway vendors, hosting providers.

Taking your open source email security to the next level Presentation Transcript

  • 1. Taking your open source email securityto the next levelGabriel M. MizrahiVP Technologies March 18, 2010
  • 2. About Me  12 years of email security experience  Over 15 years in the open source community  Founded an Internet security company in 2001  Married with 2 kids  A big Barcelona FC fan!
  • 3.  Hosting Provider QuizToday’s  Issues with open source securityAgenda  Taking open source email security to the next level  Case Studies
  • 4. The Hosting Provider Quiz 1) We use open source because… a) we started with it and grew b) it’s low cost c) we’re comfortable with it d) all of the above
  • 5. The Hosting Provider Quiz 2) We would love to be able to… a) reduce the cost of handling email b) enhance detection rates & lower FPs c) improve customer satisfaction & increase our business d) all of the above
  • 6. The Hosting Provider Quiz 3) But… to adopt a new solution a) we won’t throw out our existing investment b) it would have to easily integrate with current infrastructure c) it must provide a differentiator d) all of the above
  • 7. The Hosting Provider Quiz 4) How much does it cost to handle spam with your current solution? a) I know exactly all my costs b) I have a rough estimate c) Not sure
  • 8. Something We Can Agree On  Email is a low margin service with high costs (Capex/Opex)  You‟re using open source security because it offers flexibility  Any changes you would make need to be justified • Financially • With regards to level of service
  • 9. One Last Question 4) Will open source alone be able to take you to where you need to go? ?
  • 10. Why Open Source Email Security is an Issue Security Spam, phishing Costs and viruses trends Infrastructure
  • 11. Spam & Phishing Trends Security  Increasing Spam Levels • 2002 – 25% • 2010 – over 90%  Spammers improving their techniques • Blended threats • Free Webmail accounts compromised and sending spam attacks • Use of popular sites – CNN, Adobe, others to trick users to malware sites • Other social engineering techniques
  • 12. Virus Trends Security  Distributed faster/more frequently than AV Signatures are created  Vulnerability in first hours  Multiple variants in the same attack  Life of a variant can be as little as several hours
  • 13. Outbound Spam – The Latest Concern Security  Compromised accounts  You are at risk of being BLACKLISTED because of outbound spam/viruses – “Shared reputation” • RBLs that block entire “C” classes • Virtual servers on a single physical server  Deal with abuse complaints
  • 14. Existing Infrastructure Issues Infrastructure A short list of open source email security tools:  SpamAssassin  Bayesian Filters (e.g. Bogofilter, DSPAM)  Signature based anti-virus (e.g. ClamAV)  Collaborative filters (e.g. Pyzor, Razor, DCC)  Lexical filters (e.g. Block subjects with the word „viagra‟)  Greylisting (e.g. Postgrey, Greymilter)  SPF/Domain Keys  SMTP „HELO‟ checks  SMTP „MAIL FROM‟ checks  SMTP early talker detection  Local IP whitelists and blacklists  Domain based RBLs (e.g. SURBL, URIBL, DBL)  IP based RBLs (e.g. SBL, XBL, APEWS)
  • 15. Common Administrative Issues Infrastructure  Time consuming • To achieve better coverage – must use/maintain/tune many tools  Admin staff • Someone needs to manage and maintain long list of open source tools  Staff expertise • Need to analyze each missed spam and identify unique parameters • Language dependant • By nature opens possibility for FPs/FNs
  • 16. Rising Email Security Costs Costs Spam Cycle Additional Costs Spam Customer dissatisfaction increases Helpdesk resources for increased complaints More Servers to copeMore Never More with rising spam levelsFNs ending FPs cycle IT Resources to write rules Helpdesk resources for increased complaints More rules More Bandwidth
  • 17. Hosting Analysis Exercise Number of mail subscribers 100,000 Average legitimate messages/day/subscriber 7 Average messages/ 150 day/subscriber (95% are spam) Total messages/day 15,000,000 Average message size 25Kb Total message traffic/day 358GB
  • 18. Hosting Provider Cost & Savings Analysis
  • 19. Peak Bandwidth Bandwidth Comparison Sustained 100 Commercial IP Reputation solutionBandwidth usage (Mb) can reduce traffic up to 85%*  More Predictable  Reduced bandwidth costs 135.7  Fewer mails to analyze Mbps 50 67.8 Mbps Pay for 5.1 3.1 only this 20.5M 20.3 Mbps Mbps 95% of peak bps Mbps No IP Filtering IP Based RBL Commercial IP Reputation Bandwidth Consumption * Data supplied by Commtouch partners
  • 20. Hardware Comparison 36 18 20 Servers Servers 18,000,000 msgs/day 15,000,000 msgs/dayMessages (Millions) Only 4 servers ( + 20% spare) 15 required* 10 Server Capacity 5 500,000 msgs/day 1,100,000 msgs/day 5,000,000 msgs/day SpamAssassin SpamAssassin Commercial Servers + IP Based RBL Email Security * Data supplied by Commtouch partners
  • 21. Take your open source email security to the next level
  • 22. What if you could…  Increase detection with your existing infrastructure  Reduce inbound bandwidth  Not only block outbound spam but catch the spammers • Put an end to your IP ranges being blacklisted and…  Reduce costs
  • 23. Essentials for Solution  A global view of email traffic • Higher detection rate • Lower FPs  Scalable, transparent processing power  Unattended operation  Easy integration with your existing open source security solutions
  • 24. Furthermore…  Reduces Capex/Opex • Enables scalable growth • Decreases IT/Admin involvement • Reduces support calls • Creates excess processing power that can be repurposed  Provides new opportunities and differentiators • Configure the services you want/need • Offer new premium services • Increases your business
  • 25. Hosting Providersthat took their open source to the next level
  • 26. Metanet AG & mail2world
  • 27. Hosting provider Founded in 2000 Offers services for resellers and end customers One of top 10 hosting companies in Switzerland 750 servers in network > 10,000 SMB customers 100,000 email accounts 60,000 domains
  • 28. Previous Infrastructure SpamAssassin with various community-driven SA rules
  • 29. Problem/Pain Low detection/high FPs Rising costs High support/maintenance costs Many helpdesk calls Additional system load due to server-side scanning
  • 30. Solution Commtouch Anti-spamwith SpamAssassin Plug-in
  • 31. Results 30% 25-30% Spam False Per Server Support Help DeskDetection Positives Performance Costs Calls 10% 0 25%
  • 32. What Metanet had to say "With a highly skilled team and its rock-solid performance, Commtouch delivered superior detection and service from the implementation phase through production. After evaluating other commercial anti-spam technologies, we found that Commtouch‟s cloud-based architecture has unmatched spam filtering accuracy. It perfectly complements our long-established anti-spam strategy.“ Mirco Schnarwiler AG, Co-founder &Technical Director METANET
  • 33. Hosting Provider 100,000+ provisioned domains Average of 330 million message transactions/day (10 billion messages/month)
  • 34. Problem/Pain Spam load impacting ability to deliver timely mail Help desk spending too much time with FPs & customer virus issues Customers blacklisted by bots that compromised email accounts & sending spam Costs for managing email infrastructure unpredictable and difficult to manage
  • 35. Solution Commtouch Anti-Spam Commtouch Mail Reputation Commtouch Zero-Hour Virus Protection
  • 36. Result Incoming Hardware Per user Email Help Mail Usage Bandwidth Desk Calls significant 80% ~95% 85%
  • 37. What mail2world had to say “As part of our multi layer protection strategy, our operations team relies on Commtouch to scale automatically to quickly absorb and eliminate new spam outbreaks. Commtouch‟s technology further enables us to reduce our bandwidth costs and ensure that our customers do not know when spam storms hit.” Kamil Asfour Director of Operations Mail2World
  • 38. What Others Have to Say “We saw an immediate 10-15% drop in the infrastructure required to run our messaging system.” Hosting Product Manager Large Web Hosting Provider “…80% of the messages are eliminated with Commtouch’s GlobalView IP reputation. Therefore, 1 server is doing the previous work of 5 servers doing just content-based anti-spam scanning.” Director, Business Development MTA Appliance vendor
  • 39. Easy Integration With Open Source Easy integration with popular open source
  • 40. Easy Integration With Open Source cont… Sendmail Milter Seamless integration with: • IP Reputation • Anti-Spam • Virus Outbreak Detection Patch to integrate • GlobalView IP Reputation Qmail-Scanner Plug-in for • Anti-Spam • Virus Outbreak Detection QpSMTPd Plug-in Plug-in for • Anti-Spam • Virus Outbreak Detection
  • 41. Easy Integration With Open Source cont… Generic Plug-in enables to disable SpamAssassin and to integrate: • Anti-Spam • Virus Outbreak Detection Patch to integrate: • Anti-Spam • Virus Outbreak Detection RBL Interface for Other • GlobalView IP Reputation
  • 42. Not Only Open Source but “Pluggable” Connector for Exchange 2007/2010 • GlobalView IP Reputation • Anti-Spam • Virus Outbreak Detection
  • 43. Taking Your Open Source Email Security to the Next Level Lower your costs  Reduce mail entering your network  Reduce number of processors needed  Lower Help Desk calls & IT/Admin time Integrate with your open source  Protect your current investment  Minimal technical requirements Improve detection rates  Improve customer satisfaction  Low FPs/FNs Eliminate Outbound spam
  • 44. Thank YouGabriel.Mizrahi@commtouch.com www.commtouch.com http://blog.commtouch.com/cafe