Your SlideShare is downloading. ×
Ironport Data Loss Prevention
Upcoming SlideShare
Loading in...5

Thanks for flagging this SlideShare!

Oops! An error has occurred.

Saving this for later? Get the SlideShare app to save on your phone or tablet. Read anywhere, anytime – even offline.
Text the download link to your phone
Standard text messaging rates apply

Ironport Data Loss Prevention


Published on

This is the presentation file of my Ironport DLP Seminar which I have made at New Horizons of Sofia, 25.11.2008.

This is the presentation file of my Ironport DLP Seminar which I have made at New Horizons of Sofia, 25.11.2008.

Published in: Technology, Business

  • Be the first to comment

  • Be the first to like this

No Downloads
Total Views
On Slideshare
From Embeds
Number of Embeds
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

No notes for slide
  • Transcript

    • 1. Securing Your Email - Data Loss Prevention Deniz Kaya Microsoft, Cisco, Ironport, Mile2 Instructor CCSI, CCNP, MCT, MCSE, ICSI, ICSP, CPTS
    • 2. IronPort ® Gateway Security Products Web Security | Email Security | Security Management | Encryption EMAIL Security Appliance WEB Security Appliance Security MANAGEMENT Appliance IronPort SenderBase APPLICATION-SPECIFIC SECURITY GATEWAYS CLIENTS BLOCK Incoming Threats PROTECT Corporate Assets Data Loss Prevention Encryption CENTRALIZE Administration Internet ENCRYPTION Appliance
    • 3. IronPort + Cisco Market Leadership
      • Customer Leadership
      • - Over 6,000 customers globally
      • - 99% customer retention rate
      • Technology Leadership
      • - Industry leading email and Web security applications and management tools
      • Global Leadership
      • - Worldwide business operations
      • - Global technology infrastructure
    • 4. The IronPort SenderBase ® Network Global Reach Yields Benchmark Accuracy
      • 5B+ queries daily
      • 150+ Email and Web parameters
      • 35% of the World’s Traffic
      IronPort EMAIL Security Appliances IronPort WEB Security Appliances IronPort SenderBase Combines Email & Web Traffic Analysis
      • View into both Email & Web traffic dramatically improves efficacy
      • 80% of spam contains URLs
      • Email is a key distribution vector for Web-based malware
    • 5. IronPort Consolidates the Network Perimeter For Security, Reliability and Lower Maintenance After IronPort Groupware Firewall IronPort Email Security Appliance Internet Users Before IronPort Anti-Spam Anti-Virus Policy Enforcement Mail Routing Internet Firewall Groupware Users Encryption Platform MTA DLP Scanner DLP Policy Manager
    • 7. IronPort AsyncOS Unmatched Scalability and Security • IronPort AsyncOS is a scalable and secure operating system, optimized for messaging • Advanced Email Controls protect reputation and downstream systems • Standards-based Integration replaces legacy systems with ease MANAGEMENT TOOLS THE IRONPORT A SYNC OS™ EMAIL PLATFORM SPAM DEFENSE VIRUS DEFENSE DATA LOSS PREVENTION EMAIL ENCRYPTION
    • 8. Multi-layer Spam Defense Best-of-Breed Protection at the Gateway • IronPort Reputation Filters™: the outer layer defense • IronPort Anti-Spam ™ : stops the broadest array of threats – spam, phishing, fraud and more MANAGEMENT TOOLS THE IRONPORT A SYNC OS™ EMAIL PLATFORM SPAM DEFENSE VIRUS DEFENSE DATA LOSS PREVENTION EMAIL ENCRYPTION
    • 9. SenderBase ® Data Makes the Difference • Complaint Reports •  Spam Traps • Message Composition Data • Global Volume Data • URL Lists • Compromised Host Lists • Web Crawlers • IP Blacklists & Whitelists • Additional Data SenderBase Data Data Analysis/ Security Modeling SenderBase Reputation Scores -10 to +10 Parameters Threat Prevention in Realtime
    • 10. Introducing IronPort Spam Defense
      • Multi-layer spam defense designed to:
        • Stop spam quickly
        • Stop spam accurately
      Reputation Worlds first and best sender based reputation service - Blocks 80% of spam at gateway - World class accuracy SBRS IPAS Who? How? What? Where? World’s most accurate content based spam engine - 98% catch rate - World class accuracy
    • 11. IronPort Anti-Spam Accuracy Powered By Context Adaptive Scanning Engine WHAT? HOW? WHO? WHERE?
      • All text inside an image
      • Random dots appear within the message
      • Nearly identical color scheme in 100,000’s spamtrap msgs
      Verdict BLOCK
      • IP address recently started sending email
      • Message originated from dial-up IP address
      • Sending IP address located in Russia
      • Message leaves trace of spamware tool
    • 12. IronPort Reputation Filters Dell Case Study
      • Dell’s challenge:
        • Dell currently receives 26M messages per day
        • Only 1.5M are legitimate messages
        • 68 existing gateways running Spam Assassin were not accurate
      • IronPort solution:
        • Reputation Filters block over 19M messages per day
        • 5.5M messages per day scanned by anti-spam engine
        • Replaced 68 servers with 8 IronPort C60s
      • Accuracy of spam filtering increased 10x
      • Servers consolidated by 70%
      • Operating costs reduced by 75%
      “ IronPort has increased the quality and reliability of our network operations, while reducing our costs.” -- Tim Helmsetetter Manager, Global Collaborative Systems Engineering and Service Management, DELL CORPORATION
    • 13. Multi-layer Virus Defense Best-of-Breed Protection at the Gateway • IronPort Virus Outbreak Filters  : stop outbreaks 13 hours ahead of traditional signatures • McAfee and Sophos Anti-Virus: signature-based solutions with industry leading accuracy MANAGEMENT TOOLS THE IRONPORT A SYNC OS™ EMAIL PLATFORM SPAM DEFENSE VIRUS DEFENSE DATA LOSS PREVENTION EMAIL ENCRYPTION
    • 14. IronPort Outbreak Filters Close the Reaction Time Gap
    • 15. How Virus Outbreak Filters Work Dynamic Quarantine In Action
      • T = 0
      • zip (exe) files
      T = 5 mins -zip (exe) files -Size 50 to 55 KB.
      • T = 10 mins
      • zip (exe) files
      • Size 50 to 55KB
      • “ Price” in the name file
      • T = 8 hours
      • Release messages if signature update is in place
      Messages Scanned & Deleted Fine-grained Rules, Multiple Parameters: Attachment Type, Attachment Size, URLs, Filenames & More
    • 16. Industry Leading Signatures from Sophos and McAfee Anti-Virus
      • Integrated Sophos ® anti-virus engine
        • High performance in-line scanning
      • Easy to deploy and manage
        • Intuitive user interface
        • Single view with Mail Flow Monitor
        • Auto updates
        • Lower TCO with integrated solution
    • 17. IronPort Data Loss Prevention Inbound/Outbound Policy Enforcement • Integrated Scanning makes DLP deployments quick & easy • Integrated Remediation eases work flow burden MANAGEMENT TOOLS THE IRONPORT A SYNC OS™ EMAIL PLATFORM SPAM DEFENSE DATA LOSS PREVENTION VIRUS DEFENSE EMAIL ENCRYPTION
    • 18. Data Loss Prevention Multi-Faceted Problem
      • Regulatory Compliance
        • HIPAA, GLBA, PCI, SOX Regulations
        • Scan for sensitive information and block infractions
        • Secure business partner communication
      • Acceptable Use
        • Block offensive content
        • Enforce messaging policy (attachment size, etc)
        • Add legal disclaimers to outgoing mails
      • Intellectual Property Protection
        • Block messages containing confidential data
        • Prevent email communications with competitor
    • 19. PCI Applies to Nearly Every Industry PCI Not Just for Retail Utilities E-Commerce Transportation Restaurant Financial/ Insurance Retail Service Provider Healthcare Federal Mobile Universities Sports and Entertainment State Agencies
    • 20. The Payment Card Industry (PCI) Data Security Standard
      • Published January 2005
      • Impacts ALL who process, transmit, or store cardholder data
      • Also applies to 3 rd -party hosting companies, information storage companies, etc.
      • Monthly fines ranging from $5,000 to $50,000 for missed deadlines
      • Has global reach
      Source: Not Published yet Latin American CEMEA 2008 TBD 2008 TBD 2008 TBD Canada DEC 2009 DEC 2009 DEC 2009 Asia MAR-DEC 2008 MAR-DEC 2008 Negotiated individually Western Europe DEC 2008 DEC 2007 SEP 2007 US Level 3 Level 2 Level 1 Theater
    • 21. Data Loss Prevention Foundation Integrated Scanning Users
        • Integrated Scanning Makes DLP Deployments Quick & Easy
      Outbound Mail Weighted Content Dictionaries Compliance Dictionaries Attachment Scanning Custom Content Filters Smart Identifiers
    • 22. Data Loss Prevention Foundation Integrated Remediation Users
        • Integrated Remediation Eases Work Flow Burden
      Outbound Mail Remediation: Quarantine Remediation Notification Remediation: Reporting Encrypt The Message
    • 24. Encryption Market Evolution The Technical View    Encryption technology is the foundation for business class email Secure Envelopes S/MIME, PGP, Secure Webmail
      • Single, Integrated Platform
      • No Certificate Complexity
      • Universal Reach
      • Multi-Platform Deployment
      • Certificate Requirements
      • Sender/Receiver Plug-Ins
      IronPort PXE ™ Legacy Encryption Solutions
    • 25. IronPort PXE: Sending a Message Instant Deployment, Zero Management Costs IronPort Hosted Keys  Gateway encrypts message  User opens IronPort PXE in browser  User authenticates & gets message key Password  Decrypted message displayed Message pushed to Recipient Key Stored
    • 26. IronPort PXE: Receiving a Message Seamless End-User Experience  View message  Enter password  Open Attachment   
    • 27. Management for Organizations of All Sizes
      • IronPort Email Security Manager  – unified policy management
      • IronPort Email Security Monitor  – enterprise-class reporting system
      • Management Interfaces – simple integration and increased productivity
    • 28. IronPort Email Security Manager Single view of policies for the entire organization IT SALES LEGAL
      • Mark and Deliver Spam
      • Delete Executables
      • Archive all mail
      • Virus Outbreak Filters disabled for .doc files
      • Allow all media files
      • Quarantine executables
      “ Email Security Manager serves as a single, versatile dashboard to manage all the services on the appliance.” -- PC Magazine 2/22/05 Categories: by Domain, Username, or LDAP
    • 29. Cisco Self-Defending Network (SDN)
      • Cisco Security- Portfolio @ a Glance
        • Network & End-point Security
        • Content & Application Security
        • Systems & Security Management
    • 30. The Portfolio at a Glance… Content and Application Security
      • Content Security
      • Reputation based, zero-day defense
      • Capability to address diverse attacks types and techniques
      • Secure all sources of attack
      • Application Security
      • Layer 7 protection for application and data vulnerabilities
      • XML traffic validation and inspection
      • Enhanced deep packet inspection
      • Product Highlights:
        • Ironport Email
        • Ironport Web
        • Intrusion Prevention Systems
      • Product Highlights:
        • ACE XML Gateway
        • Web Application Firewall
    • 31. Systems Approach to Stop Malware: Visibility and Control Intrusion Prevention
      • Detection
      • Precision response
      Content Security
      • Email SPAM
      • Web filtering
      Endpoint Security
      • Host IPS
      • AV solutions
      Firewall and VPN
      • Traffic access control
      • Encryption
      Centralized Policy Management and Monitoring
    • 32. Cisco’s Security Portfolio— Offers End-to-End Compliance with PCI Requirements
    • 33. Cisco Data Loss Prevention Solution NAC, CSA, IronPort, and TrustSec IronPort NAC Appliance ASA printer
      • IronPort
      • Prevent data loss at perimeter
      • Mail policy verification
      • Logs transaction
      • Encrypts mail message and notifies recipient
      • NAC Appliance
      • Verifies CSA and endpoint posture
      • TrustSec
      • Enforces data policy through role-based access control
      • Cisco Security Agent
      • Scan files for sensitive data
      • Prevents copying to external media
      • Prevents transfer with internetwork applications
      • Prevents bypass of gateway security policy
      Internet Internet Internet Internet Hi Joan, Could you send those files over? Sure Bob, I’ll find a way to get those files to you!
    • 34. Preventing Data Leakage and Disclosure Self-Defending Network Applied Data Center Employees Network Edge Tape Devices Application Server Cisco MDS 9000 C-Series E-Mail Security Appliance Internet Corporate Network
      • Cisco ® Security Agent
      • Prevents endpoint data loss
      • Prevents bypass of Cisco IronPort network protection
      • Inspects and classifies content (similar to Cisco IronPort) in a future release
      Partners Customers Remote Employees
      • Storage Media Encryption
      • Prevention of unauthorized access and loss of data at rest
      • Full integration with SAN fabric and management
      • Secure, highly available service
      • IronPort
      • Prevent data loss at network perimeter
      • Inspect and control content
      • Address privacy regulations
      • Take advantage of existing anti-spam and anti-spyware infrastructure
    • 35. Self-Defending Network in the Campus
      • Centralized threat management, including correlation and mitigation
      • Centralized policy and device management across entire Cisco infrastructure for IPS, VPN, and firewall
      • Web and mail content scanning to reduce malware introduction and propagation
      • Layer 3 – 7 inspection and traffic control
      • Converged remote site and user IPsec and SSL VPN services
      • Trojan horse and spyware to control channel monitoring and mitigation
      Gateway and Internet Services
      • Prevent exploits of vulnerabilities on PCs and other endpoints
      • Minimize the entrance and propagation of new threats on trusted PCs
      • Enforce access controls to trusted, untrusted, and guest users
      • Protect and isolate intra-LAN segments
      Policy Enforcement and Endpoint Protection Threat Management and Policy Control Cisco ® Security Management Suite Cisco ASA 5500 Firewall, VPN, and IPS Cisco IPS 4200 Series Sensors Network Admission Control FWSM and Cisco ASA 5500 Series Cisco IronPort Cisco ASA 5500 CSC Cisco Security Agent Endpoint Security Policy and Posture Centralized Policy and Threat Management Traffic and Admission Control Targeted Attack Protection Web and Mail Malware Scan Intra-LAN Policy Enforcement Internet Public WAN
    • 36. Self-Defending Network in the Data Center Cisco ASA ACS Cisco Security MARS Cisco ® WAAS Web Servers Cisco ACE Cisco Security Agent Cisco Security Agent Cisco Security Agent Application Servers Database Servers AXG (Web Applications) Cisco Security Agent Cisco Security Agent Cisco MDS with SME Tier 1/2/3 Storage Tape/Offsite Backup AXG (B2B) CSM Cisco Security Agent-MC CW-LMN
      • Data-Center Edge
      • Firewall and IPS
      • DoS protection
      • Application protocol inspection
      • Web Services security
      • VPN termination
      • E-mail and Web access control
      Cisco Catalyst 6000 FWSM
      • Web Access
      • Web security
      • Application security
      • Application isolation
      • Content inspection
      • SSL encryption and offload
      • Server hardening
      • Applications and Database
      • XML, SOAP, and AJAX security
      • DoS prevention
      • Application-to-application security
      • Server hardening
      • Storage
      • Data encryption
        • In motion
        • At rest
      • Stored data access control
      • Segmentation
      • Management
      • Tiered access
      • Monitoring and analysis
      • Role-based access
      • AAA access control
      Cisco IronPort E-Mail Security AXG (DHTML to XML) Cisco IronPort Web Security Cisco IronPort Web Security
    • 37. Access to the presentations
      • Ironport-DLP .ppt
    • 38. New Horizons' Partners