Taking your open source email security to the next level


Published on

Presentation by Commtouch at WorldHostingDays 2010 describing how hosting providers utilizing open source solutions can save money, increase revenues and improve antispam detection.

Published in: Technology, News & Politics
  • Be the first to comment

  • Be the first to like this

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide
  • Data source: Testimonials from Commtouch partners: MTA vendors, Gateway vendors, hosting providers.
  • Taking your open source email security to the next level

    1. 1. Taking your open source email securityto the next levelGabriel M. MizrahiVP Technologies March 18, 2010
    2. 2. About Me  12 years of email security experience  Over 15 years in the open source community  Founded an Internet security company in 2001  Married with 2 kids  A big Barcelona FC fan!
    3. 3.  Hosting Provider QuizToday’s  Issues with open source securityAgenda  Taking open source email security to the next level  Case Studies
    4. 4. The Hosting Provider Quiz 1) We use open source because… a) we started with it and grew b) it’s low cost c) we’re comfortable with it d) all of the above
    5. 5. The Hosting Provider Quiz 2) We would love to be able to… a) reduce the cost of handling email b) enhance detection rates & lower FPs c) improve customer satisfaction & increase our business d) all of the above
    6. 6. The Hosting Provider Quiz 3) But… to adopt a new solution a) we won’t throw out our existing investment b) it would have to easily integrate with current infrastructure c) it must provide a differentiator d) all of the above
    7. 7. The Hosting Provider Quiz 4) How much does it cost to handle spam with your current solution? a) I know exactly all my costs b) I have a rough estimate c) Not sure
    8. 8. Something We Can Agree On  Email is a low margin service with high costs (Capex/Opex)  You‟re using open source security because it offers flexibility  Any changes you would make need to be justified • Financially • With regards to level of service
    9. 9. One Last Question 4) Will open source alone be able to take you to where you need to go? ?
    10. 10. Why Open Source Email Security is an Issue Security Spam, phishing Costs and viruses trends Infrastructure
    11. 11. Spam & Phishing Trends Security  Increasing Spam Levels • 2002 – 25% • 2010 – over 90%  Spammers improving their techniques • Blended threats • Free Webmail accounts compromised and sending spam attacks • Use of popular sites – CNN, Adobe, others to trick users to malware sites • Other social engineering techniques
    12. 12. Virus Trends Security  Distributed faster/more frequently than AV Signatures are created  Vulnerability in first hours  Multiple variants in the same attack  Life of a variant can be as little as several hours
    13. 13. Outbound Spam – The Latest Concern Security  Compromised accounts  You are at risk of being BLACKLISTED because of outbound spam/viruses – “Shared reputation” • RBLs that block entire “C” classes • Virtual servers on a single physical server  Deal with abuse complaints
    14. 14. Existing Infrastructure Issues Infrastructure A short list of open source email security tools:  SpamAssassin  Bayesian Filters (e.g. Bogofilter, DSPAM)  Signature based anti-virus (e.g. ClamAV)  Collaborative filters (e.g. Pyzor, Razor, DCC)  Lexical filters (e.g. Block subjects with the word „viagra‟)  Greylisting (e.g. Postgrey, Greymilter)  SPF/Domain Keys  SMTP „HELO‟ checks  SMTP „MAIL FROM‟ checks  SMTP early talker detection  Local IP whitelists and blacklists  Domain based RBLs (e.g. SURBL, URIBL, DBL)  IP based RBLs (e.g. SBL, XBL, APEWS)
    15. 15. Common Administrative Issues Infrastructure  Time consuming • To achieve better coverage – must use/maintain/tune many tools  Admin staff • Someone needs to manage and maintain long list of open source tools  Staff expertise • Need to analyze each missed spam and identify unique parameters • Language dependant • By nature opens possibility for FPs/FNs
    16. 16. Rising Email Security Costs Costs Spam Cycle Additional Costs Spam Customer dissatisfaction increases Helpdesk resources for increased complaints More Servers to copeMore Never More with rising spam levelsFNs ending FPs cycle IT Resources to write rules Helpdesk resources for increased complaints More rules More Bandwidth
    17. 17. Hosting Analysis Exercise Number of mail subscribers 100,000 Average legitimate messages/day/subscriber 7 Average messages/ 150 day/subscriber (95% are spam) Total messages/day 15,000,000 Average message size 25Kb Total message traffic/day 358GB
    18. 18. Hosting Provider Cost & Savings Analysis
    19. 19. Peak Bandwidth Bandwidth Comparison Sustained 100 Commercial IP Reputation solutionBandwidth usage (Mb) can reduce traffic up to 85%*  More Predictable  Reduced bandwidth costs 135.7  Fewer mails to analyze Mbps 50 67.8 Mbps Pay for 5.1 3.1 only this 20.5M 20.3 Mbps Mbps 95% of peak bps Mbps No IP Filtering IP Based RBL Commercial IP Reputation Bandwidth Consumption * Data supplied by Commtouch partners
    20. 20. Hardware Comparison 36 18 20 Servers Servers 18,000,000 msgs/day 15,000,000 msgs/dayMessages (Millions) Only 4 servers ( + 20% spare) 15 required* 10 Server Capacity 5 500,000 msgs/day 1,100,000 msgs/day 5,000,000 msgs/day SpamAssassin SpamAssassin Commercial Servers + IP Based RBL Email Security * Data supplied by Commtouch partners
    21. 21. Take your open source email security to the next level
    22. 22. What if you could…  Increase detection with your existing infrastructure  Reduce inbound bandwidth  Not only block outbound spam but catch the spammers • Put an end to your IP ranges being blacklisted and…  Reduce costs
    23. 23. Essentials for Solution  A global view of email traffic • Higher detection rate • Lower FPs  Scalable, transparent processing power  Unattended operation  Easy integration with your existing open source security solutions
    24. 24. Furthermore…  Reduces Capex/Opex • Enables scalable growth • Decreases IT/Admin involvement • Reduces support calls • Creates excess processing power that can be repurposed  Provides new opportunities and differentiators • Configure the services you want/need • Offer new premium services • Increases your business
    25. 25. Hosting Providersthat took their open source to the next level
    26. 26. Metanet AG & mail2world
    27. 27. Hosting provider Founded in 2000 Offers services for resellers and end customers One of top 10 hosting companies in Switzerland 750 servers in network > 10,000 SMB customers 100,000 email accounts 60,000 domains
    28. 28. Previous Infrastructure SpamAssassin with various community-driven SA rules
    29. 29. Problem/Pain Low detection/high FPs Rising costs High support/maintenance costs Many helpdesk calls Additional system load due to server-side scanning
    30. 30. Solution Commtouch Anti-spamwith SpamAssassin Plug-in
    31. 31. Results 30% 25-30% Spam False Per Server Support Help DeskDetection Positives Performance Costs Calls 10% 0 25%
    32. 32. What Metanet had to say "With a highly skilled team and its rock-solid performance, Commtouch delivered superior detection and service from the implementation phase through production. After evaluating other commercial anti-spam technologies, we found that Commtouch‟s cloud-based architecture has unmatched spam filtering accuracy. It perfectly complements our long-established anti-spam strategy.“ Mirco Schnarwiler AG, Co-founder &Technical Director METANET
    33. 33. Hosting Provider 100,000+ provisioned domains Average of 330 million message transactions/day (10 billion messages/month)
    34. 34. Problem/Pain Spam load impacting ability to deliver timely mail Help desk spending too much time with FPs & customer virus issues Customers blacklisted by bots that compromised email accounts & sending spam Costs for managing email infrastructure unpredictable and difficult to manage
    35. 35. Solution Commtouch Anti-Spam Commtouch Mail Reputation Commtouch Zero-Hour Virus Protection
    36. 36. Result Incoming Hardware Per user Email Help Mail Usage Bandwidth Desk Calls significant 80% ~95% 85%
    37. 37. What mail2world had to say “As part of our multi layer protection strategy, our operations team relies on Commtouch to scale automatically to quickly absorb and eliminate new spam outbreaks. Commtouch‟s technology further enables us to reduce our bandwidth costs and ensure that our customers do not know when spam storms hit.” Kamil Asfour Director of Operations Mail2World
    38. 38. What Others Have to Say “We saw an immediate 10-15% drop in the infrastructure required to run our messaging system.” Hosting Product Manager Large Web Hosting Provider “…80% of the messages are eliminated with Commtouch’s GlobalView IP reputation. Therefore, 1 server is doing the previous work of 5 servers doing just content-based anti-spam scanning.” Director, Business Development MTA Appliance vendor
    39. 39. Easy Integration With Open Source Easy integration with popular open source
    40. 40. Easy Integration With Open Source cont… Sendmail Milter Seamless integration with: • IP Reputation • Anti-Spam • Virus Outbreak Detection Patch to integrate • GlobalView IP Reputation Qmail-Scanner Plug-in for • Anti-Spam • Virus Outbreak Detection QpSMTPd Plug-in Plug-in for • Anti-Spam • Virus Outbreak Detection
    41. 41. Easy Integration With Open Source cont… Generic Plug-in enables to disable SpamAssassin and to integrate: • Anti-Spam • Virus Outbreak Detection Patch to integrate: • Anti-Spam • Virus Outbreak Detection RBL Interface for Other • GlobalView IP Reputation
    42. 42. Not Only Open Source but “Pluggable” Connector for Exchange 2007/2010 • GlobalView IP Reputation • Anti-Spam • Virus Outbreak Detection
    43. 43. Taking Your Open Source Email Security to the Next Level Lower your costs  Reduce mail entering your network  Reduce number of processors needed  Lower Help Desk calls & IT/Admin time Integrate with your open source  Protect your current investment  Minimal technical requirements Improve detection rates  Improve customer satisfaction  Low FPs/FNs Eliminate Outbound spam
    44. 44. Thank YouGabriel.Mizrahi@commtouch.com www.commtouch.com http://blog.commtouch.com/cafe