XCS - Watchguard


Published on

1 Like
  • Be the first to comment

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide
  • Today’s email security landscape contains many threats to your messaging environment: Inbound threats center on spam and attacks to your network including viruses, malware and network attacks like denial of service Based on WatchGuard’s messaging research lab findings, more than 90% of all email is identified as spam . We predict that spam will continue to rise on an annual basis, from 30% growth in 2009 up to nearly 50% growth in 2010, and will become more sophisticated to avoid detection. As the universe of malware is doubling year over year across the internet, the potential dangers of spam to businesses will dramatically. The email security landscape has now become even more complex when compounded with web 2.0 and blended threats that use email as the invitation to web-based infections. The evolution of spam has also made a dramatic progression, evolving from simple plain text emails to sophisticated and malicious social engineering tactics that are all designed to fool systems and deceive even the smartest people.   The most alarming trend in spamming tactics is now the utilization of both email and web to achieve the desired outcome, in particular for profit-motivated crimes that utilize botnets, spyware, malware and other threats to manage and exploit the infection. By using email as the invitation, spammers have the delivery vehicle to locate and attract a victim. With Web 2.0, these criminals now have the mechanism to infect the unsuspecting victim with various destructive codes. These attacks have changed the landscape of spam management from one of productivity and networking issues to one of cyber-terrorism.   All it takes is one malicious email, one click of an employee’s mouse to place your network and business at risk for security breaches, regulatory violations, theft of confidential information, or an intrusion that turns your network into a source of internet threats.
  • XCS provides comprehensive email security with: Defense-in-depth with multiple layers of inspection for malware, spyware, spam, etc. ReputationAuthority: in-the-cloud, best-in-class reputation filtering system Protection from blended threats delivered via email Set-it-and-forget-it administration, reporting, and policy management provide total control and visibility of email traffic entering your network Strong security at an affordable price – best value
  • WatchGuard XCS uses a defense-in-depth process for security of email with multiple layers of protection including: First Line of Defense: ReputationAuthority The WatchGuard ReputationAuthority reputation service acts as the first line of defense for messaging security. Email traffic comes to the network perimeter from the internet. ReputationAuthority inspects all of the email traffic (including embedded links) based on DNSBL, volume, content and behavior analysis, looking to block all unwanted traffic at the connection level before it is passed to WatchGuard XCS for further examination. ReputationAuthority eliminates more than 98% of unwanted traffic at the perimeter. Second Line of Defense: Spam Prevention In this layer of defense, XCS validates spam based on the unique messaging patterns of the customer’s environment (e.g. if you are a pharmacy, having the word “Viagra” may not be objectionable or considered spam) and notifying back to ReputationAuthority what has been identified positively as spam, a threat, etc. so that it blocks it and contributes the data to the network to protect from future attacks. Third Line of Defense: Malware Prevention WatchGuard’s third line of defense is its sophisticated malware prevention engine. This is where in-depth scanning is occurring, looking at embedded links and web components to prevent blended threats, malware, spyware, viruses, phishing attacks, etc.
  • WatchGuard ReputationAuthority provides a powerful first line of defense in protecting your network from email threats. It provides in-the-cloud real-time threat prevention, blocking more than 98% of unwanted traffic at the perimeter before they enter your network. WatchGuard ReputationAuthority is the first next generation reputation system Hybrid In-the-Cloud model Rejects Unwanted Email and Web Traffic at the perimeter More than 98% Catch Rate 99% Accuracy Rate Unique and Patented WatchGuard ReputationAuthority offers a proactive global threat network that gathers data from deployed systems to identify malicious senders and block threats based on real-time behavior, providing a superior level of threat intelligence to defend your network. ReputationAuthority goes beyond simple sender reputation to provide an all-encompassing view of the real-time behavior of an IP address by cross-referencing and analyzing data across multiple protocols to threat feeds from multiple sources. Unlike older reputation service technologies which act simply as a credit bureau, relying on historical background and DNSBLs, ReputationAuthority combines historical information with patented, adaptive identification techniques including: sender information (who is sending it) volume behavioral analysis of an IP to determine the reputation and risk level aggregates feeds from globally deployed XCS appliances and contributes them to the network to make ReputationAuthority more intelligent in blocking threats And best of all….ReputationAuthority is included with EVERY XCS appliance.
  • Let’s compare the effectiveness of the reputation services as outlined in the previous slide Imagine you have 1M email messages entering your network for a given time period.   Other reputation-based services using only DNSBL or a combination of DNSBL and IP volume information would allow upwards of 200,000 messages to enter the network, since they are only 80% effective. A next generation service,  such as WatchGuard ReputationAuthority is up to 98% effective, allowing only 20,000 messages to enter the network. This is a significant improvement in threat protection and cost savings. KEY POINT: THE REMAINING UNWANTED TRAFFIC IS CAUGHT BY WATCHGUARD SPAM PREVENTION (DEFENSE IN DEPTH) BUT the key differentiation of ReputationAuthority  is its powerful 98% catch rate. ReputationAuthority provides significant value to your business and your email security by: Eliminates burdens associated with processing resource-intensive, unfiltered traffic, freeing your networks for legitimate traffic. By stopping and eliminating unsolicited spam messages before they reach the network, it helps reduce the size of compliance-mandated email archives. Results in decreased processing, bandwidth, storage and backup costs throughout your network.
  • The second layer of defense of WatchGuard XCS appliances is its highly effective Spam Prevention. The remaining email traffic that is not rejected by the ReputationAuthority undergoes deep content inspection at the second layer of defense with the WatchGuard Anti-Spam engine. Content Inspection It is here that further examination of the content, images and sender information of the message traffic occurs. Contextual Analysis The system provides a context-based weighted score on the spam suspect level of the message, with a remarkably low ratio of false positives. Three Layers of Filtering WatchGuard Spam Prevention has three layers of filtering to achieve a catch rate of over 99% with an accuracy rate of 99.999%. By examining the content, sender information, and conducting contextual analysis of incoming traffic across multiple protocols, the system assigns a categorized and weighted score that enables you to throttle and tune your spam. Patented Learning Filters The system uses patented learning filters that learns from your messaging environment to better determine what is really spam and what you consider business-critical communications for more intelligent and informed spam prevention and message delivery. Off-Box Quarantine Off-box quarantine is a dedicated temporary storage solution for quarantining spam and suspect emails. Pre-determined policies determine the length of time stored, by individual controls, what to quarantine and integration with third party applications and systems. Quarantine is user-controlled to allow individuals to determine spam violations and to free administrators from having to manage individual spam policies, hence further eliminating false-positives. Flexible Spam Management With flexible spam management capabilities and automated filter updates, WatchGuard spam prevention enables XCS to meet email security needs without imposing a significant administrative burdens
  • The XCS third layer of defense is its malware prevention engine. WatchGuard XCS uses a unified approach to prevent viruses and malicious code infections to reduce the costs and complexity of managing multiple virus, spyware and malware engines. Blended Threat Protection: Effective virus and malware protection scans email, searching for potentially malicious content being delivered via a blended threat. Automated Handling of Identified Malware: Out-of-the-box and custom defined options determines how identified messages should be handled. Zero-Hour Threat Outbreak Response: During any malware or spam outbreak, there is invariably a period of time between when the outbreak is detected and when the actual update to prevent future attacks is distributed. WatchGuard XCS’s Threat Outbreak Response closes the window of vulnerability that occurs between when an attack first emerges and when the scanning filters are updated for the most rapid response to new malware threats.
  • WatchGuard XCS provides an easy-to-use administrative console. The interface is intuitive and is simple to configure. The system comes with pre-defined policies so you can plug-and-play…OR You have the flexibility to create custom policies specific to your business requirements.
  • With WatchGuard XCS integrated reporting, you have information at your fingertips. XCS reports provide a snapshot of: system overview and status messages blocked email traffic trends mail queue and quarantine information and much more… Customizable reports are available in varying file formats. Easily export or locally save time-, feature-, and group-based reports.
  • WatchGuard XCS appliances are designed to ensure continuity of communications. With email having become the primary utility of business communications, it is critical to ensure that your email system and its security avoids downtimes. You can’t afford lost messages and your email can’t move at a snail’s pace. Zero Lost Messages With Patented Queue Replication Technology WatchGuard XCS solves this critical risk with automated and native redundancy to ensure ZERO lost messages. Message Redundancy is a key component for designing a totally redundant solution, ensuring no messages are ever lost or delayed due to a failure of a system which have queued messages that have not been processed or delivered at the time of failure. Clustering and queue replication becomes extremely important when deploying products that rely heavily on multiple delivery queues for processing their messages. On-Demand Clustering You also have the ability to cluster multiple systems together, allowing you to manage the multiple systems acting as one logical unit easily and efficiently. Clustering multiple units together removes a single point of failure and ensures that a network infrastructure is always up and running. When configured in a cluster, all configuration settings and message queues are replicated across the entire cluster. XCS delivers an unbeatable return-on-investment by reducing operational costs and guaranteeing the delivery of business-critical messages and communications. Centralized Management With Geographical Redundancy Geographical redundancy through centralized management allows ease of management of multiple XCS platforms without the need of an external management system. XCS provides the ability to allow Administrators to easily and centrally manage systems that are deployed globally, and to apply a single set of policies across the entire system.
  • Sensitive information enters and exits company networks every day. As email has become the most significant medium for business communications, it has also become the largest violation medium for data loss. Data loss or leakage occurs in every organization either unintentionally or maliciously. All it takes is for a recipient’s email address to be misspelled or an incorrect key to be pressed by an employee on a keyboard, and a message containing confidential information ends up in the wrong person’s hands, resulting in leakage of sensitive information. The consequences could be detrimental, including brand erosion, loss of customer confidence, financial repercussions, and public embarrassment if it makes the headlines.
  • This becomes a significant problem and risk as organizations are trying to meet and manage regulatory and internal compliance and control requirements, including: Government & Industry Compliance Regulations: e.g. HIPAA, PCI, GLB, etc. Internal Policies: C-level rules, sensitive and confidential information Acceptable Use: HR policies, sexual harassment and legal violations that can occur in messaging Intellectual Property: Trade secrets, sales reports, financial statements, sales or business plans, etc. As a result, data leakage has now become a critical issue that can only be addressed by comprehensive data loss prevention tools that are used to accelerate business, protect your organization, and ensure privacy.
  • WatchGuard Data Loss Prevention is integrated into all XCS appliance models to enable you to seamlessly prevent the loss, leakage or exposure of sensitive, restricted and inappropriate content across multiple protocols. Links deep inspection of email traffic content with context of the message being sent to assess whether it is in violation of policies. Instant-on remediation is built right into WatchGuard XCS appliances and is used to successfully secure, monitor, record, quarantine, and block data-in-motion over email, providing an extensive risk management and policy enforcement boundary. Consolidated policy management provides a single view for managing policies, securing content across email, and providing policy violation reporting. Knowledge-based structuring of content allows XCS to dynamically learn from the content passed through the data loss prevention engine to make more accurate decisions, faster for enhanced protection from data leakage.
  • WatchGuard XCS makes decisions based on content and context: The system uses a seamlessly integrated process for securing content from data loss. Examine: XCS examines the entire content, including message headers, message body, and attachments. Content inspection determines what is being delivered, including files and attachments, and compares it to policies in an effort to discover policy violations. XCS data loss prevention functionality goes one step further by also inspecting the context of the traffic Determine: In this next step, contextual analysis applies intelligence to determine, based on policies, whether the discovered/identified confidential content that has passed through the content inspection engine is allowable. The system inspects who is sending the content and where or whom the content is being sent to, which is vital in determining if the content is a violation or note, and the proper remediation tactic to employ. Without context, a typical data loss prevention system would easily block or quarantine an important communication with the potential to impede business processes. For example, the CFO may be able to send financial statements to the auditor of the company – this communication is allowed. A customer service employee, however, who does not have permissions to send financial statements will have the communication blocked. Deliver: Based on pre-defined policies, the system conducts instant remediation of the message including block, allow, quarantine, blind copy, encrypt, or reroute content. Report: XCS monitors traffic and provides granular reports to demonstrate policy violations for compliance audit requirements, identifying security gaps, and enabling you to make informed security decisions.
  • WatchGuard Email Encryption technology is an optional subscription, available with all XCS appliance models, for companies that want or require an encryption solution that is tightly integrated with their email security. It provides easy-to-use, business-class encryption to securely transmit and receive private and sensitive information. The transparent nature of the WatchGuard Email Encryption solution lends to its ease of use. Tightly integrated within the WatchGuard XCS appliances, all email sent from the organization passes through the XCS data loss prevention engine. The system identifies outgoing messages that meet pre-defined policies for confidentiality and automatically encrypt identified messages which contain sensitive or confidential information with no special action required by the sender. Messages can also be manually set for encryption by typing a simple command in the subject header of a message. The email is then processed and encrypted locally, retrieving the session key for the registered envelope service. Encrypted messages are sent as HTML attachments to ordinary email messages and are directly delivered to the recipient who can decode and view the encrypted messages using any Web browser. Encrypted messages can be opened with any email program and any web browser running on any operating system. The process is quite simple: recipients open an HTML email attachment, enter a password and view the secure message. The recipient enters credentials and is verified by the registered envelope service, generating the key to decrypt the email.
  • Centralized Policy Management: Includes pre-defined compliance dictionaries that can be used for privacy and compliance to industry regulations Allows you to set policies by domain, group, or individual users Reduces complexity Ensures consistent application of security policies across email
  • XCS provides reporting alerts of email policy violations for compliance audits, with granular reporting of the violation incident.
  • WatchGuard XCS provides many advantages to small businesses. Highly Effective Perimeter Security With the most effective next-generation reputation service technology available, your system processes only clean, wanted traffic, blocking threats from ever entering your network. Multi-Layer Approach Our defense-in-depth approach and sophisticated anti-spam and anti-malware engines ensure your email security is never compromised. Easy-to-Use You don’t need a PhD in email security and administration to use WatchGuard XCS. With its intuitive Web GUI, configuration and management are made simple – all you have to do is set-it-and-forget-it. XCS will do the rest! Instant-On Data Loss Prevention Protect your most business-critical assets with comprehensive content controls and instant remediation based on your policies to safeguard sensitive outgoing information. Always On Security Multiple layers of redundancy so you never lose a message and ensures service levels with infinite scalability. Strong Security at an Affordable Price WatchGuard XCS delivers the best value with the strongest, defense-in-depth security to prevent email threats.
  • XCS - Watchguard

    1. 1. <ul><li>WatchGuard XCS Email Threat Prevention </li></ul><ul><li>Specifically Designed for </li></ul><ul><li>Small to Mid-Sized Business </li></ul>
    2. 2. <ul><li>Today’s Email Threat Landscape </li></ul>
    3. 3. <ul><li>WatchGuard XCS Extensible Content Security </li></ul><ul><li>Next-Generation Email Security </li></ul><ul><li>Defense-in-depth for messaging security </li></ul><ul><li>Integrated protection from blended threats </li></ul><ul><li>Unique and patented </li></ul><ul><li>Strong security at an affordable price </li></ul>
    4. 4. <ul><li>Defense-in-Depth for Email Security </li></ul><ul><li>WatchGuard is Unique </li></ul>Rejected Email Messages
    5. 5. <ul><li>WatchGuard ReputationAuthority </li></ul><ul><li>Powerful First Line of Defense </li></ul><ul><li>Rejects More Than 98% of Unwanted Traffic at the Perimeter </li></ul><ul><li>Best-in-class Next Generation Reputation Service </li></ul>
    6. 6. <ul><li>The Power of ReputationAuthority </li></ul><ul><li>For More Than 95% Rejection of Email with 99.99% Accuracy </li></ul><ul><li>Did You Know… </li></ul><ul><ul><li>More than 90% of email is spam </li></ul></ul><ul><ul><li>Email is now the delivery vehicle for web-based infections </li></ul></ul><ul><li>Do the Math… </li></ul><ul><ul><li>For every 100 emails, more than 90 are unwanted; nearly 89 are caught and rejected at the perimeter by WatchGuard ReputationAuthority </li></ul></ul><ul><ul><li>How much spam can you stop with WatchGuard? </li></ul></ul>
    7. 7. <ul><li>WatchGuard XCS Spam Prevention </li></ul><ul><li>Second Line of Defense </li></ul>
    8. 8. <ul><li>WatchGuard Malware Prevention </li></ul><ul><li>Third Line of Defense </li></ul>
    9. 9. <ul><li>Set-It-And-Forget-It </li></ul>
    10. 10. <ul><li>Ease of Use </li></ul>
    11. 11. <ul><li>Integrated Reporting of Email Traffic </li></ul>
    12. 12. <ul><li>High Availability & Zero Lost Messages </li></ul><ul><li>Clustering & Queue Replication </li></ul><ul><li>Geographical Redundancy </li></ul><ul><li>Centralized Management </li></ul>
    13. 13. <ul><li>The Data Loss Landscape </li></ul>
    14. 14. <ul><li>Framing the Problem: </li></ul><ul><li>Email Is Largest Data Loss Medium </li></ul>
    15. 15. <ul><li>Exasperating the Problem: Privacy and Security </li></ul>Acceptable Use Intellectual Property Regulations Internal Policies Employee
    16. 16. <ul><li>WatchGuard Data Loss Prevention </li></ul><ul><li>Deep Inspection </li></ul><ul><ul><li>Email & Web </li></ul></ul><ul><ul><li>Content and context scanning </li></ul></ul><ul><li>Consolidated Policy Management </li></ul><ul><ul><li>Single UI </li></ul></ul><ul><ul><li>Reporting </li></ul></ul><ul><li>Integrated Remediation </li></ul><ul><ul><li>Encryption </li></ul></ul><ul><ul><li>Block or allow </li></ul></ul><ul><ul><li>Quarantine or reroute </li></ul></ul><ul><li>Instant-On Data Loss Prevention!!! </li></ul>“ The true value of content monitoring and filtering lies in helping management to identify and correct faulty business processes and accidental disclosures.” Gartner Research: Content Monitoring and Filtering Helps Find Faulty Business Process, Accidental Disclosures
    17. 17. <ul><li>Seamlessly Integrated Process </li></ul>
    18. 18. <ul><li>Remediation With Instant-On Encryption: </li></ul><ul><li>The WatchGuard Email Encryption Subscription </li></ul>
    19. 19. <ul><li>Centralized Policy Management For Data Loss Prevention </li></ul>
    20. 20. <ul><li>Detailed Logging & Reporting of Policy Violations </li></ul>
    21. 21. <ul><li>WatchGuard XCS </li></ul><ul><li>Strong Email Security at An Affordable Price </li></ul>
    22. 22. <ul><li>Thank you. </li></ul><ul><li>Questions? </li></ul>