Ironport Data Loss Prevention


Published on

This is the presentation file of my Ironport DLP Seminar which I have made at New Horizons of Sofia, 25.11.2008.

Published in: Technology, Business
1 Like
  • Be the first to comment

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide
  • Ironport Data Loss Prevention

    1. 1. Securing Your Email - Data Loss Prevention Deniz Kaya Microsoft, Cisco, Ironport, Mile2 Instructor CCSI, CCNP, MCT, MCSE, ICSI, ICSP, CPTS
    2. 2. IronPort ® Gateway Security Products Web Security | Email Security | Security Management | Encryption EMAIL Security Appliance WEB Security Appliance Security MANAGEMENT Appliance IronPort SenderBase APPLICATION-SPECIFIC SECURITY GATEWAYS CLIENTS BLOCK Incoming Threats PROTECT Corporate Assets Data Loss Prevention Encryption CENTRALIZE Administration Internet ENCRYPTION Appliance
    3. 3. IronPort + Cisco Market Leadership <ul><li>Customer Leadership </li></ul><ul><li>- Over 6,000 customers globally </li></ul><ul><li>- 99% customer retention rate </li></ul><ul><li>Technology Leadership </li></ul><ul><li>- Industry leading email and Web security applications and management tools </li></ul><ul><li>Global Leadership </li></ul><ul><li>- Worldwide business operations </li></ul><ul><li>- Global technology infrastructure </li></ul>
    4. 4. The IronPort SenderBase ® Network Global Reach Yields Benchmark Accuracy <ul><li>5B+ queries daily </li></ul><ul><li>150+ Email and Web parameters </li></ul><ul><li>35% of the World’s Traffic </li></ul>IronPort EMAIL Security Appliances IronPort WEB Security Appliances IronPort SenderBase Combines Email & Web Traffic Analysis <ul><li>View into both Email & Web traffic dramatically improves efficacy </li></ul><ul><li>80% of spam contains URLs </li></ul><ul><li>Email is a key distribution vector for Web-based malware </li></ul>
    5. 5. IronPort Consolidates the Network Perimeter For Security, Reliability and Lower Maintenance After IronPort Groupware Firewall IronPort Email Security Appliance Internet Users Before IronPort Anti-Spam Anti-Virus Policy Enforcement Mail Routing Internet Firewall Groupware Users Encryption Platform MTA DLP Scanner DLP Policy Manager
    7. 7. IronPort AsyncOS Unmatched Scalability and Security • IronPort AsyncOS is a scalable and secure operating system, optimized for messaging • Advanced Email Controls protect reputation and downstream systems • Standards-based Integration replaces legacy systems with ease MANAGEMENT TOOLS THE IRONPORT A SYNC OS™ EMAIL PLATFORM SPAM DEFENSE VIRUS DEFENSE DATA LOSS PREVENTION EMAIL ENCRYPTION
    8. 8. Multi-layer Spam Defense Best-of-Breed Protection at the Gateway • IronPort Reputation Filters™: the outer layer defense • IronPort Anti-Spam ™ : stops the broadest array of threats – spam, phishing, fraud and more MANAGEMENT TOOLS THE IRONPORT A SYNC OS™ EMAIL PLATFORM SPAM DEFENSE VIRUS DEFENSE DATA LOSS PREVENTION EMAIL ENCRYPTION
    9. 9. SenderBase ® Data Makes the Difference • Complaint Reports •  Spam Traps • Message Composition Data • Global Volume Data • URL Lists • Compromised Host Lists • Web Crawlers • IP Blacklists & Whitelists • Additional Data SenderBase Data Data Analysis/ Security Modeling SenderBase Reputation Scores -10 to +10 Parameters Threat Prevention in Realtime
    10. 10. Introducing IronPort Spam Defense <ul><li>Multi-layer spam defense designed to: </li></ul><ul><ul><li>Stop spam quickly </li></ul></ul><ul><ul><li>Stop spam accurately </li></ul></ul>Reputation Worlds first and best sender based reputation service - Blocks 80% of spam at gateway - World class accuracy SBRS IPAS Who? How? What? Where? World’s most accurate content based spam engine - 98% catch rate - World class accuracy
    11. 11. IronPort Anti-Spam Accuracy Powered By Context Adaptive Scanning Engine WHAT? HOW? WHO? WHERE? <ul><li>All text inside an image </li></ul><ul><li>Random dots appear within the message </li></ul><ul><li>Nearly identical color scheme in 100,000’s spamtrap msgs </li></ul>Verdict BLOCK <ul><li>IP address recently started sending email </li></ul><ul><li>Message originated from dial-up IP address </li></ul><ul><li>Sending IP address located in Russia </li></ul><ul><li>Message leaves trace of spamware tool </li></ul>
    12. 12. IronPort Reputation Filters Dell Case Study <ul><li>Dell’s challenge: </li></ul><ul><ul><li>Dell currently receives 26M messages per day </li></ul></ul><ul><ul><li>Only 1.5M are legitimate messages </li></ul></ul><ul><ul><li>68 existing gateways running Spam Assassin were not accurate </li></ul></ul><ul><li>IronPort solution: </li></ul><ul><ul><li>Reputation Filters block over 19M messages per day </li></ul></ul><ul><ul><li>5.5M messages per day scanned by anti-spam engine </li></ul></ul><ul><ul><li>Replaced 68 servers with 8 IronPort C60s </li></ul></ul><ul><li>Accuracy of spam filtering increased 10x </li></ul><ul><li>Servers consolidated by 70% </li></ul><ul><li>Operating costs reduced by 75% </li></ul>“ IronPort has increased the quality and reliability of our network operations, while reducing our costs.” -- Tim Helmsetetter Manager, Global Collaborative Systems Engineering and Service Management, DELL CORPORATION
    13. 13. Multi-layer Virus Defense Best-of-Breed Protection at the Gateway • IronPort Virus Outbreak Filters  : stop outbreaks 13 hours ahead of traditional signatures • McAfee and Sophos Anti-Virus: signature-based solutions with industry leading accuracy MANAGEMENT TOOLS THE IRONPORT A SYNC OS™ EMAIL PLATFORM SPAM DEFENSE VIRUS DEFENSE DATA LOSS PREVENTION EMAIL ENCRYPTION
    14. 14. IronPort Outbreak Filters Close the Reaction Time Gap
    15. 15. How Virus Outbreak Filters Work Dynamic Quarantine In Action <ul><li>T = 0 </li></ul><ul><li>zip (exe) files </li></ul>T = 5 mins -zip (exe) files -Size 50 to 55 KB. <ul><li>T = 10 mins </li></ul><ul><li>zip (exe) files </li></ul><ul><li>Size 50 to 55KB </li></ul><ul><li>“ Price” in the name file </li></ul><ul><li>T = 8 hours </li></ul><ul><li>Release messages if signature update is in place </li></ul>Messages Scanned & Deleted Fine-grained Rules, Multiple Parameters: Attachment Type, Attachment Size, URLs, Filenames & More
    16. 16. Industry Leading Signatures from Sophos and McAfee Anti-Virus <ul><li>Integrated Sophos ® anti-virus engine </li></ul><ul><ul><li>High performance in-line scanning </li></ul></ul><ul><li>Easy to deploy and manage </li></ul><ul><ul><li>Intuitive user interface </li></ul></ul><ul><ul><li>Single view with Mail Flow Monitor </li></ul></ul><ul><ul><li>Auto updates </li></ul></ul><ul><ul><li>Lower TCO with integrated solution </li></ul></ul>
    17. 17. IronPort Data Loss Prevention Inbound/Outbound Policy Enforcement • Integrated Scanning makes DLP deployments quick & easy • Integrated Remediation eases work flow burden MANAGEMENT TOOLS THE IRONPORT A SYNC OS™ EMAIL PLATFORM SPAM DEFENSE DATA LOSS PREVENTION VIRUS DEFENSE EMAIL ENCRYPTION
    18. 18. Data Loss Prevention Multi-Faceted Problem <ul><li>Regulatory Compliance </li></ul><ul><ul><li>HIPAA, GLBA, PCI, SOX Regulations </li></ul></ul><ul><ul><li>Scan for sensitive information and block infractions </li></ul></ul><ul><ul><li>Secure business partner communication </li></ul></ul><ul><li>Acceptable Use </li></ul><ul><ul><li>Block offensive content </li></ul></ul><ul><ul><li>Enforce messaging policy (attachment size, etc) </li></ul></ul><ul><ul><li>Add legal disclaimers to outgoing mails </li></ul></ul><ul><li>Intellectual Property Protection </li></ul><ul><ul><li>Block messages containing confidential data </li></ul></ul><ul><ul><li>Prevent email communications with competitor </li></ul></ul>
    19. 19. PCI Applies to Nearly Every Industry PCI Not Just for Retail Utilities E-Commerce Transportation Restaurant Financial/ Insurance Retail Service Provider Healthcare Federal Mobile Universities Sports and Entertainment State Agencies
    20. 20. The Payment Card Industry (PCI) Data Security Standard <ul><li>Published January 2005 </li></ul><ul><li>Impacts ALL who process, transmit, or store cardholder data </li></ul><ul><li>Also applies to 3 rd -party hosting companies, information storage companies, etc. </li></ul><ul><li>Monthly fines ranging from $5,000 to $50,000 for missed deadlines </li></ul><ul><li>Has global reach </li></ul>Source: Not Published yet Latin American CEMEA 2008 TBD 2008 TBD 2008 TBD Canada DEC 2009 DEC 2009 DEC 2009 Asia MAR-DEC 2008 MAR-DEC 2008 Negotiated individually Western Europe DEC 2008 DEC 2007 SEP 2007 US Level 3 Level 2 Level 1 Theater
    21. 21. Data Loss Prevention Foundation Integrated Scanning Users <ul><ul><li>Integrated Scanning Makes DLP Deployments Quick & Easy </li></ul></ul>Outbound Mail Weighted Content Dictionaries Compliance Dictionaries Attachment Scanning Custom Content Filters Smart Identifiers
    22. 22. Data Loss Prevention Foundation Integrated Remediation Users <ul><ul><li>Integrated Remediation Eases Work Flow Burden </li></ul></ul>Outbound Mail Remediation: Quarantine Remediation Notification Remediation: Reporting Encrypt The Message
    24. 24. Encryption Market Evolution The Technical View    Encryption technology is the foundation for business class email Secure Envelopes S/MIME, PGP, Secure Webmail <ul><li>Single, Integrated Platform </li></ul><ul><li>No Certificate Complexity </li></ul><ul><li>Universal Reach </li></ul><ul><li>Multi-Platform Deployment </li></ul><ul><li>Certificate Requirements </li></ul><ul><li>Sender/Receiver Plug-Ins </li></ul>IronPort PXE ™ Legacy Encryption Solutions
    25. 25. IronPort PXE: Sending a Message Instant Deployment, Zero Management Costs IronPort Hosted Keys  Gateway encrypts message  User opens IronPort PXE in browser  User authenticates & gets message key Password  Decrypted message displayed Message pushed to Recipient Key Stored
    26. 26. IronPort PXE: Receiving a Message Seamless End-User Experience  View message  Enter password  Open Attachment   
    27. 27. Management for Organizations of All Sizes <ul><li>IronPort Email Security Manager  – unified policy management </li></ul><ul><li>IronPort Email Security Monitor  – enterprise-class reporting system </li></ul><ul><li>Management Interfaces – simple integration and increased productivity </li></ul>MANAGEMENT TOOLS THE IRONPORT A SYNC OS™ EMAIL PLATFORM SPAM DEFENSE VIRUS DEFENSE DATA LOSS PREVENTION EMAIL ENCRYPTION
    28. 28. IronPort Email Security Manager Single view of policies for the entire organization IT SALES LEGAL <ul><li>Mark and Deliver Spam </li></ul><ul><li>Delete Executables </li></ul><ul><li>Archive all mail </li></ul><ul><li>Virus Outbreak Filters disabled for .doc files </li></ul><ul><li>Allow all media files </li></ul><ul><li>Quarantine executables </li></ul>“ Email Security Manager serves as a single, versatile dashboard to manage all the services on the appliance.” -- PC Magazine 2/22/05 Categories: by Domain, Username, or LDAP
    29. 29. Cisco Self-Defending Network (SDN) <ul><li>Cisco Security- Portfolio @ a Glance </li></ul><ul><ul><li>Network & End-point Security </li></ul></ul><ul><ul><li>Content & Application Security </li></ul></ul><ul><ul><li>Systems & Security Management </li></ul></ul>
    30. 30. The Portfolio at a Glance… Content and Application Security <ul><li>Content Security </li></ul><ul><li>Reputation based, zero-day defense </li></ul><ul><li>Capability to address diverse attacks types and techniques </li></ul><ul><li>Secure all sources of attack </li></ul><ul><li>Application Security </li></ul><ul><li>Layer 7 protection for application and data vulnerabilities </li></ul><ul><li>XML traffic validation and inspection </li></ul><ul><li>Enhanced deep packet inspection </li></ul><ul><li>Product Highlights: </li></ul><ul><ul><li>Ironport Email </li></ul></ul><ul><ul><li>Ironport Web </li></ul></ul><ul><ul><li>Intrusion Prevention Systems </li></ul></ul><ul><li>Product Highlights: </li></ul><ul><ul><li>ACE XML Gateway </li></ul></ul><ul><ul><li>Web Application Firewall </li></ul></ul>
    31. 31. Systems Approach to Stop Malware: Visibility and Control Intrusion Prevention <ul><li>Detection </li></ul><ul><li>Precision response </li></ul>Content Security <ul><li>Email SPAM </li></ul><ul><li>Web filtering </li></ul>Endpoint Security <ul><li>Host IPS </li></ul><ul><li>AV solutions </li></ul>Firewall and VPN <ul><li>Traffic access control </li></ul><ul><li>Encryption </li></ul>Centralized Policy Management and Monitoring
    32. 32. Cisco’s Security Portfolio— Offers End-to-End Compliance with PCI Requirements
    33. 33. Cisco Data Loss Prevention Solution NAC, CSA, IronPort, and TrustSec IronPort NAC Appliance ASA printer <ul><li>IronPort </li></ul><ul><li>Prevent data loss at perimeter </li></ul><ul><li>Mail policy verification </li></ul><ul><li>Logs transaction </li></ul><ul><li>Encrypts mail message and notifies recipient </li></ul><ul><li>NAC Appliance </li></ul><ul><li>Verifies CSA and endpoint posture </li></ul>TrustSec <ul><li>TrustSec </li></ul><ul><li>Enforces data policy through role-based access control </li></ul><ul><li>Cisco Security Agent </li></ul><ul><li>Scan files for sensitive data </li></ul><ul><li>Prevents copying to external media </li></ul><ul><li>Prevents transfer with internetwork applications </li></ul><ul><li>Prevents bypass of gateway security policy </li></ul>Internet Internet Internet Internet Hi Joan, Could you send those files over? Sure Bob, I’ll find a way to get those files to you!
    34. 34. Preventing Data Leakage and Disclosure Self-Defending Network Applied Data Center Employees Network Edge Tape Devices Application Server Cisco MDS 9000 C-Series E-Mail Security Appliance Internet Corporate Network <ul><li>Cisco ® Security Agent </li></ul><ul><li>Prevents endpoint data loss </li></ul><ul><li>Prevents bypass of Cisco IronPort network protection </li></ul><ul><li>Inspects and classifies content (similar to Cisco IronPort) in a future release </li></ul>Partners Customers Remote Employees <ul><li>Storage Media Encryption </li></ul><ul><li>Prevention of unauthorized access and loss of data at rest </li></ul><ul><li>Full integration with SAN fabric and management </li></ul><ul><li>Secure, highly available service </li></ul><ul><li>IronPort </li></ul><ul><li>Prevent data loss at network perimeter </li></ul><ul><li>Inspect and control content </li></ul><ul><li>Address privacy regulations </li></ul><ul><li>Take advantage of existing anti-spam and anti-spyware infrastructure </li></ul>
    35. 35. Self-Defending Network in the Campus <ul><li>Centralized threat management, including correlation and mitigation </li></ul><ul><li>Centralized policy and device management across entire Cisco infrastructure for IPS, VPN, and firewall </li></ul><ul><li>Web and mail content scanning to reduce malware introduction and propagation </li></ul><ul><li>Layer 3 – 7 inspection and traffic control </li></ul><ul><li>Converged remote site and user IPsec and SSL VPN services </li></ul><ul><li>Trojan horse and spyware to control channel monitoring and mitigation </li></ul>Gateway and Internet Services <ul><li>Prevent exploits of vulnerabilities on PCs and other endpoints </li></ul><ul><li>Minimize the entrance and propagation of new threats on trusted PCs </li></ul><ul><li>Enforce access controls to trusted, untrusted, and guest users </li></ul><ul><li>Protect and isolate intra-LAN segments </li></ul>Policy Enforcement and Endpoint Protection Threat Management and Policy Control Cisco ® Security Management Suite Cisco ASA 5500 Firewall, VPN, and IPS Cisco IPS 4200 Series Sensors Network Admission Control FWSM and Cisco ASA 5500 Series Cisco IronPort Cisco ASA 5500 CSC Cisco Security Agent Endpoint Security Policy and Posture Centralized Policy and Threat Management Traffic and Admission Control Targeted Attack Protection Web and Mail Malware Scan Intra-LAN Policy Enforcement Internet Public WAN
    36. 36. Self-Defending Network in the Data Center Cisco ASA ACS Cisco Security MARS Cisco ® WAAS Web Servers Cisco ACE Cisco Security Agent Cisco Security Agent Cisco Security Agent Application Servers Database Servers AXG (Web Applications) Cisco Security Agent Cisco Security Agent Cisco MDS with SME Tier 1/2/3 Storage Tape/Offsite Backup AXG (B2B) CSM Cisco Security Agent-MC CW-LMN <ul><li>Data-Center Edge </li></ul><ul><li>Firewall and IPS </li></ul><ul><li>DoS protection </li></ul><ul><li>Application protocol inspection </li></ul><ul><li>Web Services security </li></ul><ul><li>VPN termination </li></ul><ul><li>E-mail and Web access control </li></ul>Cisco Catalyst 6000 FWSM <ul><li>Web Access </li></ul><ul><li>Web security </li></ul><ul><li>Application security </li></ul><ul><li>Application isolation </li></ul><ul><li>Content inspection </li></ul><ul><li>SSL encryption and offload </li></ul><ul><li>Server hardening </li></ul><ul><li>Applications and Database </li></ul><ul><li>XML, SOAP, and AJAX security </li></ul><ul><li>DoS prevention </li></ul><ul><li>Application-to-application security </li></ul><ul><li>Server hardening </li></ul><ul><li>Storage </li></ul><ul><li>Data encryption </li></ul><ul><ul><li>In motion </li></ul></ul><ul><ul><li>At rest </li></ul></ul><ul><li>Stored data access control </li></ul><ul><li>Segmentation </li></ul><ul><li>Management </li></ul><ul><li>Tiered access </li></ul><ul><li>Monitoring and analysis </li></ul><ul><li>Role-based access </li></ul><ul><li>AAA access control </li></ul>Cisco IronPort E-Mail Security AXG (DHTML to XML) Cisco IronPort Web Security Cisco IronPort Web Security
    37. 37. Access to the presentations <ul><li> </li></ul><ul><li> </li></ul><ul><li> Ironport-DLP .ppt </li></ul>
    38. 38. New Horizons' Partners