Symantec AntiSpam Complete Overview (PowerPoint)


Published on

  • Be the first to comment

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide
  • Symantec, the global leader in information security, is the only vendor that offers best-of-breed email security at the network, gateway, and server, with multiple deployment options for all organizations
  • What about the size of the rule set Roughly 12 megabytes Turns over every 2-3 days 4 megabytes every day is about 26 seconds of download on a T-1
  • This slide summarizes how the product has been received. The PC Magazine quote refers to BM’s zero false–positive showing. This writeup is excerpted from PC Magazine’s Editor’s Choice review for antispam products last year. EWeek quote speaks to the metrics that most customers value: high effectiveness, without a significant administrative burden Analysts comments: Yankee Group reaffirms the key 1 in a million false positive rate Gartner puts Symantec Brightmail AntiSpam in the Leader’s quadrant
  • Administrators can set actions on a per module – different action for Brightmail Module, Custom Rules Module and Blacklist Module. Administrators can set different actions on per domain basis. So you can delete for one domain and end user quarantine for another domain.
  • Appliance Form Factor Hardware*, OS*, Mail Relay*, Hardened Configuration*, Scanner, Control Center, TLS Encryption* Benefit: Secure solution that is easy to deploy and manage Email Security Brightmail AntiSpam Symantec AntiVirus TurnTide Traffic Shaping* Email Firewall- Automated Defenses* Email Firewall-Reputation Lists SPF* Content Filtering Benefit: Secures inbound and outbound email communication Mail Management Group Policies LDAP Group Policies* X Number of Actions (Y New Actions) Multiple Actions* Gateway End User Preferences* Benefit: Allows for granular control based upon an organization’s email best practice policy System Management Web-based Administration, Global Management, Multiple Administrators, Alerts, Automatic Rule Updates, 50 Reports (35 New)*, Software Update Mechanism* Benefit: Allows for simple monitoring and management of entire deployment
  • Symantec AntiSpam Complete Overview (PowerPoint)

    1. 1. Symantec Brightmail Anti-Spam 6.0 Product Overview Presentation 08. März 2005 Christoph Kugler Territory Account Manager [email_address]
    2. 2. Agenda <ul><li>The Growing Spam Problem </li></ul><ul><li>Symantec Mail Security </li></ul><ul><li>SBAS Product Features </li></ul><ul><li>Architecture, Deployment, Sizing </li></ul><ul><li>Filtering Technologies </li></ul><ul><li>Brightmail Scanner </li></ul><ul><li>Brightmail Control Center </li></ul><ul><li>Folder Agents </li></ul><ul><li>Brightmail Plug-in for Outlook </li></ul><ul><li>Symantec Mail Security 8200 Series </li></ul><ul><li>Summary – Why is Brightmail the best </li></ul>
    3. 3. The Growing Spam Problem
    4. 4. Who am I? <ul><li>Name: Laura Betterly </li></ul><ul><li>Age: 41 </li></ul><ul><li>Single, mother, 2 kids </li></ul><ul><li>Annual salary: 300’000$ </li></ul><ul><li>Owner of Data Resource Consulting Inc. </li></ul><ul><li>Job Title: Spam Queen </li></ul>
    5. 5. Merkmale von Spam <ul><li>Wird meistens an eine grosse Anzahl Benutzer gesendet </li></ul><ul><li>Empfänger weiss nicht wer der Sender ist </li></ul><ul><li>Empfänger hat es nie angefordert </li></ul><ul><li>Schwierig bzw. Unmöglich es abzubestellen </li></ul>Wenn Sie es nicht erhalten, Würden Sie es vermissen??
    6. 6. Spam Continues to Grow and Evolve
    7. 7. Symantec Mail Security
    8. 8. Symantec Mail Security SMS - Symantec Mail Security SBAS - Symantec Brightmail AntiSpam
    9. 9. Symantec Mail Security Product Family     Software Deployment   Appliance      SMS for Domino     SMS for Exchange    SMS for SMTP     SBAS Limited     SMS 8200  Limited  SMS 8100 Traffic Shaping Content Filtering AV AS Network Gateway Groupware Key Features Protection Tier
    10. 10. Symantec Brightmail Anti-Spam 6.0 Product Features
    11. 11. Leadership <ul><li>Brightmail is the worldwide leader in anti-spam technology, providing anti-spam software at the Internet gateway </li></ul>325 million mailboxes 25% of global mailboxes 2,000 businesses 9 of top 12 U.S. ISPs Protects over 100 billion in June 2004* 15% of global Internet traffic* *Nearest competitor: 6 billion messages & 1% global traffic Messages Filtered *Nearest competitor: 6 billion messages & 1% global traffic
    12. 12. Zero Administration <ul><li>Why low administration matters? </li></ul><ul><ul><li>Do you have time to write rules, whitelist senders or resolve false positives? </li></ul></ul><ul><ul><li>Do you have visibility into new spam trends? </li></ul></ul><ul><ul><li>Do you want to be an expert at fighting spam? </li></ul></ul><ul><ul><li>Can you provide 24x7 spam fighting capability? </li></ul></ul><ul><li>Largest hidden cost of an anti-spam solution </li></ul>Look for: Zero Administration
    13. 13. Lowest False Positives <ul><li>BAS has the industry’s lowest false positive rate </li></ul><ul><ul><li>Brightmail is 99.9999% accurate (1 in 1 million) </li></ul></ul><ul><ul><li>10x fewer then the closest competitor </li></ul></ul><ul><li>Why are we the lowest? </li></ul><ul><ul><li>Brightmail will NOT introduce a technology without accuracy </li></ul></ul><ul><ul><li>Competitors taking quickest approach to effectiveness </li></ul></ul>Look for: 1 in 1 million false positives
    14. 14. Catch the Most Spam <ul><li>Multiple technologies for complete spam defense </li></ul><ul><ul><li>There is no silver bullet anti-spam technology </li></ul></ul><ul><ul><li>Different filters effective against different types of spam </li></ul></ul><ul><ul><li>With multi-layer solutions spammers must avoid each layer </li></ul></ul><ul><li>Innovation & global coverage </li></ul><ul><ul><li>Need to constantly innovate to stay ahead of spammers </li></ul></ul><ul><ul><li>Ability to filter foreign language spam effectively </li></ul></ul>Look for: 95% Catch Rate
    15. 15. Symantec Brightmail Anti-Spam Customers Enterprise Service Provider
    16. 16. Product Review and Industry Analyst Validation &quot; A benchmark in the field … … 95 to 96 percent effective Easy to install and maintain “ Brightmail caught the highest %of spam and had the lowest false-positive rate of any of the products tested.” “… a real &quot;set and forget&quot; system. “ Brightmail Anti-Spam's false-positive score speaks for itself… Brightmail Anti Spam is the best answer we know of.” Positioned in the “ Leaders ” Quadrant - Magic Quadrant for Enterprise Spam Filtering - Gartner Research, 2004 “ Brightmail, the leading provider of AntiSpam software, achieves a 1-message-in-1-million false positive rate. ” – Yankee Group 2004
    17. 17. Info World Article Review
    18. 19. Architecture, Deployment, Sizing
    19. 20. What is Brightmail 6.0 (BAS)? <ul><li>Not an MTA </li></ul><ul><li>Integrates with industry standard MTA’s </li></ul><ul><li>Centralised Management / Reporting </li></ul><ul><li>Not a Content Filtering engine (Attachments) </li></ul><ul><li>Has AV scanning capabilities </li></ul><ul><li>Multiple Operating Systems supported </li></ul><ul><li>Deployed anywhere within your messaging topology </li></ul>
    20. 21. Key Features Flexible Spam Handling • Modify subject line or header • Delete • Forward to email address for review • Administrator Quarantine Per-User Quarantines • Web-based quarantine • Groupware quarantines - Exchange and Domino Customized Mail Policies • Group Policies • Adjustable spam thresholds Per User Spam Control • Allow/Block lists • Language preference • Submissions Powerful Administration • Web-based Control Center • Global management of multiple servers • Centralized granular reporting • Assignable administrator privileges • Alerts Flexible Architecture • Multiple LDAP integrations • Multiple MTA integrations Content Filtering • Block Lists • Allow Lists • Custom Filters Editor Complete Threat Protection • Anti-Virus – Optional module
    21. 22. High-level Architecture Symantec Operations Customer Site
    22. 23. Spam Analysis and Operations: the BLOC
    23. 24. Flexible Deployment <ul><li>Install components on one or many machines </li></ul><ul><li>Deploy where you want (gateway, relay, or mailbox server) </li></ul><ul><li>Choose Quarantine option (Web-based or email client-based) </li></ul><ul><li>Incorporate end-user tools and features with Outlook Plug-in </li></ul>
    24. 25. Scalability <ul><li>Brightmail Anti-Spam scalability proof points </li></ul><ul><ul><li>On a single CPU </li></ul></ul><ul><ul><ul><li>Linux server, handles around 25 messages/sec </li></ul></ul></ul><ul><ul><ul><li>e.g. 25 x 3600 = 9000 messages/hour </li></ul></ul></ul><ul><ul><ul><li>9000 x 9 = 81000 messages / business day </li></ul></ul></ul><ul><ul><li>Additional performance through more CPUs or more servers at no additional cost (BAS is licensed per user) </li></ul></ul>
    25. 26. Filtering Technologies
    26. 27. Defending Against Spam: a Multi-layered Approach
    27. 28. Points to Remember <ul><li>Technology </li></ul><ul><ul><li>Custom Rules </li></ul></ul><ul><ul><li>Regular Expression (Header & Body) </li></ul></ul><ul><ul><li>Reputation Service </li></ul></ul><ul><ul><li>Hashing (Body & URL’s) </li></ul></ul><ul><ul><li>URL Filtering </li></ul></ul><ul><ul><li>Heuristics </li></ul></ul><ul><li>Language Support </li></ul><ul><ul><li>Chinese </li></ul></ul><ul><ul><li>Dutch </li></ul></ul><ul><ul><li>English </li></ul></ul><ul><ul><li>French </li></ul></ul><ul><ul><li>German </li></ul></ul><ul><ul><li>Italian </li></ul></ul><ul><ul><li>Japanese </li></ul></ul><ul><ul><li>Korean </li></ul></ul><ul><ul><li>Portuguese </li></ul></ul><ul><ul><li>Russian </li></ul></ul><ul><ul><li>Spanish </li></ul></ul>
    28. 29. Brightmail Scanner
    29. 30. What is the Brightmail Scanner? <ul><li>The Brightmail Scanner is one of the key software components that powers Brightmail Anti-Spam </li></ul><ul><li>Communicates with your MTA (doesn’t replace it) </li></ul><ul><li>Receives updated filters from the BLOC </li></ul><ul><li>Examines incoming messages for spam, viruses, email threats, and special content </li></ul><ul><li>Produces a verdict for a message </li></ul><ul><li>Server component that filters mail and returns verdict </li></ul><ul><li>Filtering engine </li></ul><ul><li>Conduit component that manages statistics and updated filters </li></ul><ul><li>Client component that integrates with MTA (optional) </li></ul>What it Does What it Includes
    30. 31. Secure Filter Transmission Polls for new filters every minute <ul><li>New filters are: </li></ul><ul><li>Downloaded via HTTPS </li></ul><ul><li>Available every 10 minutes </li></ul>Each Scanner retrieves its own filters 40-50KB Future downloads (updates only) 10-15MB First complete set of filters Filter Download Sizes
    31. 32. Platform and Mail Server Support Sendmail 8.12 Sendmail Switch 3.1 Exim Postfix 2.1.3 QMail Sun Messaging Server 5.2/6.0 Solaris 8 Solaris 9 Solaris Sendmail 8.12 Enterprise Linux ES 3.0 Enterprise Linux AS 3.0 Linux (Red Hat) Microsoft IIS SMTP* Exchange 2000 Exchange 2003 Windows 2000 Server Windows Server 2003 Windows MTA Support Version Platform * Other MTAs, including Exchange 5.5 and Domino, can be supported in a relay configuration. To enable this support, Brightmail Anti-Spam is installed on an upstream machine with the IIS SMTP Service relaying filtered mail to the target MTA. Sendmail 8.12 Linux 9.1 Linux (SuSe)
    32. 33. Control Center
    33. 34. Brightmail Control Center <ul><li>Web-based interface for: </li></ul><ul><ul><li>Centralized management </li></ul></ul><ul><ul><ul><li>Push settings out </li></ul></ul></ul><ul><ul><ul><li>Pull logging back </li></ul></ul></ul><ul><ul><li>Web quarantine </li></ul></ul><ul><ul><ul><li>Administrator interface </li></ul></ul></ul><ul><ul><ul><li>End user interface </li></ul></ul></ul><ul><ul><li>Monitoring </li></ul></ul><ul><ul><ul><li>Summary dashboard </li></ul></ul></ul><ul><ul><ul><li>Per-machine status </li></ul></ul></ul><ul><ul><ul><li>Logs </li></ul></ul></ul><ul><ul><ul><li>Statistics and reports </li></ul></ul></ul>
    34. 35. Brightmail Control Center Settings Create list of blocked senders Create list of allowed senders Adjust threshold for filtering aggressiveness Choose reputation filters to employ Enable language identification features Migrate settings from previous releases Set up alert triggers Work with consolidated reports View consolidated and individual logs Set up group policies Set up and view Web Quarantine Work with Brightmail Scanners Identify external mail servers Add admins with specific privileges Set up antivirus filtering Create custom content filters Change LDAP settings <ul><li>Embedded Tomcat </li></ul><ul><li>Embedded MySQL </li></ul><ul><li>Brightmail Software </li></ul><ul><ul><li>Web Pages </li></ul></ul><ul><ul><li>SMTP Listener </li></ul></ul><ul><ul><li>Expunger </li></ul></ul><ul><ul><li>Notifier </li></ul></ul>Complete Solution
    35. 36. Spam Scoring <ul><li>Each spam message given a score </li></ul><ul><li>Messages over 90 are given “spam” verdict </li></ul><ul><li>Administrators can turn on/off suspect spam threshold </li></ul><ul><li>Administrators can define lower end of suspect spam </li></ul><ul><li>In policies, administrators can set different actions for spam and suspect spam </li></ul>
    36. 37. Detailed Reporting <ul><li>Multiple reporting categories </li></ul><ul><ul><li>Processed, spam, suspected spam, allowed/blocked messages, and viruses </li></ul></ul><ul><li>Reporting by multiple criteria </li></ul><ul><ul><li>Recipient </li></ul></ul><ul><ul><li>Sender </li></ul></ul><ul><ul><li>Recipient Domain </li></ul></ul><ul><ul><li>Sender Domain </li></ul></ul><ul><ul><li>IP Connection etc. </li></ul></ul><ul><li>Benefits </li></ul><ul><ul><li>19 reports available </li></ul></ul><ul><ul><li>Report viewer in Control Center </li></ul></ul><ul><ul><li>Generate as needed or pre-set intervals </li></ul></ul><ul><ul><li>Export to multiple formats </li></ul></ul>
    37. 38. Group Policies
    38. 39. Group Policies <ul><li>All email domains </li></ul><ul><li>Sub domains </li></ul><ul><li>Individual users </li></ul><ul><li>Wildcard Support </li></ul>Multiple Types of Members <ul><li>Spam </li></ul><ul><li>Suspect Spam </li></ul><ul><li>Blocked Sender </li></ul><ul><li>Allowed Sender </li></ul><ul><li>Virus </li></ul><ul><li>Worm </li></ul>Six Email Categories <ul><li>Delete </li></ul><ul><li>Mark up message subject </li></ul><ul><li>Mark up message header </li></ul><ul><li>Forward to an email address </li></ul><ul><li>Save to disk </li></ul><ul><li>Deliver normally </li></ul>Six Verdicts
    39. 40. <ul><li>Communication </li></ul><ul><ul><li>HTTPS between Scanner and Control Center </li></ul></ul><ul><ul><li>HTTPS between administrator, end users, Control Center (Optional) </li></ul></ul><ul><li>Administrator Privileges </li></ul><ul><ul><li>Support for multiple administrators </li></ul></ul><ul><ul><li>Different privileges for different administrators (Some access only quarantine, others can change server settings) </li></ul></ul><ul><li>End User Authentication Via LDAP to </li></ul><ul><ul><li>Active Directory </li></ul></ul><ul><ul><li>Exchange 5.5 </li></ul></ul><ul><ul><li>SunOne </li></ul></ul>Control Center Security
    40. 41. LDAP Capabilities and Features <ul><li>Alias Expansion </li></ul><ul><ul><li>Quarantine automatically resolves all aliases and delivers messages to the quarantine account for the underlying email address. </li></ul></ul><ul><li>Quarantine can access LDAP directories such as: </li></ul><ul><ul><li>Active Directory (Exchange 2000 and Exchange 2003) </li></ul></ul><ul><ul><li>Exchange 5.5 </li></ul></ul><ul><ul><li>Sun ONE Directory Server </li></ul></ul><ul><li>Customisable LDAP attributes </li></ul><ul><ul><li>Fully-configurable LDAP query settings and attributes to match your LDAP schema. </li></ul></ul>
    41. 42. System Alerts <ul><li>Immediate notification when certain operating conditions arise </li></ul><ul><li>Sends email alerts to administrators or other parties </li></ul><ul><li>Applicable conditions: </li></ul><ul><ul><li>A Brightmail component is not responding or working </li></ul></ul><ul><ul><li>Anti-spam filters are older than a specified time </li></ul></ul><ul><ul><li>Anti-virus filters are older than a specified time </li></ul></ul><ul><ul><li>Brightmail Quarantine is low on disk space. </li></ul></ul>
    42. 43. Enhanced Web-based Quarantine <ul><li>Spam stored centrally at gateway; not passed through network </li></ul><ul><li>End users notified daily/weekly about new spam </li></ul><ul><li>Centralized message purging after x days </li></ul><ul><li>Can “release” quarantined messages to user(s) inbox </li></ul><ul><li>End users can access quarantine at any time </li></ul><ul><li>Search functionality for both administrators and end-users </li></ul>Benefits
    43. 44. Sample Quarantine Screenshots
    44. 45. Folder Agents
    45. 46. Exchange Spam Folder Agent <ul><li>Quarantine that lives in Exchange </li></ul><ul><ul><li>End users can access from their mail client </li></ul></ul><ul><ul><li>Appears as a mail folder </li></ul></ul><ul><ul><li>Software installed on each Exchange server </li></ul></ul><ul><ul><li>Creates a “Spam” folder for each user </li></ul></ul><ul><ul><li>Administrator defines number of days to hold spam before deleting </li></ul></ul>
    46. 47. Domino Agent <ul><li>Creates a “Spam” folder for each user in the system </li></ul><ul><li>Administrator can set how many days before deleting spam </li></ul><ul><li>Message Submission </li></ul><ul><ul><li>Single click submission of missed spam & false positives to Brightmail </li></ul></ul><ul><ul><li>Missed spam -> Probe Network </li></ul></ul><ul><ul><li>Potential false positive -> Reviewed by a BLOC Technician </li></ul></ul>
    47. 48. Brightmail Plug-in for Outlook
    48. 49. Brightmail Plug-in for Outlook <ul><li>Provide powerful spam management tools for your users </li></ul><ul><li>Empower users to take control of their inboxes </li></ul><ul><li>Single click submissions of misidentified messages </li></ul>
    49. 50. Symantec Mail Security 8200 Series
    50. 51. High-level Overview *Under testing, subject to change The most accurate email security appliance powered by the award-winning, industry-leading Brightmail AntiSpam technology from Symantec, the global leader in Information Security   Antivirus Limited Limited Traffic shaping   Antispam Over 1,000 Users 100-1,000 Users Customer segment Hard disk, power supply, fans 73 GB 1U 8260 40 GB Storage Hard disk Redundancy 1U Form factor 8240 Model
    51. 52. Appliance Platform Highlights <ul><li>Symantec Branded Product (no overt reference to OEM) </li></ul><ul><li>Based on OEM Hardware from Dell </li></ul><ul><ul><li>High Performance: Intel CPUs </li></ul></ul><ul><ul><li>High Quality: Field Failure rates < 1% </li></ul></ul><ul><ul><li>High Resiliency: Built in Redundant Parts </li></ul></ul><ul><li>Enterprise Class Support </li></ul><ul><ul><li>Standard HW warranty = Next Biz Day ONSITE repair* </li></ul></ul><ul><ul><li>Platinum support includes Same Day ONSITE repair* </li></ul></ul><ul><li>Quick Lead-times </li></ul><ul><ul><li>Symantec can order product at any time </li></ul></ul><ul><ul><li>Manufactured on 8-12 Day Lead-Times </li></ul></ul><ul><li>Compliant to Ship World-wide at FCS </li></ul>* Where available: some small European countries and rural areas are excluded
    52. 53. Key Features <ul><li>Appliance Form Factor </li></ul><ul><ul><li>Hardware* </li></ul></ul><ul><ul><li>Hardened Operating System* </li></ul></ul><ul><ul><li>Hardened Mail Relay* </li></ul></ul><ul><ul><li>TLS Encryption* </li></ul></ul><ul><li>Filtering Engine </li></ul><ul><ul><li>Brightmail AntiSpam </li></ul></ul><ul><ul><li>Symantec AntiVirus </li></ul></ul><ul><ul><li>Email Firewall—TurnTide Traffic Shaping* </li></ul></ul><ul><ul><li>Email Firewall—Automated Defenses* </li></ul></ul><ul><ul><li>Email Firewall—Reputation Lists </li></ul></ul><ul><ul><li>Content Filtering—Attachment Mgmt* </li></ul></ul><ul><ul><li>Content Filtering—Dictionaries* </li></ul></ul><ul><ul><li>Content Filtering—Annotations* </li></ul></ul><ul><ul><li>Content Filtering—Custom Rule Editor </li></ul></ul><ul><ul><li>SPF* </li></ul></ul><ul><li>System Management </li></ul><ul><ul><li>Web-based Administration </li></ul></ul><ul><ul><li>Global Management </li></ul></ul><ul><ul><li>Multiple Administrator Roles </li></ul></ul><ul><ul><li>Automatic Rule Updates </li></ul></ul><ul><ul><li>55 Reports (35 New)* </li></ul></ul><ul><ul><li>Software Update Mechanism* </li></ul></ul><ul><li>Mail Management </li></ul><ul><ul><li>Group Policies </li></ul></ul><ul><ul><li>Outbound Policies* </li></ul></ul><ul><ul><li>LDAP Group Policies* </li></ul></ul><ul><ul><li>16 Actions (8 New)* </li></ul></ul><ul><ul><li>Compound Actions* </li></ul></ul><ul><ul><li>End User Preferences—Block/allow list* </li></ul></ul><ul><ul><li>End User Preferences—Language* </li></ul></ul><ul><ul><li>Administrator & End User Quarantine </li></ul></ul>* Denotes new feature
    53. 54. Architecture
    54. 55. Summary Why is Brightmail the best …
    55. 56. Why is Brightmail the Best… <ul><li>The most complete e-mail security technology </li></ul><ul><ul><li>Has the most complete arsenal of anti-spam technology </li></ul></ul><ul><ul><ul><li>Heuristics, URL Rules, Source filters, Signatures etc. </li></ul></ul></ul><ul><ul><li>Symantec AV </li></ul></ul><ul><li>The most extensive anti-spam operations center </li></ul><ul><ul><li>Anti-spam filters updated every 10 minutes </li></ul></ul><ul><ul><li>BLOC is unmatched for detecting spam and rule distribution </li></ul></ul><ul><li>Complete manageability with hands off capability </li></ul><ul><ul><li>Flexible spam management & control </li></ul></ul><ul><ul><li>Powerful global management console </li></ul></ul><ul><ul><li>Integrated anti-virus and content filtering technology </li></ul></ul>
    56. 57. Thank You Kostenloser 30 Tage Download unter: http:// emea . symantec .com/ brightmail