Академический Документы
Профессиональный Документы
Культура Документы
2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential Wincor-World 2008 2006 Michael Klausmeyer, Cisco Systems, Inc. All rights reserved.
Cisco Confidential
Agenda
About Cisco IronPort. Market Leadership. Our Technology. Why Cisco IronPort 3 Key Reasons.
Wincor-World 2008 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential 2006 Michael Klausmeyer, Cisco Systems, Inc. All rights reserved.
Cisco Confidential
About IronPort
The leading provider of anti-spam, anti-virus and anti-malware appliances. Founded in 2000. Part of the Cisco Security Technology Business Unit since mid 2007. Protects 12/15 of the worlds largest ISPs, 56% of the Fortune 100. Powered by Senderbase, the worlds largest threat detection database. No 1 Market Share position in Email Appliance Market.
Wincor-World 2008 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential 2006 Michael Klausmeyer, Cisco Systems, Inc. All rights reserved.
Cisco Confidential
Wincor-World 2008 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential 2006 Michael Klausmeyer, Cisco Systems, Inc. All rights reserved.
Cisco Confidential
Customer Leadership UK
Wincor-World 2008 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential 2006 Michael Klausmeyer, Cisco Systems, Inc. All rights reserved.
Cisco Confidential
ENCRYPTION
Appliance
EMAIL
Security Appliance
WEB
Security Appliance
CLIENTS
Network Level
FWSM
ASA 5500
Corporate HQ
IPS 4200
ASA 5500
Branch Office
Cisco IronPort Blocker/ C-Series
ISR
ASA 5500
Centralized Management
Teleworker
Clientless Network Access Cisco AnyConnect VPN Client
Wincor-World 2008 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential 2006 Michael Klausmeyer, Cisco Systems, Inc. All rights reserved.
Cisco Confidential
Email Security
Adjacent Market Segment Strategy
Appliance
Barracuda
Cisco/IronPort Symantec
Message Labs
Enterprise
Wincor-World 2008 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential 2006 Michael Klausmeyer, Cisco Systems, Inc. All rights reserved.
Cisco Confidential
Why IronPort ?
1. Spam management
Wincor-World 2008 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential 2006 Michael Klausmeyer, Cisco Systems, Inc. All rights reserved.
Cisco Confidential
10
Wincor-World 2008 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential 2006 Michael Klausmeyer, Cisco Systems, Inc. All rights reserved.
Cisco Confidential
11
More Spammers
More Spammers with Botnetcompromised hosts send spam Malware sophistication increasing
Wincor-World 2008 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential 2006 Michael Klausmeyer, Cisco Systems, Inc. All rights reserved.
Cisco Confidential
12
Spam has undergone a significant evolution in 2008sophisticated online criminals have been using smaller phishing campaigns aimed at more targeted groups of recipients to great effect.
Wincor-World 2008 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential 2006 Michael Klausmeyer, Cisco Systems, Inc. All rights reserved.
13
Wincor-World 2008 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential 2006 Michael Klausmeyer, Cisco Systems, Inc. All rights reserved.
Cisco Confidential
14
Wincor-World 2008 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential 2006 Michael Klausmeyer, Cisco Systems, Inc. All rights reserved.
Cisco Confidential
15
Spammer X
Pharmaceutical spam sales results. 1 day of sales from 2006. 40 million spam sent
Spam Sent Click through ratio Total Click-throughs Click-through to sale ratio Total Sales Total Sales Revenue Spammer Commision Rate Total Spammer Income Weekly Running Costs Bulletproof hosting 4 days of Botnet Access Email Addresses Total Costs $ 40,000,000 0.12% 48000 1/200 240 37,440.00 50% 18,720.00
62%
Net Profit
7,690.00
Cisco Confidential
Wincor-World 2008 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential 2006 Michael Klausmeyer, Cisco Systems, Inc. All rights reserved.
16
IronPort Anti-Spam
Lowest False Positive Rate
Wincor-World 2008 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential 2006 Michael Klausmeyer, Cisco Systems, Inc. All rights reserved.
Cisco Confidential
17
IronPort Anti-Spam
Lowest False Positive Rate
Wincor-World 2008 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential 2006 Michael Klausmeyer, Cisco Systems, Inc. All rights reserved.
Cisco Confidential
18
IronPort SenderBase
IronPort WEB
Security Appliances
Wincor-World 2008 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential 2006 Michael Klausmeyer, Cisco Systems, Inc. All rights reserved.
Cisco Confidential
19
Spam Traps
Global Volume Data Over 100,000 organizations, email traffic, web traffic
Other Data Fortune 1000, length of sending history, location, where the domain is hosted, how long has it been registered, how long has the site been up
SenderBase
Wincor-World 2008 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential 2006 Michael Klausmeyer, Cisco Systems, Inc. All rights reserved.
Cisco Confidential
20
Verdict: UNKNOWN
Wincor-World 2008 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential 2006 Michael Klausmeyer, Cisco Systems, Inc. All rights reserved.
Cisco Confidential
21
Verdict: BLOCK
Wincor-World 2008 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential 2006 Michael Klausmeyer, Cisco Systems, Inc. All rights reserved.
Cisco Confidential
22
Wincor-World 2008 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential 2006 Michael Klausmeyer, Cisco Systems, Inc. All rights reserved.
Cisco Confidential
23
Why IronPort
Wincor-World 2008 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential 2006 Michael Klausmeyer, Cisco Systems, Inc. All rights reserved.
Cisco Confidential
24
Wincor-World 2008 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential 2006 Michael Klausmeyer, Cisco Systems, Inc. All rights reserved.
Cisco Confidential
25
Wincor-World 2008 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential 2006 Michael Klausmeyer, Cisco Systems, Inc. All rights reserved.
Cisco Confidential
26
*Source: IronPort TOC ** Source: White Wincor-World 2008 Hat Security, Website Sec Statistics Report 10/2007 & PPT 8/2008
2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential 2006 Michael Klausmeyer, Cisco Systems, Inc. All rights reserved. Cisco Confidential
27
Wincor-World 2008 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential 2006 Michael Klausmeyer, Cisco Systems, Inc. All rights reserved.
Cisco Confidential
28
Wincor-World 2008 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential 2006 Michael Klausmeyer, Cisco Systems, Inc. All rights reserved.
Cisco Confidential
29
Wincor-World 2008 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential 2006 Michael Klausmeyer, Cisco Systems, Inc. All rights reserved.
Cisco Confidential
30
Fake anti-spyware web site that claims to offer free spyware protection User downloads free scanner, gets infected with a malware
Wincor-World 2008 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential 2006 Michael Klausmeyer, Cisco Systems, Inc. All rights reserved.
Cisco Confidential
31
Social Engineering
continues
Fake anti-spyware Website that claims to offer free spyware protection Users download free scanner, gets infected with a malicious Trojan This is an example of a Botsite using social engineering techniques
Wincor-World 2008 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential 2006 Michael Klausmeyer, Cisco Systems, Inc. All rights reserved. Cisco Confidential
32
http://85.17.166.229/ also contains links to other malicious sites, like: platinumpartner.com (see next slide) WBRS blocked at -9.0
Wincor-World 2008 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential 2006 Michael Klausmeyer, Cisco Systems, Inc. All rights reserved. Cisco Confidential
33
Wincor-World 2008 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential 2006 Michael Klausmeyer, Cisco Systems, Inc. All rights reserved.
Cisco Confidential
34
URL Filtering
Signature Scanners
35
Wincor-World 2008 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential 2006 Michael Klausmeyer, Cisco Systems, Inc. All rights reserved.
Cisco Confidential
36
Enterprise-class database
52 categories, over 21 million sites, ~3.5 billion webpages 1/3 of the database is international
Advertisements & Pop-ups Arts Blogs & Forums Business Chat Computing & Internet Infrastructure Downloads Intimate Apparel & Swimwear Education Entertainment Job Search & Career Development
Categories
Fashion & Beauty Kids Sites Motor Vehicles Finance & Investment Food & Dining Games Government News Peer-to-Peer Personals & Dating
Health & Medicine Philanthropic & Professional Orgs. Hobbies & Recreation Photo Searches Hosting Sites Politics Proxies & Translators Real Estate Reference
Wincor-World 2008 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential 2006 Michael Klausmeyer, Cisco Systems, Inc. All rights reserved.
Cisco Confidential
37
Wincor-World 2008 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential 2006 Michael Klausmeyer, Cisco Systems, Inc. All rights reserved.
Cisco Confidential
38
Why IronPort ?
Wincor-World 2008 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential 2006 Michael Klausmeyer, Cisco Systems, Inc. All rights reserved.
Cisco Confidential
39
Wincor-World 2008 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential 2006 Michael Klausmeyer, Cisco Systems, Inc. All rights reserved.
Cisco Confidential
40
Source: http://attrition.org/dataloss/
2006: 2007 To Date: 346 incidents 224 and counting
$182
Wincor-World 2008 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential 2006 Michael Klausmeyer, Cisco Systems, Inc. All rights reserved.
Cisco Confidential
41
?
Total Cost of Ownership
No Single Solution has Been Able to Overcome the Major Obstacles
Wincor-World 2008 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential 2006 Michael Klausmeyer, Cisco Systems, Inc. All rights reserved.
Cisco Confidential
42
Automated user enrollment and account creation User authentication and key delivery Message Tracking Secure Reply NEVER stores email message highest security
Cisco Confidential
Wincor-World 2008 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential 2006 Michael Klausmeyer, Cisco Systems, Inc. All rights reserved.
43
Wincor-World 2008 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential 2006 Michael Klausmeyer, Cisco Systems, Inc. All rights reserved.
Cisco Confidential
44
New Technologies
Web Usage Controls DLP over FTP and HTTP Scansafe Acquisition
Wincor-World 2008 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential 2006 Michael Klausmeyer, Cisco Systems, Inc. All rights reserved.
Cisco Confidential
45
New Technology
Wincor-World 2008 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential 2006 Michael Klausmeyer, Cisco Systems, Inc. All rights reserved.
Cisco Confidential
46
Customer Problem
Wincor-World 2008 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential 2006 Michael Klausmeyer, Cisco Systems, Inc. All rights reserved.
Cisco Confidential
47
Wincor-World 2008 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential 2006 Michael Klausmeyer, Cisco Systems, Inc. All rights reserved.
Cisco Confidential
48
www.sportsbook.com/
URL Database
Gambling
Uncategorized
OBSCENE
ADULT
PORN
GAMBLING
Wincor-World 2008 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential 2006 Michael Klausmeyer, Cisco Systems, Inc. All rights reserved.
Cisco Confidential
49
www.sportsbook.com/
URL Database
Gambling
Uncategorized
Wincor-World 2008 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential 2006 Michael Klausmeyer, Cisco Systems, Inc. All rights reserved.
Cisco Confidential
50
Uncategorized Uncategorized
Wincor-World 2008 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential 2006 Michael Klausmeyer, Cisco Systems, Inc. All rights reserved.
Cisco Confidential
51
Control
Per user, per group policies Multiple actions: block, warn, monitor Time-based policies Unlimited custom categories Custom end-user notifications
Visibility
Easy to understand reports Extensive logging Comprehensive alerting
Efficacy
200+ countries 50+ languages 65 categories Less than 1 in 1 million false positives
Wincor-World 2008 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential 2006 Michael Klausmeyer, Cisco Systems, Inc. All rights reserved.
Cisco Confidential
52
Competitive Snapshot
Vendor
z z z z
Wincor-World 2008 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential 2006 Michael Klausmeyer, Cisco Systems, Inc. All rights reserved.
Tuned to identify objectionable content on the Internet. Not available in WebSense Enterprise/Security. Only available on V10000 appliance. Not on-box. DRTR forwards uncategorized sites for in-cloud categorization, which introduces latency for end users.
No dynamic categorization.
Cisco Confidential
53
New Technology
Wincor-World 2008 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential 2006 Michael Klausmeyer, Cisco Systems, Inc. All rights reserved.
Cisco Confidential
54
DLP overview
At recent Forester event, only 20% of CSOs planning to deploy DLP in 2010. None were planning it in 2009 80% of all DLP issues relate to sensitive data being lost across SMTP (Email) and HTTP (Web)
Wincor-World 2008 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential 2006 Michael Klausmeyer, Cisco Systems, Inc. All rights reserved.
Cisco Confidential
55
Multi-protocol
HTTP(s), FTP, HTTP tunneled
www.mypartner.com
Allow, Block, Log
Internet
Users
www.malwarrior.com
Wincor-World 2008 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential 2006 Michael Klausmeyer, Cisco Systems, Inc. All rights reserved.
Cisco Confidential
56
What?
FiscalPlan.xls
FiscalPlan.xls
CustomerList.doc
Where?
Webmail.com
Taxfirm.com
How?
HTTPS (Encrypted)
HTTPS (Encrypted)
FTP
Verdict
Wincor-World 2008 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential 2006 Michael Klausmeyer, Cisco Systems, Inc. All rights reserved. Cisco Confidential
57
Wincor-World 2008 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential 2006 Michael Klausmeyer, Cisco Systems, Inc. All rights reserved.
Cisco Confidential
58
Conclusions
Anti-Spam efficacy continues to be the key driver in the Email Security Market. Traditional URL Filtering Solutions not proactive at blocking legitimate sites that are compromised. Email encryption is a major part of Ciscos DLP strategy Cisco integration helps IronPort build on its market leading position
Wincor-World 2008 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential 2006 Michael Klausmeyer, Cisco Systems, Inc. All rights reserved.
Cisco Confidential
59