Transcript GFI MSEC PowerPoint Presentation

Email content/exploit checking &
anti-virus
GFI MailSecurity for Exchange/SMTP
Provides email content checking, exploit detection, threats analysis and anti-virus
and removes all types of email-borne threats before they can affect your email
users.
The rise of email security threats…
In 2003, email viruses, worms and Trojans caused worldwide damages worth US$
55 billion.
– Reuters, January 2004
The number of email attacks between January and June 2003 exceeded 70,000
which is about twice the rate for 2002.
– Reuters, January 2004
Research carried out by Hewlett-Packard shows that the signature update
approach is fundamentally flawed, because worms can spread faster than antivirus signature updates can be distributed.
– The Register, September 2003
“I know that some of you think a virus scanner is the answer, but I don’t trust them.
Many virus scanners were woefully slow to react when the ILOVEYOU,
AnnaKournikova, or Sircam worms appeared.”
– Mark Minasi, Windows 2000 Magazine, August 2001
Why choose GFI MailSecurity for protection?
These are some of the key reasons why GFI MailSecurity is the ideal choice to
protect against email viruses, Trojans and malware:

Multiple virus engines guarantee higher detection rate and faster response

Unique Trojan & Executable Scanner detects malicious executables without
the need for virus updates - MyDoom was detected immediately!

Exploit shield & HTML threats engine to disable email exploits & HTML scripts

Unbeatable price: $350 (25), $999 (100) and $3999 (UNL) mailboxes.
Why you need multiple virus scanning engines
The response time of a virus vendor to a new virus outbreak is critically
important (i.e. the time it takes to update and deploy the virus signature files), as a
virus could reak havoc in a matter of hours from its release. No single virus vendor
is always the fastest, so by having three virus engines your chances of getting
network protection on time increases threefold! You won't have to risk relying on a
single vendor to be the fastest each time, but instead hedge your bets on three
or more anti-virus vendors.
See this white paper for more information.
Why you need an email exploit shield
An exploit uses known vulnerabilities in applications or operating systems to
execute a program/code or circumvent security measures.
An email exploit is an exploit embedded in an email that can be executed on the
recipient’s machine when a user opens or receives an email.
The email exploit shield identifies emails that contain exploits. Examples of
viruses that used exploits are the Nimda, BadTrans.B and Klez viruses, which all
use the same exploit to propagate. An email exploit detection engine recognizes
the exploit used and can block all worms immediately and automatically, without
the need for updates.
See this white paper for more information.
Why you need a Trojan and executable scanner
Because anti-virus software is signature-based, it can only detect known viruses and
Trojans. It is therefore unable to detect new viruses or one-off Trojans as soon as
they are released. GFI MailSecurity’s Trojan and Executable Scanner takes a
different approach, it can detect unknown viruses and Trojans before they enter the
network - and before anti-virus engine vendors have issued signatures against
them.
For example, in the January 2004 MyDoom outbreak, GFI’s Trojan and executable
scanner blocked Mydoom before virus vendors had issued an update against it.
See this white paper for more information.
Why you need an HTML threats engine
HTML mail has become very popular, however it can include scripts and Active
Content, which can allow programs or code to be executed on the client machine.
GFI's patented HTML threats engine disables scripts and active content in HTML
mail, without affecting formatting or images.
See this white paper for more information.
GFI MailSecurity can be deployed in 3 ways:
1. In SMTP gateway mode as a mail relay server (email firewall). In this mode it
integrates with IIS 5 for unparalleled speed and scalability.
2. In VS API mode on Exchange 2000/2003 – scanning message stores. GFI
MailSecurity is the only content checking product that supports Exchange
2000/2003 VS API. VS API is recommended/required by Microsoft!
3. Both at the gateway level and on Exchange 2000/2003 for top security.
Configuring email content security
With GFI MailSecurity, you can configure multiple content checking and file
checking rules.
GFI MailSecurity
configuration
You can create multiple content checking rules, allowing you to set different
policies for different keywords, file types and users.
Creating a content checking rule
You can create new content checking rules and specify what to check for in the
subject or body of an email.
1. Enter keywords to
content check the
body of the email
Creating a content checking rule
Now specify what to do with the email and who to apply the rule to.
2. Quarantine, delete
or move email
3.
Optionally notify
the user and/or
log the occurrence
Creating a content checking rule
GFI MailSecurity integrates with Active Directory enabling you to set user-based
rules.
Apply the content
checking rule to one
or more users
Attachment checking
You can create attachment checking rules in the same way as content checking
rules.
Specify what
attachment types
to check
Moderating email
Once an email is quarantined, it must be approved or rejected.
This is done using the moderator client or an email client.
You can distribute the administrative load to multiple admins using a public folder.
Use the moderator client
OR approve/reject via your email client
Virus checking with multiple virus scanning
engines

GFI MailSecurity is virus engine independent - it includes multiple virus
engines, providing much greater security.

Both the Norman Virus Control & BitDefender virus engines are included. The
McAfee and/or Kaspersky virus engine can be purchased as an optional 3rd/4th
engine.

The Norman virus engine is 16-time winner of the 100% Virus Bulletin award.
BitDefender is ICSA certified.
Virus checking configuration
GFI MailSecurity supports automatic updating of signature files.
Click here to activate
virus scanning
Here you can choose to
automatically remove
all Office macros
The email exploit engine
GFI MailSecurity’s email exploit detection engine builds on GFI’s leading research
on email exploits, and safeguards you from future email viruses and attacks that
use known application or operating system exploits. GFI SecurityLabs regularly
finds new email exploits, and these are automatically downloaded by GFI
MailSecurity. GFI MailSecurity is the only email security product to detect email
exploits.
Exploit engine
configuration
The Trojan and executable scanner
GFI MailSecurity includes an advanced Trojan and executable scanner. This can
analyze what an executable does, and quarantine any executables that perform
suspicious activities. This way, potentially dangerous, unknown or one-off Trojans
can be detected before they enter your network.
GFI MailSecurity: Excellent value
GFI MailSecurity is the market leading content checking solution with over 30,000
servers installed worldwide.
It offers unmatched value for money. GFI pricing is 70% lower than competitor
prices:
No. of users
50
250
1,000
Major Competitor 1
$1,234
$4,873
$11,695
Major Competitor 2
$1,900
$9,500
$38,000
GFI MailSecurity
$550
$1,699
$3,499
Test if your email system is vulnerable to email
threats!
Is your email system vulnerable to email viruses, exploits & attacks?
Find out today using GFI’s test page: http://www.gfi.com/emailsecuritytest/
Here, you can check whether your email system is secure against threats such as
emails containing infected attachments, emails with malformed MIME headers,
HTML mails with embedded scripts & more.
What our customers say
“GFI MailSecurity for Exchange/SMTP was flawless in installation and the software
itself is actually better than some of the ‘major’ players that I have been evaluating.
I did have a chance to fully test it this weekend as the SoBig worm flooded our
servers: GFI MailSecurity stopped every single message and has performed to
higher levels than I expected.”
– Michael McKinnon, Director of Technical Operations - Equita Financial Services,
Texas, USA
“We’ve used GFI MailSecurity for Exchange now for over two years. During this
time we’ve never had a virus although many have been caught by GFI
MailSecurity’s screening of our email. Administration is easy and fast. We feel very
protected using GFI MailSecurity.”
– Paula Chesbrough S.V.P. - Eagle Bank, MA, USA
Click here for more testimonials!
Customer list
Many leading companies have chosen GFI MailSecurity for Exchange/SMTP; here
are just a few:
NASA
US Navy
USAF
Perotsystems
IBM
European Central Bank
MG Rover Group Ltd
Peugeot
Toyota
& many more!
More information and downloads
Download your FREE eval copy of GFI MailSecurity for Exchange/SMTP
For white papers on email exploits, content checking, anti-virus, anti-Trojans and
other email security issues click here
About GFI
GFI has five offices in the US, UK, Germany, Australia and Malta, and has a
worldwide network of distributors.
GFI is the developer of the market leading GFI FAXmaker, GFI MailSecurity,
GFI MailEssentials, GFI Network Server Monitor and GFI LANguard product
ranges.
GFI is a Microsoft Gold Certified Partner and has won the Microsoft Fusion
2000 (GEM) Packaged Application Partner of the Year award.
For further information, please visit our website.
Back to first slide