Transcript Slide 1

Infinigate Security Day
September 9th 2011
Marcel Kooring
Business Development Manager
Agenda
•
Introduction
•
Statistics from our yearly Work/Life survey.
•
Challenges on the Internet
– Web 2.0/Social Media
– Data Leakage
•
Benefits of the Web Gateway
•
Benefits of the Email Gateway
Web 2.0 / Social Media
2
Facebook users?
•
Raise your hand if you have a Facebook account!
3
Social Media in Denmark
• According to the European Union Denmark has 2,566,060 Facebook users
on a total population of 5,515,575 citizens!
• That is a 46,5% penetration rate.
4
Results from our work/life research
•
•
•
•
80% of managers see the business benefits of the new social Web.
48% of managers have identified Web 2.0 usage as an issue of concern at
management level.
19% of markets in 2011 report that their companies are engaged in
blocking, as opposed to 9% in 2010
There is widespread concern about Web 2.0 among managers, with 57%
expressing security concerns, 48% worried about loss of confidential data
via employees
5
Web 2.0 benefits
•
•
•
•
Wide variety of useful tools and services that people use in domestic and
business life
Communication is the most common benefit expected
Web-enabled devices and Cloud based services drive usage forward
The growth of social media for marketing is accelerating
• 41%+ Tweets per day
• Monthly Signups 52%
• 104% increase in Android apps
• 600k developers
• 900k apps
• 13B api requests per day
6
On the downside…
•
Virus proliferation is much higher on Web than on email
•
Popular websites offer a greater chance of malicious infection
•
We need Web Security Solutions to allow us to benefit from the web in a
save way!
7
Today's Challenges
Dynamic content / Web 2.0/ Social Media
Web content is not controlled by a single webmaster anymore,
Challenges:
but comes from many sources, is user generated and changes
rapidly!
•Number and types of sites increasing dramatically
web is becoming
the used
attackto
vector
of choice.
• –The
Legitimate
sites are
embed
spyware and malware
• Proxy avoidance used widely to avoid URL
Evencategorization
(large) trusted websites are being exploited
Large sites, with lots of traffic are the ideal way to
• Encrypted
end-to-end content can’t be inspected
spread malware.
• Mashups aggregate content from multiple sites
• Static URL databases are increasingly ineffective
• HTTPS is being adopted widely
Preferred attack vector
8
Spam and Malware
•
Short lived success for the good guys
9
Malware
10
Data Leakage
11
Data Leakage
The 4 main reasons of data leakage are:
1. Accidentally publishing information through Email or Web. So make sure
you check all web and email traffic
2. Malware designed to steel information. Make sure you protect yourself
from malware that is mainly distributed by web and email.
3. Hackers who break there way into networks.
4. Employees steeling information for personal gain
12
Data Leakage
•
•
•
•
It is a multi headed monster
Do not try to solve everything in one go! Pure-play DLP solutions are often
very expensive and very complex......and until today they have failed to
proof their value!
Start with the obvious and start protecting you Web and Email traffic.
Clearswift has 20 years of experience in this area and is probably one of
few companies that actually have very large, high security customers
protecting their information with Clearswifts products on a daily basis!
13
SECURE Web Gateway
Technology Overview
Unified Web and Email security that offers
easier management, shared policy and enhanced
reporting across all web and email based
communications
SECURE Web Gateway
• HTML, Web 2.0 and HTTPS traffic
• Integrated Cache, URL filtering,
Anti-Virus/Malware & SPYware
SECURE Email Gateway
• Integrated AV/Malware & Anti-SPAM
• Automated on-box encryption
15
Introduction to Clearswift
Clearswift SECURE Web Gateway
Secure and resilient platform
–Pre-built and supplied on Dell hardware.
–Deployed on own hardware or as VMware.
–Optimisation of Linux OS tuned for web gateway.
Easy to install
– Up and running in under an hour.
– Pre-configured with Default ‘Standard’ Policy.
Easy to use & manage
100% web-based GUI.
Graphical ‘drill-down’ reporting.
Automatic security software updates.
16
INBOUND THREATS
17
Complete Web Gateway protection
MIMEsweeper content-aware policy engine
– True binary signature file identification
– Suspicious script analysis
Kaspersky Anti-virus/malware
– Viruses, worms, Trojans and malicious code
Anti-spyware
Spyware “call home” prevention
Tracking Cookie detection/removal
URL filtering
– 77 categories, million of web sites
– Security Risk Group
– Malware, Phishing
– Anonymous proxies
18
Comprehensive URL filtering capabilities
•
URL Database
– Millions of sites
– 77 categories
– Daily updates
•
Real-time categoriser
– Pornography
– Anoynmizer
– Hate, violence etc.
•
Embedded URL detection
– Google & Yahoo! Cached items
– Google translation pages
19
DATA LOSS PREVENTION
20
Lexical Analysis
•
Detect and prevent document types
being uploaded
– Office, Open Office, Drawing formats
– True signature based file recognition
– Deep content inspection i.e. inside zips,
embedded in documents
•
Lexical content rules easily configured
to search for words or phrases within:
–
–
–
–
Requested URL
Documents Excel, Word, etc.
Web Page or status updates
HTTP Headers
21
Full HTTPS content scanning and certificate policy
•
Full content scanning of
HTTPS/SSL encrypted data
•
Detects malware or data
leakage in encrypted HTTPS
traffic
•
Provides policy based
certificate checking for
added protection
COMPLIANCE
Data loss templates & compliance lists
•
Predefined regular expressions for PII (Personally Identifiable Information)
and PCl (Personal Credit Information)
– National insurance number
– Credit card numbers
– Social security number
• Editable compliance dictionaries
– Gramm-Leach-Bliley Act (GLBA), Health Insurance Portability and
Accountability Act (HIPAA), Securities and Equities Commission (SEC) and
Sarbanes Oxley (SOX).
•
Benefits
– Easy to use (simply add to route)
– No configuration errors
24
Interactive and scheduled reporting
Interactive drill
downs
25
FLEXIBLE POLICIES
26
Easy to understand and use policy model
•
Policy Configuration
– User authentication with NTLM or Kerberos
– Policy based on Users, Content Rules & Routes
– The Web policy protects ‘Everyone’
• Viruses, Spyware, dangerous payloads types such as executables
• Dubious types of site such as Pornography, Hacking, etc.
• Block uploading of ‘office’ or ‘confidential’ documents
27
Personalized user feedback
•
Block Pages
– Policy violations
•
Progress Pages
– Informative feedback when
downloading large files
•
Acceptable Use Policy Page
– Users are reminded at regular
intervals with ‘Accept’ button
28
Fully conjoined policy updating
Policy
Web Gateway
Email Gateway
29
MANAGEMENT AND DEPLOYMENT
30
SNMP and SMTP alerting
31
Clearswift SECURE Email
Gateway
SECURE Email Gateway
•
Highly Scalable, Resilient Message processing suite
–
–
–
•
Keeps the Spam and Viruses out
–
–
•
Pre-built dictionaries: PCI, PII, SEC, SOX, HIPAA
On-board encryption
Prevents inappropriate usage
–
•
Multi-layer Malware control
Multi-layer Anti-spam, Phishing
Prevents sensitive data leaks and maintain
compliance
–
–
•
Security
Routing
Logging and Reporting
Pornography, profanity, copyright infringement
Granular policies to ensure collaboration with right
people
–
–
Provides consistent enforcement of AUP
AD integration
Introduction to Clearswift - America's Growth Capital 2011
34
INBOUND THREATS
35
Introduction to Clearswift - America's Growth Capital 2011
Multi-layered Malware protection system
• Email still remains a vector for viruses to propagate
• Many thousands of new viruses and variants are
created daily
ZeroHour
Kaspersky
Content
Detection
36
World class spam protection
• TRUSTmanager
– global reputation network
– Rejects 80-90% of all traffic before it
reaches your gateway
• SpamLogic
– delivers in total 99.6% accuracy rate
– Multi-engine layered defence
37
Multi-layered spam defences
80-90%+ of spam rejected
using these filters
Anti-spam
Engine
Bayesian
CURBL
Signatures
(Junk/Bulk)
LDAP
Validate
Sender
SPF
RBL
Anti-Spoof
BATV
Greylisting
Reputation
Connection/Network Level
Checks
Content Level
Checks
38
End user message release
• Web Portal to permit users to release own messages
• Digests allow end users to perform simple tasks or they can
connect to the portal 24x7 using their existing Windows credentials
• Per-user localisations: English, German, French, Italian, Spanish,
Portuguese, Japanese, Traditional and Simplified Chinese
39
DATA LOSS PREVENTION
40
Deep inspection – multiple ways to inspect message content
• Files detected using true-file type technology
• Banned file types can be blocked or stripped from messages
• Selective scanning enables searches of areas of interest
– Headers, Messages, Attachments (MS Office, Open Office, PDF,
HTML)
• Powerful search criteria
– Dictionaries for PCI, PII, Profanity, etc.
– Expressions, Regular expressions and Operators
• ImageLogic to detect registered images from distribution
41
Headers, footers and meta-data
Received: from eric ([192.168.201.1]) by prodman11.europe.clearswift.com
(8.14.1/8.14.1)
with SMTP id nB2MGP3d006083 for [email protected];
Wed, 2 Dec 2009 22:16:27 GMT
Date: Wed, 2 Dec 2009 22:16:25 GMT
Message-Id: <[email protected]>
From: <[email protected]>
To: <[email protected]>
Subject: Here is a great document
Hi Eric
This is a really document , call me on 01189 038503
Regards Alyn
Here is my site http://www.clearswift.com
42
Data loss templates
•
Predefined regular expressions for PII (Personally Identifiable Information)
and PCl (Personal Credit Information)
– National insurance number
– Credit card numbers
– Social security number
– IBAN numbers
•
Editable Compliance dictionaries
– GLBA, SOX, HIPAA, SEC, PCI, PII
43
Powerful regular expression engine
•
Powerful expression list features permit customers to build up search
patterns for detecting content leaks
•
Regular expression engine combined by boolean and positional operators
permit constructs such as
– Credit card numbers NEAR expiry dates
– Employee id AND postal code
– Reference Number FOLLOWEDBY =1 Part Number
44
COMPLIANCE
Email Encryption
• Supports PGP, S/MIME and Password Protected messages
• Allows signing, encryption and decryption of messages
• Policy based encryption, i.e. by route or by content
• Opportunistic TLS for server to server communications
• Portal based encryption
46
Encryption by direction or content
On a policy route
On a content rule
47
FLEXIBLE POLICIES
48
Easy policy model
• Contents Rules to inspect the data applied to Policy Routes that
define what is allowed over that email communication channel
49
Content Rules
•
Predefined Policy enables customers to get up and running quickly and
easily
•
Customers can build policies on
–
–
–
–
–
–
–
–
–
–
–
Encryption/Decryption* Signature validation
Active Content
Filenames
Textual Phrases in headers, body and attachments
Media Types
Spam
Unacceptable Images
Malware
Missing Managers
Message Size
Disclaimers
50
Message Tracking across peers
Track messages using
extensive criteria
Works across peer
group
Export data into CSV
file
51
Built-in Reporting
Over 70 different
reports available
Scheduled or
on-demand
52
System Alerting
Over 60 different
alarms available
SMTP and SNMP as
standard
53
CONCLUSION
54
Conclusion
•
Clearswifts technology will enable your organisation to maximise the
benefits from Web & Email while keeping out the security risks.
•
We enable a safe and controlled way of taken the full benefit from Web
2.0 and Social Media
•
Data Leakage Prevention is part of our standard offering
THANK YOU!
ANY QUESTIONS?
56