InterScan%20Messaging%20Security%20Solutions

1
InterScan Messaging Security Solutions

• Filip Demianiuk
• Technical Channel Manager Poland Baltic
  Countries
• Filip_Demianiuk_at_Trendmicro.com

2
Agenda Gateway Messaging Security

• Email Threats
• InterScan Messaging Security Solutions
• Beyond Gateway Messaging Security
• Summary and Keys to Remember

3
Email Threats
4
Spam Problem

• 75-90 of Email is Spam 1

• Spam has increased fivefold in the last couple of
  years.2
• Zombies and botnets make it easier for spammers
  and are now responsible for most spam
• Spam is evolving with new techniques like image
  spam
• Even if blocked from the inbox, letting spam into
  the network uses bandwidth, storage, and other
  network resources

1 Source Gartner Benchmarking Anti-Spam
Effectiveness. April 25, 2006 (Gartner customers
report that 75-90 of the emails they receive are
spam) 2 Source Ferris The Global Economic Impact
of Spam, 2005. February 2005 (Other statistics)
5
Virus Problem

• And the number of viruses can add up.

Viruses are only in about 2-6 of
emails.1 HOWEVER, the impact can be substantial.
2
3

• Instead of the mass virus attacks of the past,
  hackers are using viruses for monetary gain
  (often using more targeted attacks)
• Examples
• Bot code that allows hackers to use the victims
  machine to send spam or fraudulent emails
• Key-logging Trojans that collect confidential
  information

1 Source Gartner Benchmarking Anti-Spam
Effectiveness. April 25, 2006 (viruses 2-6 of
email) 2 Source Computer Economics. 2005 Malware
Report The Impact of Malicious Code Attacks.
January 2006. (Figure 1) 3 Source The Radicati
Group, Inc. Email Security Market, 2006-2010.
June 2006 (Bar Graph)
6
Phishing Problem

• Email fraud made up 4 of email in 20061
• Phishing emails spoof legitimate companies and
  attempt to steal information
• Phishing affects both individuals and
  corporations with thousands of unique phishing
  threats sent out every month
• Companies need to protect themselves from loss
  of confidential information and potential
  liability

1
Blended threats Malware and phishing
attacks Key-Logging Trojans also phish for
information Pharming Crimeware redirects users
to fraudulent Web sites to steal information
1 Source The Radicati Group, Inc. Email Security
Market, 2006-2010. June 2006 (fraud 4 of
email) 2 Source Anti-Phishing Working Group.
Retrieved from Web site http//www.antiphishing.
org/ (fraudulent email and Web site)
7
Targeted Attacks

• Unique attacks tailored for the targeted
  organization
• Viruses (such as ransom attacks)
• Spyware in Email
• Corporate Spear Phishing
• Directory Harvest Attack (DHA)
• Tries numerous variations of possible email
  addresses using a companys domain
• Goal to acquire a valid email list for the
  company
• Can use the list later for a targeted attack,
  such as a phishing, virus, spyware, or spam
  attack
• Bounced Mail Attacks
• Spoofs a legitimate company by inserting its
  domain as the email sender
• When the receiving servers bounce the email, the
  bounced emails are sent to the spoofed company,
  flooding the server and tainting the reputation
  of the innocent company

8
Data Privacy Protection

• Regulatory ComplianceRegulations impose mandates
  on data protection or privacyCan affect email
  and other digital communication
• Corporate GovernanceInternal standards or
  policies that a company uses to govern itselfIn
  this case policies for appropriate use of
  messaging
• Loss of Confidential InformationProtection
  against data leakage, whether intentional, or
  inadvertent

9
Email Security Concerns

• Spam
• Viruses
• Network Security
• Regulatory Compliance
• Corporate Governance
• Loss of Confidential Information
• Spyware
• Denial of Service Attacks
• Phishing
• Directory Harvest Attacks

1
1 Source The Radicati Group, Inc. Email Security
Market, 2006-2010. June 2006 (Bar Graph)
10
InterScan Messaging Security Solutions
11
Gateway Email Security Products

• Same superior protection in all form factors
• SOFTWARE InterScan Messaging Security Suite
  (IMSS)
• Flexible configuration options on customers own
  hardware and on multiple machines
• Solution on leading operating systems Windows,
  Linux and Solaris
• APPLIANCE InterScan Messaging Security Appliance
  (IMSA)
• Easy deployment with pre-configured software
• Redundant, high-throughput appliance optimized
  for security and performance
• HOSTED SERVICE InterScan Messaging Hosted
  Security (IMHS)
• Immediate deployment by simply redirecting the MX
  record
• Added security and bandwidth by keeping threats
  completely off the network
• Reduced hardware and software purchases and
  maintenance

12
Comprehensive Messaging Protection
Viruses, Worms, Trojans Spyware Spam Phishing Inappropriate Content
? ? ? ? ?

• Award-Winning Anti-Virus includes zero-day
  protection
• Anti-Spyware protection against spyware in email
• Multi-Tier Anti-Spam Network Reputation
  Services, IP Profiler, and our anti-spam
  composite engine for high effectiveness with low
  false positives
• Anti-Phishing reputation services, signatures,
  and heuristics aimed at phishing
• Inappropriate Content content filtering
  enforces compliance and prevents data leakage

13
Multi-Tier Anti-Spam
Highly Effective Solution

• Network Reputation Services First Defense
• Global and dynamic reputation services
• Blocks up to 80 before entering the network

• IP Profiler Patent-Pending Technology
• Customer-specific reputation services based on
  company email traffic, keeps threats off network
• Firewall against DHA and bounced mail attacks

• Anti-Spam Composite Engine Guards Inbox
• Stops any remaining spam before it enters inbox
• Integrates statistical analysis, heuristics,
  signatures, whitelists, blacklists and more
• Patent-pending image spam detection technology

14
Network Reputation Services

• Network Reputation Services
• Global Verifies IP addresses against the worlds
  largest, most trusted reputation database
• Dynamic Identifies new spam and phishing
  sources, stopping even zombies and botnets when
  they first emerge
• Fights off spam at the source
• Before it enters the gateway
• Uses email samples and sender histories to
  accurately determine the reputation
• Leaves only a small percentage of mail to be
  filtered by the traditional scanning
• Saves bandwidth, storage, and other network
  resources

15
IP Profiler

• Customer-Specific
• Reputation Services
• Spam
• Virus
• DHA Attacks
• Bounced Mail
• Customers set thresholds
• Duration emails from an IP Address are monitored
• Percentage of emails from that IP Address that
  contain the email threat
• Total mails that need to be received to be
  considered a relevant sample
• Triggering actions what happens when these
  thresholds are met (block temporarily or block
  permanently)
• Provides customer-specific reputation services
  by blocking IP addresses that exceed set
  thresholdsalso keeps threats completely off the
  network

Additional Information
16
Trend Micro Anti-Spam Composite Engine

• What is Trend Micro Anti-Spam Composite Engine?
• Trend Micro anti-spam composite engine uses a
  cocktail approach to block both spam and
  phishing emails.
• Statistical Analysis
• Advanced Heuristics
• Signature Filtering
• Whitelists/Blacklists
• Multilingual Spam Detection
• Patent-Pending Image Spam Detection Technology
• Industry Proven Technology
• Install base of over 25 million seats over the
  past four years

17
Image Spam Detection
Patent-PendingImage Spam Detection Boils down to
the core of the emailfor example, strips out
background and text colors, dimensions, and other
randomized elements Enables just a few main
signatures to stop all of the numerous variations
18
Award-Winning Antivirus and Anti-Spyware

• Antivirus Email and Attachments
• Pattern files
• Zero-day protection
• Zero-day protection applies heuristics to detect
  unknown viruses
• For example, IntelliTrap stops viruses based on
  the tools used to hide the virus and not the
  virus code itself--no signature is required
• Anti-spyware and other malware protection for
  email
• ActiveAction provides automated responses to
  viruses, spyware, and other malware

19
Anti-Phishing

• Technologies specific to phishing
• Phishing signatures
• Heuristics for phishing indicators
• Reputation services block known phishers
• Embedded URL reputation
• Customers can set
• policy rules for
• phishing emails

20
Protection from Targeted Attacks

• Technologies that prevent known attacks will not
  work (for example, signatures and reputation
  services)
• Instead we apply predictive techniques--zero-day
  protection, heuristics, and behavior analysis
• Antivirus prevents virus attacks aimed at
  specific organizations (for example, ransom
  attacks)
• Anti-spyware stops the more targeted spyware
  attacks sent through email.
• DHA and bounced mail protection (IP Profiler)
  protects against bounced mail attacks
  anddirectory harvest attacks, which can result
  inadditional targeted attacks
• Anti-phishing blocks corporate spear phishing

21
Data Privacy and Protection

• Enforce Content Compliance
• Minimize legal liability
• Comply with regulations (SOX, HIPAA, )
• Support internal messaging standards
• Prevent data leakage
• Antivirus stops any malware sent by email that
  could potentially damage or corrupt data.
• Anti-phishing helps to prevent the theft of
  confidential information.
• Anti-spyware stops the potentially more targeted
  attacks sent by email which attempt to steal
  corporate data.
• Flexible content filtering enables the efficient
  inspection of messages to ensure that data does
  not improperly leave the organization.

22
Content Filtering

• Inbound and outbound content filters scan emails
  and attachments
• Specify Protected Content
• Attachment characteristics (true file type,
  name, size, etc.)
• Keywords, lexicons, and preset dictionaries
• Customize with Boolean and regular expressions
• Select Authorized Senders or Recipients
• Company-wide, department, group, or individual
• Designate Appropriate Enforcement
• Delete, quarantine, notify, postpone, pass,
  encrypt with TLS, or archive
• Add company specific legal disclaimers to email
  text

23
Easy Management

• High performance
• Highly scalable solution
• Single Web-based management console
• Centralized policy, quarantine, archive,
  logging, and reporting
• Delegated administration
• Message tracking with flexible search criteria
• End-User Quarantine

24
Policy Reporting Enhancements

• Policies
• Intuitive policy creation
• Inbound or outbound or both
• Select what to filter
• Select the action
• Review and assign order
• Reports
• One-time and scheduled reports
• Reports on mail traffic, viruses, spam, content,
  policy, Network ReputationServices, and IP
  Profiler

25
Return on Investment

• Keeps threats out of the inboxincreasing
  productivity and preventing staff from falling
  victim to malware and phishing
• End-User Quarantine and quarantine notification
  emails allow users to efficiently manage their
  own spam
• Messaging tracking and reports provide detailed
  system views
• Single Web console, LDAP integration, and
  delegated administration make management easy,
  freeing IT staff
• End-user spam management reduces the burden on IT
• Stopping threats at the perimeter, often before
  they even enter the gateway (using reputation
  and/or hosted services)
• Solutions provide security and preserve
  bandwidth, storage, and other network resources
• Data protection helps reduce legal fees and
  settlements, retain customers, and preserve the
  company reputation

26
Beyond Gateway Email Security
27
Layered Messaging Security
28
Trend Micro Enterprise Protection Strategy A
Complete Network Security Framework
29
Summary and Key Points to Remember
30
Summary and Key Points

• InterScan Messaging Security solutions offer
  integrated, comprehensive security at the
  enterprise perimeter
• All email pain points are addressed
• Multi-tier anti-spam with cutting-edge,
  patent-pending technologies
• Award-winning antivirus with zero-day protection
  and anti-spyware
• Anti-phishing with phishing-specific technologies
• Targeted attack prevention using predictive
  techniques
• Data protection to enforce compliance and prevent
  data leakage
• Minimizes risks and costs, providing high return
  on investment
• The solutions are optimized to keep threats off
  the network, increasing security and network
  resources
• Easy management reduces the burden in IT staff,
  freeing them for other projects
• Data security helps stop data leakage, reduce
  legal fees and settlements, retain customers, and
  preserve the company reputation, mitigating these
  business risks

31
Gateway Security Leader

• Trend Micro pioneered gateway antivirus security
  and is the market share leader IDC1
• Having been founded in 1988, Trend Micro has
  nearly two decades of experience in the
  enterprise, service provider, mid-sized, SOHO and
  consumer security market. With many years of
  success behind it, the company has grown to be a
  current global leader in network security
  Radicati 2
• Trend Micro started in antivirus and has expanded
  into a comprehensive network security company,
  providing a strong, unified defense for its
  customers.

1 IDC, Worldwide Antivirus 20062010 Forecast
Update and 2005 Vendor Analysis, Doc 204715,
Dec 2006 2 Source The Radicati Group, Inc.
Email Security Market, 2006-2010. June 2006
32
Appendix
33
Product Levels

• Threat protection is packaged in different levels
• IMHS Standard complete inbound protection
  with streamlined managementIMHS Advanced
  granular access and control for inbound and
  outbound traffic with flexible content filtering,
  similar to IMSS and IMSA

34
IP Profiler

• Firewall against DHA and Bounced Mail Attacks
• IP Profiler applies additional information to
  block directory harvest attacks
• Number of recipients that can be listed in an
  email
• Number of non-existing recipients (this
  technology is LDAP integrated)
• IP Profiler also conducts other behavioral
• analysis to block DHAs

Back to Main IP Profiler Slide
35
IP Profiler How It Works

• Records all inbound and outbound SMTP traffic
• Reports records on email traffic from each IP
  Address to a database
• The emails are scanned by the anti-spam composite
  engine
• The results of the scanning engine are reported
  to the database
• The traffic from the IP Address is profiled by
  cross referencing the recorded traffic with the
  scanning results
• For example, total messaging from the IP Address
  vs. spam messages from the IP Address
• This outcome is compared against the user
  thresholds
• If the outcome exceeds the thresholds, the
  trigger action is applied Block Permanently (SMTP
  5xx) or Block Temporarily (SMTP 4xx)

Back to Main IP Profiler Slide
36
IP Profiler Management

• Manage currently
• monitored
• IP Addresses
• Display Logs
• Total spam emails
• Total malicious attempts
• Total connections
• Percentage of malicious attempt in the overall
  number of connections

Administrators can select IP Addresses and
permanently or temporarily block these IP
Addresses Can create global white/black lists for
IP/Domains which will apply to both NRS and IP
Profiler
Back to Main IP Profiler Slide