An Introduction to the iCritical Product suite

1
An Introduction to theiCritical Product suite

• By Critical Software
• Managed Anti-spam Anti-virus for SMTP and High
  Performance HTTP/FTP Anti-virus proxy

2
Introduction

• The Critical Software security suite is designed
  to give full protection against gateway viruses
  and spam
• Enterprise gateway defence achieved by protecting
  SMTP, HTTP and FTP traffic to ensure your data is
  clean
• This is done by cutting-edge technology and the
  ability to change easily to todays security
  outbreaks without compromising delivery of
  service
• iCritical uses multiple anti-virus and anti-spam
  engines for unrivalled detection rates across
  multiple protocols.

3
Security Service

• iCritical comes as a security service with a
  dedicated team managing the updating, upgrading,
  patching and availability of your system
• The administrator can manage as much or as little
  as required, we do the rest
• What better than letting security experts manage
  the constant updating of your system to ensure
  integrity?
• iCritical has insight from many nodes, allowing
  easy detection of outbreaks. By becoming part of
  a community you will become less vulnerable
• The security service ensures the continual
  operation of your system and provides quick
  turn-around rebuild time in case of disaster
  recovery.

4
iCritical System

• Runs on a Hardened Linux Operating system with
  only custom services running
• Deployed on-site at the internet gateway (inside,
  outside or in DMZ)
• Communicates to the central system every ten
  minutes to upload logs and check for updates.
  Communication is encrypted and uses RSA
  public/private keys
• Continually monitored, including machine health,
  next hop failure, mail delivery, proxy status and
  many other attributes to ensure continual
  availability
• Is a software solution and can be deployed on as
  many machines at as many gateways as necessary at
  no extra cost

5
Multiple protocols

• For a complete anti-virus strategy it is
  imperative that companies are protecting
  SMTP/HTTP/FTP
• Protecting mail and desktops is only part of an
  effective solution
• Virus writers recognise mail systems are
  rigorously protected and are using alternative
  routes
• SMTP, HTTP and FTP are the services commonly
  configured to pass through firewalls. Protecting
  only one is not effective

6
Security suite

• The service can be deployed as single components
• mailCritical (SMTP anti-spam)
• spamCritical (anti-spam only)
• webCritical (HTTP/FTP)
• iCritical (HTTP/FTP/SMTP anti-spam)
• This allows customers to compliment existing
  infrastructure and use only necessary components
• Upgrading or downgrading a component can be done
  immediately
• Components can reside on different machines or at
  different locations

7
mailCritical

• High speed mail system receiving/delivering up to
  20 mails at a time
• Notifications to administrator/sender/recipient
• Optional footer appended to each e-mail
• 5 anti-virus engines using different techniques
  to identify unknown, in-the-lab and in-the-wild
  viruses
• File extension blocker
• Blocks mime exploits
• Blocks on recipient
• E-mail address level white/black/recipient/dump
  lists
• Custom reject size

8
spamCritical

• Subject line appending at custom threshold limit
  to compliment existing mail filtering
• Quarantine area with custom time to live
• Mails can be released at any time using on-line
  interface
• Multiple anti-spam engines for exceptional
  detection
• Administrator search on subject, to, from,
  score and release
• Optional hourly end-user notification stating
  to, from, subject, (optional) and web
  hyperlink to allow end-user to release their own
  mail, reducing administration overhead and
  litigation
• Individually profiled mail to your organisation
  system analyses general traffic dynamically
  storing common addresses alleviating false
  positives
• Uses rbl lists to deny known open relays and
  known spammers
• Our central distribution model allows blanket
  rules across all servers instantly in the event
  of new outbreaks
• Engines continually updated, changing rules to
  adapt to new variations of spam techniques

9
Why iCritical?

• Configurable fully automated system
  Administrator has extensive control over unit to
  enforce corporate security policy
• It is designed to be the most pro-active
  anti-virus and anti-spam system available
• It scans major Internet protocols effortlessly
  for a complete strategy
• It is not susceptible to viruses, ensuring
  continual operation
• It is built with the most rigorous security in
  mind
• It takes away the mundane administration of
  updating and patching all OS, anti-virus and
  anti-spam systems
• Blanket rules can be applied to all nodes
  instantly in the event of outbreak, before an
  anti-virus vendor has an update

10
mailCritical in action

• Can sit outside the network to become MX record
• Outside the network allows iCritical to bounce
  unwanted e-mail instead of receiving it and using
  bandwidth
• Bounce spam back to the spammers making them take
  you off their spam list reducing the spam problem
• Bounce mail for unwanted recipients
• Stop viruses OUTSIDE the network
• Block on Mime exploits, attachments, extensions,
  subject, etc.
• Populate White/Black/Dump lists for tailored
  accept/reject
• Gather full reports on your real mail traffic.
  Does your current system tell you how many
  e-mails have passed through, how many were
  blocked for attachments, viruses, spams, or on
  sender/recipient/date, or bounced and why?
• Relay mail only for specified domains and IP
  address
• Queues mail in the event of next hop failure

Firewall
Local Area Network
SMTP traffic
Router
iCritical
Mail Server
11
webCritical in action

• Ensures protection against downloads, web based
  e-mail, hyperlinks in spam, malicious code and
  out-of-date desktop anti-virus
• Fig 1 shows how a major virus outbreak causes
  anti-virus vendors update sites to become
  difficult to contact as many users try to
  retrieve files
• Fig 2 shows how any out-of-date desktop
  anti-virus software can browse to any infected
  site or download a virus right into the heart of
  your network bypassing all protection
• Fig 3 shows how webCritical can prevent all of
  these problems as we automate the download and
  protect the gateway for all machines
• webCritical seamlessly scans web traffic and
  caches clean pages to ensure safe web browsing
• Virus writers understand that the SMTP gateway is
  protected and are now attempting the next obvious
  protocol to infect your network, HTTP.

Fig. 1
Fig. 2
Fig. 3
12
URL Filter

• Over 40 categories to block unwanted browsing,
  saving time and bandwidth
• Access denied web page for blocked category
• Administrator populated Whitelist for category
  access override
• Administrator populated Blacklist for category
  block override

• Reporting engine logs each denial of access.
  Query based on URL, IP address, date and reason
  for being blocked

13
Problem Summary

• The Threat
• Threats are continually changing and evolving.
  Does your system day-to-day?
• HTTP/FTP
• Web based e-mail
• File Downloads
• Hyperlinks in spam
• Malicious code
• Out-of-date desktop antivirus
• SMTP
• Viruses, worms and trojans
• Spam
• Non-MX directed traffic

• The Problem
• Current systems are prone to problems due to the
  following -
• Updates
• Operating System
• Security Software
• Anti-virus software or plug-ins
• Managing and patching all of the above can be
  problematic and time consuming as these systems
  are not developed together
• Wrong Software
• Simply bolting many 3rd party products onto
  systems causes unforeseen problems and multiple
  support routes

14
Solution Summary

• Multiple anti-virus and anti-spam SMTP
• 5 different anti-virus engines
• Custom attachment blocks
• Hostname domain routing for load balancing
• Smart host capable
• Anti-Spam engine
• High detection rate
• Custom rejections at SMTP level based on
• End-user spam release capability
• Custom threshold setting
• Quarantine Area
• Mail
• Reverse DNS and blacklist checks
• Custom override for whitelist senders/domains
• Custom list for transmission disconnect (rejects
  at SMTP level for unwanted recipient address or
  sender address/domain)
• Fully Managed
• 24hr Monitoring of node
• Next-hop failure notice
• Automatic updates from vendor partners

• HTTP/FTP
• Web page components are scanned individually then
  passed through as opposed to queuing entire page
• Browser comforting for large downloads
• Unlimited download size
• Security
• All mail is scanned on-site
• Secured quarantine area local to your network not
  shared with other companies
• Anti-virus updates within 10 minutes of public
  release
• Operating System patches deployed centrally
• Configuration
• All settings and reports done from secure web
  site
• Custom settings stored off-site allowing quick
  disaster recovery
• Real-time traffic views on local node

15
The most comprehensive gateway anti-virus,
anti-spam solution

• For more information or documentation on the
  exclusive Critical Software product range please
  ask a representative or alternatively visit
  www.icritical.com