Securing Email: Comprehensive Messaging Security

1
Securing Email Comprehensive Messaging Security

• Kip Trout, Proofpoint
• Regional Sales Manager

2
Agenda

• What is Messaging Security?
• Major Spam Trends
• Outbound Content Security Compliance
• The Proofpoint Solution

3
What is Messaging Security?
Security threats have always been a problem to
enterprises
Enterprise
SMTP, HTTP, IM and FTP services
4
3 Major Trends

• Rise in spam volumes
• Rise of botnets
• Rise of image- based spam

• End users believe effectiveness has declined
• Shorter, more intense, spam attacks
• Spam circumvents filters, drops true
  effectiveness

Spam continues to be a problem facing
organizations
5
Spam Volume Continues to Increase

• Continued increase
• Average spam volume
• gt 3-4x in 12 months
• Why?
• Business is expanding
• Spam is increasing
• What can you do?
• Best spam protection
• Capacity planning

6
Why Effectiveness Matters

• 2004 Now
• Volume (msg/day) 500 Thousand 2 Million 2
  Million
• Effectiveness 94 95 99
• Spam getting through 30,000 100,000 20,000
• Users 20,000 25,000 25,000
• Spam/User 1.5 spams 4 spams 0.8 spams

Better effectiveness less spam in users Inbox
fewer Help Desk calls
7
Spam Accuracy, 2006 99 Effectiveness
100 99 98 97 96
8
Spam Attacks in the Old Days
9
Spam Attacks Today Botnets
(Sends Instructions)
(Listen for Instructions)
(Receive Instructions)
(Launch Image Spam Attack)
10
Embedded Images, Often Randomized

• Possible variants are endless signatures are
  useless!
• Proofpoint MLX includes
• Image Fuzzy Matching
• Web URL Reputation

11
Image Fuzzy Matching A

• Feature Description
• GIF80 and JPG80 algorithms
• Effective against 3 image obfuscation techniques
• Randomizations in unused Color Map entries
  (invisible)
• Randomizations in bottom of image (appear as
  black lines)
• Randomization in GIF Terminator (invisible)
• Proofpoint algorithms correctly identify these
  randomizations

GIF Signature
Screen Descriptor
Global Color Map
Image Descriptor
Local Color Map
Raster (Image) Data
GIF Terminator
12
Image Fuzzy Matching B

• Feature Description
• Detects altered but similar images, even if
  alteration inside image
• Effective against 2 obfuscation techniques
• Images with randomized (pixilated) borders
• Images with randomized pixels throughout image
• Proofpoint algorithms correctly identify these
  obfuscations

13
OCR Resistant Animated GIF
Viewable image contains pump and dump spam...
but in slow motion
14
OCR Resistant Animated GIF
Note that this is a transparent GIF, but only the
parts required to complete the image are
transparent!

• Frame 1 contains broken text
• Frame 2 (transparent GIF) appears after 10ms
  completing the image
• Both images contain broken text OCR Resistant!

15
What Is the Double Tax on Spam Effectiveness?

• Tax 1 Increased volume perceived drop
• Perceived drop in effectiveness
• Volumes of spam result in higher spams in inbox
• End Users phone helpdesk
• Tax 2 Sophistication true drop
• True effectiveness decline
• Filters unable to handle image based spam
• Exchange, Notes, Groupwise servers are also taxed
• End Users phone helpdesk

16
Why Are Some Solutions Failing?

• Static technologies
• Relying on exact matches of spam senders and
  content
• New spam is dynamic in nature IPs, images,
  content
• Permutations are endless!
• Reputation
• Examples Competitors global reputation based
  solutions
• How Match sending IP addresses and rules
• Problem Image-based spam comes from botnets,
  with rotating IPs.
• Signature
• Examples Large providers of signature based
  solutions
• How Match copy of email (or partial copy)
  against database
• Problem Image-based spams random images text
  endless permutations

Proofpoints MLX technology is dynamic and
well-suited to the dynamic nature of spam
17
2007 Proofpoint-Forrester Survey

• Nearly 33 of companies employ staff to read
  outbound email.
• More than 25 of companies terminated employees
  for violating email policies.
• 56 say it is important or very important to
  reduce the risks of outbound email.
• Companies estimate nearly 1 in 5 emails contains
  content that poses a legal, financial or
  regulatory risk.

Read the Proofpoint-Forrester Research report
www.proofpoint.com/outbound
18
Recent Incidents

• Dec 2006 Texas Woman's University emails names,
  addresses and SSNs of 15,000 TWU students over a
  non-secure connection
• Nov 2006 University of Virginia Student
  Financial Services sent e-mail messages to
  students containing 632 other students' Social
  Security numbers
• Oct 2006 Bowling Green Police Dept. website has
  personal information on nearly 200 people the
  police had contact with names, Social Security,
  driver's license numbers
• Oct 2006 Republican National Committee
  inadvertently emailed a list of donors' names,
  SSNs and races to a New York Sun reporter
• Mar 2006 Google mistakenly posts internal ad
  projections
• Mar 2006 Blue Cross Blue Shield says contractor
  took 27,000 social security numbers
• Feb 2006 Slip-up spills beans on Dell notebooks

See a chronological list of security breaches at
www.privacyrights.org
Source ZDNet, Bradenton, Boston.com
19
Why is this Happening?
P(Data Loss) no. of channels
x data availability

• Email is everywhere
• 70 of corporate data lives in email
• File Servers
• Desktops
• Laptops
• USB Thumb Drives

• Email
• biggest thru 2010
• Weblogs
• HTTP (WebMail)
• FTP
• Instant Messaging
• New Channels

Source Gartner G00138425, 3/15/06
20
What to Do

• Define Policies
• Document
• Communicate
• Train
• Map Technology Solution to Requirements
• Corporate governance content
• Structured
• Unstructured
• Auto-Encrypted
• Inbound as well as Outbound
• Its not just Email anymore
• Webmail, Blogs, IM, FTP sites, too

21
Proofpoint Solution
Proofpoint Attack Response Center
Network Content Sentry
Secure Messaging
Virus Protection
Zero-Hour Anti-Virus
Spam Detection
Dynamic Reputation
Regulatory Compliance
Digital Asset Security
Web-based Management Interface Policy Engine
Smart Search
Hosted Service
Virtual Appliance
Appliance
Software
22
Over 1200 Delighted Customers

• Please contact Proofpoint directly for customer
  references, case studies, and names of industry
  leaders using Proofpoint.
• Kip Trout
• Proofpoint Sales
• 314-481-1516 office
• 314-560-3226 cell
• ktrout_at_proofpoint.com

23
Learn More

• Free Forrester Research Proofpoint Report
  Outbound Email and Content Security in Todays
  Enterprise
• www.proofpoint.com/outbound
• Free white paper on how MLX technology fights
  image-based spam
• http//www.proofpoint.com/mlxwp

24
Download a Trial Version
www.proofpoint.com/trial
Kip Trout ktrout_at_proofpoint.com 314.481.1516