1 KEY SALES PITCH First and only true unified security provider for protection bidirectional threats and data loss prevention across and web in a single solution. XCS leverages ReputationAuthority (next generation reputation service) as a first line of defense to block over 98% of spam and threats at the perimeter BEFORE it enters the network (included at no extra cost). XCS deploys a defense in depth approach to spam, virus, and threat prevention (including blended threats). XCS provides the ability to centrally manage bi directional and web security from a single point of administration XCS provides multiple layers of redundancy including clustering, patented queue replication so you never lose a message, hardware redundancy, and geographical redundancy (centralized management). In June 2007, IronPort was acquired by Cisco, a recognizable, leading industry brand with a large customer base. Cisco has held on to the IronPort brand and positions IronPort as part of the Cisco product family. IronPort offers and web security appliances to protect organizations of all sizes against spam, viruses, malware and other internet threats using preventive and reactive security measures that they claim are easy to deploy and manage. IronPort also offers data loss prevention and separate dedicated management consoles. TRUTH BEHIND THE PITCH WatchGuard XCS appliances are built on a proven 15+ year technology. In head to head tests and demos, ReputationAuthority demonstrates superior block rates over SenderBase with more granular detail on the IP and the threat being detected. Ultimately, because ReputationAuthority blocks more than 98% of traffic, it frees up customer networks to process significantly higher volumes of safe traffic only. WatchGuard XCS provides granular reporting across and web from a single point of administration, and policies can be set across multiple protocols without the need for a dedicated management console. IronPort s sweet spot is enterprise customers. Their appliances are known to be expensive, requiring larger budgets. They have been known to provide drastic discounts for strategic accounts. IronPort SenderBase (their 2 nd generation reputation service) has the most volume of DNS based blocklists and hence does not provide highly effective connection level blocking of inbound threats, requiring the appliance to process significantly more traffic. Customers must deploy AsyncOS for high performance. IronPort s SenderBase is a poor reputation system, blocking only 80% of inbound threats, which is why AsyncOS is so important they have to process more traffic than WatchGuard XCS. IronPort requires a dedicated management console to manage multiple or web security appliances, and policies cannot be configured across multiple protocols.
2 KEY SALES PITCH AGAINST XCS is the only true multi protocol solution on the market that is capable of providing and web security in a single solution. XCS provides unified administration, policy management and reporting without the need for a dedicated management console to greatly reduce the costs and administrative burdens of disparate point products. A single set of policies can be applied across multiple and web security appliances which, in turn, provides integrated reporting and a holistic view of what is entering and exiting your and web networks. XCS provides protocol redundancy when deployed on multiple systems because the and web protocols are always live and policies are shared. In the event of a failure, any system can be redeployed to provide and web security. WatchGuard XCS provides patented queue replication technology a key differentiator ensuring that no messages are ever lost. Cisco s IronPort C Series ( filtering appliance) and the IronPort S Series (Web filtering appliance) share a similar administrative interface, but the similarity stops there. The company does not offer shared policies, integrated management, or reporting. IronPort requires a separate management appliance (additional cost), the M series, which centralizes reporting, quarantine, and tracking for , and can also be used to perform centralized management for the S series (web security). However, there are still no integrated policies or reporting across and web, and hence management is siloed, requiring a full duplication of configuration, policy setting and administrative effort, and an additional piece of hardware to configure and manage. IronPort does NOT offer message level redundancy (i.e. queue replication), and hence if a system goes down, messages can be lost. PERFORMANCE XCS delivers the highest performance in the industry, a fact that is constantly being demonstrated in head to head competitive situations where real world messages are being processed and delivered. XCS has been specifically architected to eliminate the processing bottlenecks that plague our competitors. Performance is enhanced by including ReputationAuthority, WatchGuard s next generation reputation service, which eliminates more than 98% of all inbound threats at the connection level, resulting in better performance because it frees the system to process only legitimate, clean traffic. The on demand and zero admin clustering capabilities of XCS is designed to scale to meet the needs of any sized organization. XCS is the only product that protects every message against loss using its patented queue replication technology. While IronPort is well touted for its high performance, its products rely on most of the messages being dropped by SenderBase, their 2nd generation reputation service. SenderBase relies on IP history and volume to assign a reputation score, resulting in an up to 80% block rate. Hence, in a scenario where 1M messages are attempting to establish an SMTP connection, 200,000 messages would be cleared by SenderBase to enter the network. In comparison, ReputationAuthority extends its filtering beyond DNSBL and volume to inspect the behavior of an IP and the content and context of the message before it assigns a reputation score. As a result, it is able to block more than 98% of unwanted traffic at the perimeter. Hence, where 1M messages are attempting to establish an SMTP connection, only 50,000 messages would be pushed through the XCS appliance for further examination and threat prevention.
3 SPAM DETECTION WatchGuard XCS uses a multi layered approach to spam detection. First layer of spam prevention is the WatchGuard ReputationAuthority, the only next generation reputation system. ReputationAuthority works in real time and makes its decisions based on content (including attachments), volumes, and IP behavior analysis. ReputationAuthority rejects more than 98% of unwanted traffic and threats at the connection level, with only 1 in 1,000,000 false positives. This eliminates the need for the WatchGuard XCS to scan this traffic, improving performance and reducing bottlenecks. Second layer of spam prevention is the Intercept engine, the industry's most effective and mature anti spam technology (almost a decade of proven anti spam experience). XCS Intercept Engine is capable of learning and adapting to new spam campaigns, including blended threats, and uses a broad range of techniques to classify good mail from spam, including blocklists, sender reputation and behavior, content, contextual analysis, and a multitude of other heuristics in addition to those that IronPort uses to assign a spam score. Intercept Engine anti spam provides a solutions based approach where each anti spam component provides input to the final spam score of a message. Intercept can combine the results of several anti spam components to provide a better informed decision on whether a message is spam or legitimate mail while minimizing false positives. Information retrieved by all of the enabled anti spam components results in a more informed decision on whether the message is in fact spam or legitimate mail. Intercept is able to detect spam in any language and is the only product on the market with a patented approach for detecting image spam. IronPort claims that the key to their solution s efficacy is data captured by its SenderBase reputation service, dropping about 80% of the unwanted . However, SenderBase is a 2ndgeneration reputation service that measures DNSBL and message volumes and performs no behavioral analysis. In fact, IronPort itself likens the SenderBase service to that of a credit reporting service, which we all know simply provides limited historical reputation rather than a detailed, content and contextual approach to assigning a behavior score. The remaining messages are scanned using CASE (Context Adaptive Scanning Engine), their relatively new anti spam technology that was introduced in IronPort claims that CASE detects threats by analyzing four aspects of a message that together provide a spam score: o Who sent the message and what do we know about this sender? o Where does the call to action in the message take you? o What is the nature of the message content? o How was the message technically constructed? In reality, CASE is signature based, similar to AV, and accuracy depends on having the latest spam definitions; if the signatures are not up to date, the spam is not blocked. Prior to CASE, IronPort relied solely on Brightmail for their antispam technology.
4 FALSE POSITIVES WatchGuard XCS provides the lowest false positive rate on the market, as demonstrated in our head to head competitive opportunities. Since ReputationAuthority, the only next generation reputation system, makes decisions based on content, volume, and behavior, it produces a more accurate reputation score and results in an extremely low false positive rate. XCS's Intercept engine uses knowledge based intelligence to learn from messages being passed through the system to make decisions regardless of language and to recognize new spam threats and legitimate , hence reducing false positives even further. As a result, XCS provides a % spam capture rate with 1 in 1,000,000 false positives. IronPort also has a low false positive rate. It should be noted, however, that IronPort s SenderBase (a 2ndgeneration reputation system), is subject to higher false positives because it relies simply on measuring IP history and message volumes not content to determine reputation. VIRUS PROTECTION WatchGuard XCS provides a multi layered approach to virus protection. First layer of defense is ReputationAuthority which drops all connections from known virus senders. Only ReputationAuthority tracks the IP address, domain and address of virus, malformed message, and suspect attachment senders. Second layer of defense is the WatchGuard Threat Outbreak Control, the only automated system that pulls threat information in real time from ReputationAuthority to provide zero hour protection by quarantining suspicious payloads. Potential threats are quarantined and then rescanned when new AV signatures are available. Third layer of virus defense include the two most effective anti virus solutions on the market, powered by Kaspersky and McAfee, both of which have consistently rated 1st and 2nd in response time for providing AV signatures for new and emerging threats. IronPort relies on Sophos technology for their AV signatures. Sophos is a mid range technology, as evidenced by 3rd party stats. In comparison, WatchGuard XCS uses Kaspersky by default, which typically does better in 3rd party independent studies. In the short term, WatchGuard will be introducing a new Kaspersky technology (SafeStream), which will provide even faster anti virus protection to further increase our leadership in this area. In competitive situations where IronPort is positioning XCS s reliance on KAV for anti virus as a disadvantage (for example, in US government accounts where they do not want Russian technology deployed), as an alternative, WatchGuard offers McAfee AV as an add on subscription (additional cost).
5 DATA LOSS PREVENTION/ COMPLIANCE XCS provides sophisticated built in content filtering capabilities with integrated, on box encryption to prevent data loss. XCS provides deep inspection of content, context, sender and recipient information, and communication medium (i.e. how and where it is being sent) of all messages and attachments. A single set of data loss prevention policies can be applied across and web protocols from a single point of administration this is a key differentiator as IronPort cannot apply a single set of policies across multiple protocols. XCS policies can be set for groups or individuals to provide flexibility based on job function. XCS applies instant on remediation of detected policy violations (including add on encryption if so desired) for transparent protection based on user defined policies. XCS includes predefined financial and medical dictionaries for regulatory compliance. XCS features document fingerprinting for classifying all types of data files deemed sensitive or confidential, thereby training XCS on what to look for and actions to take upon discovery of such data in outbound communications. IronPort provides many similar compliance capabilities to that of XCS, including policy creation, incident handling, quarantine, encryption and other remediation actions. A differentiator in the area of privacy and compliance is the document fingerprinting and data classification feature of WatchGuard XCS, allowing organizations the ability to block identified confidential documents or sensitive information from leaking from the organization. IronPort recently announced data loss prevention for its security appliance with an integration of RSA s DLP data classification technology (available as an add on approximately $10.54 US per user per year for 1,000 users price gets lower as user count increases) to protect data in motion. The company claims that in future, customers may extend these capabilities to data at rest and data in use through a tight integration with the RSA DLP Suite, enabling data loss prevention with unified management and a common information classification and policy framework for data at rest, in motion and in use hence, providing a full featured DLP solution. REDUNDANCY WatchGuard enterprise class models offer multiple layers of redundancy, including: o message level redundancy so you never lose a message with XCS patented queue replication capabilities key differentiator as IronPort does not have this on their appliances o clustering with the ability to replicate configuration across all systems o geographical redundancy so customers can centrally manage geographically dispersed systems and apply policies from a single point of administration o hardware redundancy to remove a single point of failure. Although IronPort does offer centralized management, clustering, and hardware redundancy, it does NOT offer messagelevel redundancy (i.e. queue replication), and hence if a system goes down, messages can be lost.
6 MANAGEMENT All WatchGuard XCS appliances provide an intuitive and easy touse Web based management UI that is designed using the same principals as the Microsoft Ribbon UI. All administrative and configuration tasks are performed via this browser based interface. XCS appliances do not require a dedicated management console, hence no extra costs are associated with centrally managing appliances and policies for multiple appliances. XCS appliances provide on demand zero admin clustering for unparalleled capacity and performance creating a large virtual machine that can handle even the most demanding messaging loads, without losing a single message. All systems are managed through a single point of access and all configurations are automatically replicated across all systems. XCS also provides centralized management to extend policies globally to systems located anywhere in the world. IronPort requires a separate management console/appliance (the M series available at an additional cost) to centralize reporting, spam quarantine, and message tracking to manage more than one deployed IronPort security or web security appliance. Even with the M series, however, there are still no integrated policies or reporting across and web, and hence management is siloed, requiring a full duplication of configuration, policy setting and administrative effort, and an additional piece of hardware to configure and manage. Many of IronPort's required configuration and administrative tasks must be carried out through a UNIX like command line interface (CLI). Administrators report their frustration performing repetitive tasks through the CLI. REPORTING All XCS appliances are pre configured with a series of out of thebox, commonly used, detailed reports at no additional cost and no separate management console required. Reports are integrated and provide a detailed snapshot of messaging events, ranging from traffic details to system health. Reports can be saved locally or exported for audit purposes, and can be customized and run by domain, group, feature, or timebased. Reports can be run in real time or can span a lengthy period of time depending on requirements. Reports provide system and content level visibility to message traffic such as policy diagnostics, policy violations, top senders/recipients, top violators (inbound and outbound), compliance/dlp report, system processes used, disposition of messages, viruses, etc. Reports are available that provide visibility into policy compliance, as well. IronPort delivers a handful of basic integrated reports that are simplistic in nature, don t offer a holistic view, cover only a small span of time, and pertain only to a single system. For enhanced reporting, IronPort provides centralized reporting and management across multiple appliances via Security Monitor which is an additional expense. This is a separate software product that IronPort sells as an add on feature, and has the potential to create a single point of failure. IronPort does, however, have an attractive and effective dashboard that is easy to understand and use.
7 SUPPORT WatchGuard offers three distinct support programs: o LiveSecurity Standard (XCS 170 & 370) o LiveSecurity Plus (XCS 570, 770, 970 & 1170) o LiveSecurity Gold (upgrade at an additional cost) All programs offer: o 24x7x365 telephone access to Customer Support Engineers (except Standard support only 12x5 support) o After hours support (except Standard additional cost for this service) o Remote installation services (fee based) o Access to online Support Portal including release notes, security alerts, software updates and patches o Access to online Customer Portal including product documentation/guides, training materials, My Products Management Center, moderated customer forum o Advanced hardware replacement warranty LiveSecurity Gold Support is an additional cost and offers additional benefits of: Unlimited support incidents (Standard and Plus programs provide 5 support incidents per year with ability to upgrade to additional 3 incident package) Ticket management is available as follows: Web: submitted via Support Portal Phone: via global toll free numbers IronPort offers two distinct support programs: o Platinum Support Program o Platinum Plus Support Program Both programs offer: o 24x7x365 telephone access to Customer Support Engineers o Access to online Support Portal including knowledge base, the latest product documentation, release notes, tools, security alerts, and case management o One hour response time to Priority 1 issues note this is not one hour resolution time, but one hour before a support rep responds to the support ticket submission Platinum Plus Support is an additional cost and offers added benefits of: o Access to designated Customer Support Engineers who are familiar with the customer's implementation of the IronPort products as well as their key technical contacts o Not available in all regions Ticket management is available as follows: Appliance: open ticket directly from the appliance Web: submitted via Support Portal sent from registered admin address Phone: via global toll free numbers