Technology Blueprint. Protect Your Email. Get strong security despite increasing email volumes, threats, and green requirements



Similar documents
Technology Blueprint. Protect Your Servers. Guard the data and availability that enable business-critical communications

Technology Blueprint. Protecting Intellectual Property in . Guarding against information-stealing malware and outbound data loss

Technology Blueprint. Secure Your Virtual Desktop Infrastructure. Optimize your virtual desktop infrastructure for performance and protection

V1.4. Spambrella Continuity SaaS. August 2

McAfee Global Threat Intelligence File Reputation Service. Best Practices Guide for McAfee VirusScan Enterprise Software

anomaly, thus reported to our central servers.

WEBSENSE SECURITY SOLUTIONS OVERVIEW

European developer & provider ensuring data protection User console: Simile Fingerprint Filter Policies and content filtering rules

Stop Spam. Save Time.

Trend Micro Hosted Security Stop Spam. Save Time.

Encryption Made Simple

Symantec Brightmail Gateway Real-time protection backed by the largest investment in security infrastructure

Symantec Messaging Gateway powered by Brightmail

How To Buy Nitro Security

Encryption Made Simple

WHAT S NEW IN WEBSENSE TRITON RELEASE 7.8

Symantec Messaging Gateway 10.5

Trend Micro Hosted Security Stop Spam. Save Time.

Setting up Microsoft Office 365

Unified Threat Management, Managed Security, and the Cloud Services Model

Modular Network Security. Tyler Carter, McAfee Network Security

Total Protection for Compliance: Unified IT Policy Auditing

Technology Blueprint. Protect Your VoIP/SIP Servers. Insulating your voice network and its servers from attacks and disruption

Seven Requirements for Hybrid Web Delivery Getting the best of both on-premises and SaaS

Symantec Messaging Gateway 10.6

Setting up Microsoft Office 365

Copyright 2011 Sophos Ltd. Copyright strictly reserved. These materials are not to be reproduced, either in whole or in part, without permissions.

McAfee Web Gateway Administration Intel Security Education Services Administration Course Training

McAfee Security Architectures for the Public Sector

Data Sheet: Messaging Security Symantec Brightmail Gateway Award-winning messaging security for inbound protection and outbound control

Solution Brief: Enterprise Security

GFI Product Comparison. GFI MailEssentials vs Barracuda Spam Firewall

How To Integrate Hosted Security With Office 365 And Microsoft Mail Flow Security With Microsoft Security (Hes)

Preparing for a Cyber Attack PROTECT YOUR PEOPLE AND INFORMATION WITH SYMANTEC SECURITY SOLUTIONS

How McAfee Endpoint Security Intelligently Collaborates to Protect and Perform

When Reputation is Not Enough: Barracuda Spam & Virus Firewall Predictive Sender Profiling

Eiteasy s Enterprise Filter

McAfee Endpoint Protection for SMB. You grow your business. We keep it secure.

On-Premises DDoS Mitigation for the Enterprise

Evaluation Guide. eprism Messaging Security Suite V8.200

Data Sheet: Endpoint Security Symantec Protection Suite Enterprise Edition Trusted protection for endpoints and messaging environments

ZSCALER SECURITY CLOUD FOR LARGE AND MEDIUM ENTERPRISE

Solutions Brochure. Security that. Security Connected for Financial Services

When Reputation is Not Enough. Barracuda Security Gateway s Predictive Sender Profiling. White Paper

Top 10 Features: Clearswift SECURE Gateway

Symantec Protection Suite Add-On for Hosted and Web Security

Technology Blueprint. Secure Cloud-based Communications. Manage risk while embracing cloud services

Mimecast Security

Administration Guide Revision A. SaaS Protection

WildFire. Preparing for Modern Network Attacks

Cisco Cloud Security Interoperability with Microsoft Office 365

Intercept Anti-Spam Quick Start Guide

Technology Blueprint. Protect Your Servers. Preserve uptime by blocking attacks and unauthorized changes

Cisco Security Intelligence Operations

T E C H N I C A L S A L E S S O L U T I O N

Administration Guide Revision E. SaaS Protection

Configuration Information

SECURITY REIMAGINED SPEAR PHISHING ATTACKS WHY THEY ARE SUCCESSFUL AND HOW TO STOP THEM. Why Automated Analysis Tools are not Created Equal

Database Security in Virtualization and Cloud Computing Environments

Fighting Advanced Threats

Comprehensive Filtering. Whitepaper

INSTANT MESSAGING SECURITY

FortiMail Filtering Course 221-v2.2 Course Overview

IBM Lotus Protector for Mail Security 2.5. Empower users and extend your IBM Lotus Notes and Lotus Domino security features

When Reputation is Not Enough: Barracuda Spam Firewall Predictive Sender Profiling. White Paper

Protecting the Infrastructure: Symantec Web Gateway

Not All Database Security Solutions Are Created Equal

Commtouch RPD Technology. Network Based Protection Against -Borne Threats

Proactively protecting your messaging infrastructure with the IBM Lotus Protector for Mail Security solution.

Configuration Information

Reviewer s Guide. PureMessage for Windows/Exchange Product tour 1

Symantec Hosted Mail Security Getting Started Guide

Securing the Internet of Things OEM capabilities assure trust, integrity, accountability, and privacy.

On and off premises technologies Which is best for you?

When your users take devices outside the corporate environment, these web security policies and defenses within your network no longer work.

Protection for your account

Improving Business Outcomes: Plug in to Security As A Service Adrian Covich

Transitioning to McAfee SaaS Protection from Postini

SESA Securing with Cisco Security Appliance Parts 1 and 2

Websense Messaging Security Solutions. Websense Security Websense Hosted Security Websense Hybrid Security

Technology Blueprint. Defend Against Denial of Service Attacks. Protect each IT service layer against exploitation and abuse

PROTECTING YOUR MAILBOXES. Features SECURITY OF INFORMATION TECHNOLOGIES

Correlation and Phishing

MESSAGING SECURITY GATEWAY. Detect attacks before they enter your network

FortiMail Filtering Course 221-v2.0. Course Overview. Course Objectives

Cisco IronPort C370 for Medium-Sized Enterprises and Satellite Offices

McAfee Certified Product Specialist McAfee epolicy Orchestrator

Transcription:

Technology Blueprint Protect Your Email Get strong security despite increasing email volumes, threats, and green requirements

LEVEL 1 2 3 4 5 SECURITY CONNECTED REFERENCE ARCHITECTURE LEVEL 1 2 4 5 3 Security Connected The Security Connected framework from McAfee enables integration of multiple products, services, and partnerships for SECURITY CONNECTED centralized, efficient, and REFERENCE ARCHITECTURE effective risk mitigation. Built on LEVEL more than two 1decades 2 3 of 4 5 proven security practices, the Security Connected approach helps organizations of all sizes and segments across all geographies improve security postures, optimize security for greater cost effectiveness, and align security strategically SECURITY with business CONNECTED initiatives. The REFERENCE Security Connected ARCHITECTURE Reference Architecture provides a concrete LEVEL path from 1 ideas 2 3 to 4 5 implementation. Use it to adapt the Security Connected concepts to your unique risks, infrastructure, and business objectives. McAfee is relentlessly focused on finding new ways to keep our customers safe. Get strong security despite increasing email volumes, threats, and green requirements The Situation Email is one of the most widely used vectors of attack today. As the email environment becomes more complex, with attachments, embedded pictures, links, and executable code, our approach to protecting against email threats must also take on a more robust and layered model to be effective. There is also the inadvertent employee or the malicious insider that may send out confidential information that may be damaging to the organization or violate a compliance standard such as HIPAA or GLBA. Additionally, organizations are also considering green initiatives to reduce data center footprint and power consumption while maintaining high availability and performance. All of these challenges require email security to be ever evolving to ensure the gates remain locked against one of the most tried and true avenues of attack. Driving Concerns Discerning which emails are your run of the mill spam and which contain malware has become more difficult as the methods of sending spam and malware have become more sophisticated. Layer on top of that difficulty the very elaborate methods cybercriminals employ to solicit a user to click on a link or an image with embedded malicious code. For example, with social media and personal information available in the open, spearphishing has become more believable and reliable. Tests show almost 1 in 5 employees will click on links in phishing emails and give out confidential information. 1 Protecting inbound traffic is also no longer enough. Every organization has some confidential information, such as pending mergers, financials, or design specifications, that needs to be prevented from leaving the organization via email. Due to the global nature of mail now as well as complex collaboration with other business partners, there may be a need to treat mail with actions such as encryption or additional logging. As you move to address these threats, other business realities add complexity. Because it is a staple of conducting business, email volumes are ever increasing, so scalability is critical. You must also provide continuity for email and go green, reduce the on-premises email footprint, in compliance with green initiatives. These conditions sum up to four specific challenges as you move to protect both inbound and outbound email without negatively affecting your organization s ability to do business: Spam/Phishing/Virus detection. The bread and butter of any solution is to detect and block these unwanted emails with a very low percentage of false positives Knowing who the good senders are. With today s email volumes, separating the good and bad through content scanning, AV scanning, Bayesian Analysis, and other techniques is not enough. A solution must be able to determine reputation of the sender based on past behavior, domain, or IP association, and other characteristics that can be filtered prior to delivering email to your email servers. Without this first layer of filtering by reputation, any corporate email infrastructure will work harder than it needs to and have to rely on constant updates. This leaves the environment less effective at catching clean email sent with malicious intent. Data loss prevention (DLP). With mail being an easy way for intentional or accidental loss of confidential data, you must be able to detect and block outbound company confidential information contained in an email or its attachments. Well-intentioned email to the wrong recipient has caused both embarrassment and unintentional data loss. 2 Protecting Email

Standards compliance. Detect messages that are subject to a regulatory or governance policy and process them accordingly via encryption, archiving, logging, or other required processes Provide business continuity and reduced footprint. There is a trend to use cloud-based services to reduce on-premises equipment while providing business continuity in the event of an outage or disaster. A layered approach allows email to be received and stored off site when connectivity to on-premises equipment is interrupted. Users need to be able to read and respond to email during an extended outage. Solution Description An effective solution will layer cloud-based protection in front of on-premises equipment, enabling processing efficiencies as well as compliance with business and green requirements. Each of the following components of the solution must achieve its goal with a very high detection rate combined with a very low false positive percentage. Detection is only the first step, as the solution must also be able to take multiple actions on the items detected and send notifications where appropriate. Spam/Phishing/Virus detection. As email attack techniques have changed, new methods of trying to get a user to click on a link have become more successful. Most attacks now rely on multiple vectors for full deployment. For successful detection of these new attack vectors, McAfee recommends near real-time reputation updates of each component of the message from a vast network of sensors. For example, it should detect and flag an email from a previously unknown sender when that message contains a URL to a known phishing site. Knowing who the good senders are. As mentioned above, relying on standard risk assessment techniques leaves a major gap in coverage. Advanced technology that provides predictive security against new and emerging threats is required. Knowledge of past behavior from senders as well as associations with others is a strong predictor of future behavior. A solution must correlate and analyze the behavior of Internet objects or entities such as host IP addresses, Internet domains, specific URLs, images, and email messages. Data loss prevention. In order to prevent unintentional or intentional data loss, a solution must provide a mechanism for various types of documents to be identified and registered as confidential without storing a copy of the original content. Outgoing emails and their attachments must then be compared against the library of confidential documents for any full or partial matches and, depending on email policy, allowed, denied, encrypted, or quarantined. This protects against the casual mistake that could be as devastating as a malicious insider trying to send confidential information out. Standards compliance. A solution must be able to detect standard content in compliance with multiple regulations around the globe, without requiring the email administrator to be a compliance expert. It should have a robust compliance engine as well as a large library of compliance templates and regulations widely used around the world. Internal governance policies such as encryption of documents sent to and from business partners should be easy to enforce. Once controlled content is detected, the solution must be able to take appropriate actions, encrypting the message, quarantining and notifying the user and administrator, or blocking its transmission. Business continuity and reduced footprint. A cloud based email security system should be layered in front of on-premises systems and configured to drop definitively bad messages that can represent 70-80% of the volume, and deliver the remaining messages to the on-premises devices for closer inspection. The reduction in mail volume delivered to your organization s on-premises system will allow for a substantially reduced email processing footprint, both within the security systems and within the email server and its storage. In the event of an outage, emails must be held in the cloud until connectivity is restored. During these outages, users must have the ability to read, reply, forward and delete their email via the cloud. After the outage, all message activity should be synchronized so that the on-premises system has the authoritative content. Decision Elements These factors could influence your architecture: Do you have incentives for adoption of cloud-based email services? Do you need to scan email and attachments for sensitive content? Does your email need to be archived for compliance? Do you require distributed or centralized management? What are your requirements for encryption? Protecting Email 3

Technologies Used in the McAfee Solution The McAfee solution consists of a layered approach combining McAfee Software as a Service (SaaS) email protection with McAfee Email Gateway (MEG), with its encryption and full McAfee Global Threat Intelligence (GTI) integration. This hybrid approach utilizes the SaaS business continuity features to ensure availability and configures email protection to drop those messages that are certain to be malicious or spam. After initial screening in the cloud, the much smaller amount of remaining email traffic is directed on site, where McAfee Email Gateway provides additional spam and malware screening based on signatures, heuristics, and file and messaging reputation lookups against the McAfee Global Threat Intelligence database. These advanced controls can be applied efficiently because the traffic volume has already been reduced so significantly in the initial cloud-based filter. The McAfee Email Gateway will also screen outbound traffic to prevent data loss and enforce compliance with standards. Based on content and policies, the McAfee Email Gateway will take relevant actions, such as quarantining or encryption. As an option, controlled email can be archived automatically through the cloud, using the McAfee SaaS Email Archiving service. Inbound Blocks spam and threats in the cloud 99.9% good email SaaS Email Protection McAfee Email Gateway DLP Encrypted email Non-encrypted email Outbound Email Protection, hybrid deployment McAfee SaaS Email Protection and Continuity In a hybrid configuration, McAfee SaaS Email Protection and Continuity is combined with McAfee Email Gateway deployed on your site. The hybrid configuration allows you to retain quarantined information within your network while eliminating confirmed spam before it reaches you. Removing the definitely bad email typically accounts for a 70-80% reduction in on-premises email volume. During an onpremises outage, due to either scheduled maintenance or emergency downtime, SaaS Email Continuity automatically activates, allowing users instant web access to email for business as usual. Web email activity is synchronized with your on-premises equipment when connectivity is restored. 4 Protecting Email

1 Email flows to email server 2 Email server suffers outage McAfee SaaS Email Continuity Customer Network 3 SaaS Email Continuity automatically activates* Users have instant web access to email for business as usual 4 Emails delivered back to email server upon recovery * Manual activation also available Email Continuity for planned and unplanned server outages McAfee Email Gateway McAfee Email Gateway (MEG) protects your organization by scanning both inbound and outbound email and applying local and global threat intelligence. MEG utilizes the well-known McAfee antivirus scanner to detect known malicious content, and McAfee Global Threat Intelligence (GTI) to detect emerging and suspicious but unknown content. By utilizing GTI, the McAfee Email Gateway is able to make decisions about an email based on a file attachment or embedded URL s reputation in addition to the sending IP address and the message content. For example, it is common for phishing attacks to frequently change the IP address used to send the emails. Reputation services that only track IP address reputations must learn about each new address while letting the initial messages ( patient zeros ) through to the recipients. However, with GTI, even though the sending IP address has changed, the URL contained within the phishing email will still have a bad reputation in the GTI database. The message will be blocked, avoiding even the patient zero infection. Like other reputable vendors, McAfee participates in third party testing such as the Virus Bulletin VBspam comparative and has consistently scored very well. The latest results (May 2011) showed a spam catch rate of 99.92% with ZERO false positives. The gateway s attachment filtering can be configured easily to block potentially harmful attachments even if the filename is changed. For example, an executable that is renamed to a.txt will still be detected as an.exe. Kernel Mode Blocking stops distributed denial of service (DDOS) attacks cold while continuing to allow legitimate email through. Protecting confidential information is easy with integrated data loss prevention. The gateway s on-box DLP allows confidential documents to be fingerprinted. The original documents are not stored on the gateway. Before a message is sent, the email content is extracted, fingerprinted, and compared to the confidential document fingerprints. The gateway can take action depending on the percentage match and policies specified by the administrator. To reduce false negatives that might block permitted email, corporate templates can be fingerprinted into an excluded content section so the boilerplate text will not be considered in the comparison. Protecting Email 5

MEG is shipped with hundreds of compliance templates covering regulatory standards from across the globe. The templates span from Australia s Tax File Numbers to American HIPAA and the United Kingdom s NHS numbers. The templates provide a proven baseline, so an administrator can achieve compliance with just a few simple steps. Many compliance standards mandate secure delivery of the data. The McAfee Email Gateway includes advanced encryption and secure web delivery features that can be triggered automatically when appropriate content is detected. The gateway s built-in clustering provides high availability, load balancing, centralized reporting, and centralized management across multiple appliances without the need for any additional hardware or software. Integration with McAfee epolicy Orchestrator (McAfee epo ) allows for central management and reporting of multiple gateways or clusters, as well as rollup of enterprise-wide reports for compliance and status updates. Impact of the Solution Implementing McAfee SaaS Email Protection and Continuity in a hybrid configuration with McAfee Email Gateway supports green initiatives through reduced on-premises email volume and equipment usage. This model also provides business continuity in the event of an outage or disaster. Two layers of spam and malware protection help you keep up with the volumes of email traffic and the ever-evolving tactics of spammers, phishers, and other online criminals. After SaaS Email Protection has removed the known bad traffic, McAfee Email Gateway provides excellent spam, phishing, and virus protection and leverages reputation in real time to catch breaking malicious threats. The same system adds data loss prevention and standards compliance for comprehensive inbound and outbound protection in a single solution. 6 Protecting Email

Q&A Is there an additional cost for on-box DLP with McAfee Email Gateway? No, the on-box DLP is included in the standard product license. Is there an additional cost for the gateway s on-box encryption features? No, the on-box encryption features are included in the standard McAfee Email Gateway product license. Is there an additional cost for McAfee Email Gateway epo management and reporting? No, epo management and reporting is included in the standard McAfee Email Gateway product license. Is McAfee Email Gateway only sold as a 1U or 2U appliance? No, McAfee Email Gateway is also available as a virtual appliance or in a blade server. Will McAfee Email Gateway work with my Syslog server? Yes, McAfee Email Gateway has the ability to format syslog information into very popular formats including ArcSight and Splunk and will send the information to your syslog server on a TCP port you specify. Does McAfee Email Gateway support SNMP? Yes, McAfee Email Gateway supports both SNMP Monitoring and alerting for SNMP versions 1, 2 & 3. Protecting Email 7

Additional Resources www.mcafee.com/emailsecurity www.mcafee.com/emailgateway www.mcafee.com/gti www.mcafee.com/epo For more information about the Security Connected Reference Architecture, visit: www.mcafee.com/securityconnected About the Author Joel Caracciolo, an enterprise solution architect, provides technical assistance and design solutions to new and existing McAfee clients in North and South America. Joel has over 20 years of experience in the IT field and specializes in messaging, networking, and security. He also has a strong development background and holds a patent for developing a trusted source toolbar for CipherTrust/Secure Computing. An experienced trainer and presenter, Joel has been invited to speak at IBM s business partner executive council (BPEC) and Lotusphere. Joel attended Akron State University and began his career through their co-op program as an intern for Allen Bradley, where he developed their software management reporting system. 1 http://www.cs.cmu.edu/~ponguru/ecrime_apwg_08.pdf The information in this document is provided only for educational purposes and for the convenience of McAfee customers. The information contained herein is subject to change without notice, and is provided AS IS without guarantee or warranty as to the accuracy or applicability of the information to any specific situation or circumstance. 2821 Mission College Boulevard Santa Clara, CA 95054 888 847 8766 www.mcafee.com McAfee, McAfee epolicy Orchestrator, McAfee epo, McAfee Email Gateway, McAfee SaaS Email Protection and Continuity, McAfee Global Threat Intelligence, and the McAfee logo are registered trademarks or trademarks of McAfee, Inc. or its subsidiaries in the United States and other countries. Other marks and brands may be claimed as the property of others. The product plans, specifications, and descriptions herein are provided for information only and subject to change without notice, and are provided without warranty of any kind, express or implied. Copyright 2011 McAfee, Inc. 37906bp_protecting-email-rep-L3_1111

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information