Commtouch RPD Technology. Network Based Protection Against Email-Borne Threats

Similar documents
Recurrent Patterns Detection Technology. White Paper

Ipswitch IMail Server with Integrated Technology

Pattern-based Messaging Security for Hosting Providers

Powerful and reliable virus and spam protection for your GMS installation

Threat Trend Report Second Quarter 2007

Technology White Paper. Increase Security and Maximize Spam Blocking

Anti Spam Best Practices

Commtouch Software Ltd

COMBATING SPAM. Best Practices OVERVIEW. White Paper. March 2007

The Growing Problem of Outbound Spam

Trend Micro Hosted Security Stop Spam. Save Time.

WEBTHREATS. Constantly Evolving Web Threats Require Revolutionary Security. Securing Your Web World

eprism Security Appliance 6.0 Intercept Anti-Spam Quick Start Guide

Stop Spam. Save Time.

Symantec Protection Suite Add-On for Hosted and Web Security

Trend Micro Hosted Security Stop Spam. Save Time.

OutbreakShield Effective and Immediate Protection against Virus Outbreaks

Stop advanced targeted attacks, identify high risk users and control Insider Threats

Choose Your Own - Fighting the Battle Against Zero Day Virus Threats

PROTECTING YOUR MAILBOXES. Features SECURITY OF INFORMATION TECHNOLOGIES

When Reputation is Not Enough: Barracuda Spam Firewall Predictive Sender Profiling. White Paper

100% Malware-Free A Guaranteed Approach

WEBSENSE SECURITY SOLUTIONS OVERVIEW

CYBEROAM UTM s. Outbound Spam Protection Subscription for Service Providers. Securing You. Our Products.

When Reputation is Not Enough: Barracuda Spam & Virus Firewall Predictive Sender Profiling

isheriff CLOUD SECURITY

Comprehensive Filtering. Whitepaper

Intercept Anti-Spam Quick Start Guide

Features and benefits guide for partners and their customers

Symantec Cyber Threat Analysis Program Program Overview. Symantec Cyber Threat Analysis Program Team

Spam DNA Filtering System

Life After Signatures Pattern Analysis Application for Zombie Detection

System Compatibility. Enhancements. Operating Systems. Hardware Requirements. Security

The Dirty Secret Behind the UTM: What Security Vendors Don t Want You to Know

When Reputation is Not Enough. Barracuda Security Gateway s Predictive Sender Profiling. White Paper

PineApp Anti IP Blacklisting

Reviewer s Guide. PureMessage for Windows/Exchange Product tour 1

V1.4. Spambrella Continuity SaaS. August 2

Netsweeper Whitepaper

anomaly, thus reported to our central servers.

Technology Blueprint. Protect Your . Get strong security despite increasing volumes, threats, and green requirements

GFI Product Comparison. GFI MailEssentials vs Barracuda Spam Firewall


Mail-SeCure for virtualized environment

GFI Product Comparison. GFI MailEssentials vs. Trend Micro ScanMail Suite for Microsoft Exchange

Anti-Phishing Best Practices for ISPs and Mailbox Providers

MESSAGING SECURITY GATEWAY. Detect attacks before they enter your network

Protect Your Enterprise With the Leader in Secure Boundary Services

SAAS VS. ON-PREMISE SECURITY. Why Software-as-a-Service Is a Better Choice for and Web Threat Management

WildFire. Preparing for Modern Network Attacks

SPAM FILTER Service Data Sheet

How To Protect Your From Spam On A Barracuda Spam And Virus Firewall

The Increasing Risks from

s and Spam

Do you need to... Do you need to...

Cisco Security Intelligence Operations

Spam Classification Techniques

Software Engineering 4C03 SPAM

Mobile App Reputation

European developer & provider ensuring data protection User console: Simile Fingerprint Filter Policies and content filtering rules

Panda Cloud Protection

Symantec Security.cloud - Skeptic Whitepaper

escan Anti-Spam White Paper

FireEye Threat Prevention Cloud Evaluation

Targeted Phishing SECURITY TRENDS

Global Reputation Monitoring The FortiGuard Security Intelligence Database WHITE PAPER

Why Spamhaus is Your Best Approach to Fighting Spam

SECURE SHARING AND COMMUNICATION. Protection for servers, and collaboration

Thexyz Premium Webmail

McAfee Global Threat Intelligence File Reputation Service. Best Practices Guide for McAfee VirusScan Enterprise Software

GFI Product Comparison. GFI MailEssentials vs Symantec Mail Security for Microsoft Exchange 7.0

Technology Blueprint. Protect Your Servers. Guard the data and availability that enable business-critical communications

The Guardian Digital Control and Policy Enforcement Center

Targeted Phishing. Trends and Solutions. The Growth and Payoff of Targeted Phishing

Security for Small Businesses: What's the Right Solution For You?

Simplicity Value Documentation 3.5/5 5/5 4.5/5 Functionality Performance Overall 4/5 4.5/5 86%

Fighting Advanced Threats

Dealing with spam mail

LASTLINE WHITEPAPER. Using Passive DNS Analysis to Automatically Detect Malicious Domains

Spyware: Securing gateway and endpoint against data theft

Eiteasy s Enterprise Filter

Primer TROUBLE IN YOUR INBOX 5 FACTS EVERY SMALL BUSINESS SHOULD KNOW ABOUT -BASED THREATS

Mailwall Remote Features Tour Datasheet

McAfee Firewall Enterprise: The only Firewall with the Intelligence to Continuously, Automatically Reduce the Risk and Threat Exposure of Your Network

The Hillstone and Trend Micro Joint Solution

USER S MANUAL Cloud Firewall Cloud & Web Security

Security - A Holistic Approach to SMBs

How To Use Puremessage For Microsoft Exchange

What makes Panda Cloud Protection different? Is it secure? How messages are classified... 5

What is a Mail Gateway?... 1 Mail Gateway Setup Peering... 3 Domain Forwarding... 4 External Address Verification... 4

White Paper. Why Next-Generation Firewalls Don t Stop Advanced Malware and Targeted APT Attacks

Quick Heal Exchange Protection 4.0

Internet Threats Trend Report Q In This Report. Q Highlights. 179 billion. Pharmacy ads. 307,000 Zombies. India

Comprehensive Filtering: Barracuda Spam Firewall Safeguards Legitimate

Groundbreaking Technology Redefines Spam Prevention. Analysis of a New High-Accuracy Method for Catching Spam

How to Stop Spam s and Bounces

Opus One PAGE 1 1 COMPARING INDUSTRY-LEADING ANTI-SPAM SERVICES RESULTS FROM TWELVE MONTHS OF TESTING INTRODUCTION TEST METHODOLOGY

KASPERSKY PRIVATE SECURITY NETWORK: REAL-TIME THREAT INTELLIGENCE INSIDE THE CORPORATE INFRASTRUCTURE

The New Phishing Threat: Phishing Attacks. A Proofpoint White Paper. A Proofpoint White Paper

Transcription:

Network Based Protection Against Email-Borne Threats

Fighting Spam, Phishing and Malware Spam, phishing and email-borne malware such as viruses and worms are most often released in large quantities in a relatively short period of time, causing global damage of tens of billions of dollars annually. Although many methods to combat these threats have been developed throughout the past several years, a common deficiency of most of these methods is that they lack the ability to adapt quickly enough to the rapid change of distribution and infiltration techniques invented by spammers and malware authors. The objective of this document is to discuss the characteristics of these threats, the challenges facing technologies that aim to mitigate these attacks, and describe how the Commtouch solution protects against all types of email-borne threats. The challenges of accurate detection Detecting spam, phishing and malware presents a range of challenges: Spam Detection: In composing spam messages, spammers use sophisticated tactics to evade existing spam detection applications. This includes covering the tracks to the spammers, manipulating or hiding the commercial URLs, use of non-english words and phrases and a host of other methods. Typically a spam outbreak will only last a few hours and be launched from a network of zombie machines. To complicate the detection process, each message within the spam outbreak can be composed differently and employ more than one evasion technique. Phishing Detection: Phishing messages appear to be from genuine or credible sources. Like spam, phishing messages can be sent in any language or format in attacks that typically last only a few hours and can also be launched from zombie machines. www.commtouch.com Page 1

Email-borne Virus Detection: Like spam and phishing messages, each virus message can be packed differently in terms of its content and the characteristics of the executable files that include the virus. However, email-borne viruses and in particular worms, can be received from legitimate and trusted email sources that might have been previously infected and were unintentionally distributing the virus to others. Like spam and phishing, email-borne virus attacks often last for very short durations. Inbound vs. outbound detection: The positioning of the detection mechanism also raises additional challenges. Detecting spam as it enters or leaves a network requires different approaches. Inbound traffic is typically accompanied by a high percentage of spam. Outbound traffic typically consists of a majority of legitimate email increasing the chance for false positives (clean email detected as spam). Finding lower volume outbound spam also requires a dedicated approach. The Commtouch approach The Commtouch approach is based on the understanding that all threat outbreaks share some common characteristics, including: Most email messages within the outbreak have been altered to make it difficult to set blocking rules based on content analysis. Most outbreaks include millions of email messages to maximize the highest possible response rate and the greatest ROI for the attacker. Some attacks though, will be considerably smaller. Most outbreaks are released within a short period of time, requiring a realtime solution to detect the outbreak to limit or avoid the damage that can be incurred. The originators of the attacks invest heavily in disguising their origin to make it difficult to track the message back to them. Message Patterns Outbreaks which distribute spam, phishing, and email-borne viruses or worms, consist of messages intentionally composed differently in order to evade commonly-used filters. Nonetheless, all messages within the same outbreak share at least one or more unique, identifiable patterns or values which can be used to distinguish the outbreak. Some examples of these identifiable values: In the case of spam the objective is to lead the recipient to the same commercial web sites that can be classified as spam. www.commtouch.com Page 2

Pseudo-random combinations of the characters from the subject and body of the email will be repeated in an outbreak. Different spam attacks are often launched from the same network of zombie machines that can be blacklisted. In the case of phishing, the objective is often to lead the victims to the same set of faked URLs. Email-borne viruses always contain the same malicious code (otherwise it is a different virus or another instance of the same virus). All these are recurring values of typical outbreaks. These values are called the message patterns of the outbreak. Any message containing one or more of these unique patterns can be assumed with a great deal of certainty to be part of an outbreak and therefore spam. Message patterns can be divided into: Distribution patterns the characteristics of the senders (how many, location) and the volume of the emails sent over a period of time. Structure patterns random combinations of text from the header, and body of the message as well as URLs that are found to be repeated in different messages. An example of this approach is shown below. Note that no content analysis is required. Spam/phishing patterns extracted from message 取 /m 取 三 最 機 是 般 The challenges of message pattern classification include: Determining which message patterns identify outbreaks without generating cases of false positives. All outbreaks attempt to disguise messages as legitimate email correspondence pretending to arrive from trusted sources and therefore, solutions that are based on pattern analysis must be able to tell the difference between good and bad patterns and avoid making mistakes. Extracting and analyzing these patterns before the outbreak ends. Most outbreaks have a relatively short lifecycle measured in only a few www.commtouch.com Page 3

hours. Therefore, any solution that does not detect and classify messages in real-time will only be effective towards the end of the outbreak, when most of the damage has already been done. The challenges are made more complex by the fact that each new outbreak usually introduces completely new patterns that were not previously analyzed and are therefore unknown to the pattern analyzer. Because spammer tactics are constantly evolving, it is necessary to proactively identify new patterns in real-time in order to determine new outbreaks as they are released. Recurrent-Pattern Detection (RPD ) Technology Recurrent Pattern Detection (RPD) technology overcomes the challenges listed above to detect and classify all types of email-borne threat patterns in realtime. RPD is hosted in the Commtouch GlobalView Network, which proactively analyzes billions of Internet transactions daily. RPD, based on Commtouch s U.S. patent #6,330,590, extracts and then analyzes relevant message patterns, which are used to identify email-borne outbreaks. RPD classifies both distribution patterns and structure patterns and the analysis results are stored in a vast database of classifications. In addition to identifying new threat patterns, RPD is also used to modify or enhance classifications of already-identified message patterns. Local instances of RPD are used in the GlobalView Network to accurately detect low volume or regional Outbound Spam in conjunction with Commtouch s Outbound Spam Protection service. Global collection of Internet traffic & data Real-time analysis Queries and responses Query Resolution Real-time traffic: billions of Internet transactions daily Message Classification Email Analysis Recurrent Pattern Detection (RPD), Database of classifications Endpoints Message patterns are extracted from the message envelope, headers, and body with no reference to the message content. www.commtouch.com Page 4

RPD therefore has the following additional advantages RPD can be used to identify outbreaks in any language, message format, and encoding type. New outbreaks are identified within minutes. RPD is designed to distinguish between the patterns of solicited mass emails which represent legitimate business correspondence, such as newsletters, from those of unsolicited spam. Commtouch uses RPD in a highly scalable environment to deliver extremely high performance rates. RPD technology is fully automated and requires no human intervention. To ensure maximum privacy and business confidentiality, RPD analyzes hashed values of message patterns and not the open values nor the message content. RPD identifies nearly 100% of incoming threat messages with almost no cases of false positives. It is language-agnostic and is equally effective for all message formats and encoding types. Summary To effectively combat email-borne threats, a successful solution must address a growing number of challenges. Commtouch s RPD is a proactive detection technology that continues to outwit those who continue to invent new methods to propagate email-borne threats because it does not rely on the contents of the email and therefore, it is able to detect spam in any language and in every message format including: images, HTML, non-english characters, single and double byte character sets, etc. RPD technology offers: High spam detection rate with almost no cases of false positives Early detection of virus threats Protection against phishing attempts Content-agnostic threat protection Multi-language threat detection Multi-format threat detection RPD is used within Commtouch s Anti-Spam, GlobalView Mail Reputation, Outbound Spam Protection and Zero Hour Virus Outbreak Protection services. These services are available for fast integration into a wide range of service provider and vendor environments. Because RPD uses future-proof pattern analysis, it also provides the best protection of investment for service providers and vendors of messaging and security applications. www.commtouch.com Page 5

About Commtouch Commtouch (NASDAQ: CTCH) provides proven Internet security technology to more than 150 security companies and service providers for integration into their solutions. Commtouch s GlobalView and patented Recurrent Pattern Detection (RPD ) technologies are founded on a unique cloud-based approach, and work together in a comprehensive feedback loop to protect effectively in all languages and formats. Commtouch s Command Antivirus utilizes a multi-layered approach to provide award winning malware detection and industry-leading performance. Commtouch technology automatically analyzes billions of Internet transactions in real-time in its global data centers to identify new threats as they are initiated, enabling our partners and customers to protect end-users from spam and malware, and enabling safe, compliant browsing. The company s expertise in building efficient, massivescale security services has resulted in mitigating Internet threats for thousands of organizations and hundreds of millions of users in 190 countries. Commtouch was founded in 1991, is headquartered in Netanya, Israel, and has a subsidiary with offices in Sunnyvale, California and Palm Beach Gardens, Florida. Visit us: www.commtouch.com and blog.commtouch.com Email us: info@commtouch.com Call us: 650 864 2000 (US) or +972 9 863 6888 (International) Copyright 2011 Commtouch Software Ltd. Recurrent Pattern Detection, RPD, Zero-Hour and GlobalView are trademarks, and Commtouch, Authentium, Command Antivirus and Command Anti-malware are registered trademarks, of Commtouch. U.S. Patent No. 6,330,590 is owned by Commtouch..

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information