Best Practices for Evaluating Anti-spam Solutions

Similar documents

Spam Testing Methodology Opus One, Inc. March, 2007

The Role of Country-based Filtering In Spam Reduction

Websense Web Security Solutions. Websense Web Security Gateway Websense Web Security Websense Web Filter Websense Express Websense Hosted Web Security

Protecting the Infrastructure: Symantec Web Gateway

Opus One PAGE 1 1 COMPARING INDUSTRY-LEADING ANTI-SPAM SERVICES RESULTS FROM TWELVE MONTHS OF TESTING INTRODUCTION TEST METHODOLOGY

How to Access Your Private Message Center if you need more control

Enterprise Buyer Guide

Comparing Industry-Leading Anti-Spam Services

Next Generation IPS and Reputation Services

Simplicity Value Documentation 3.5/5 5/5 4.5/5 Functionality Performance Overall 4/5 4.5/5 86%

eprism Security Appliance 6.0 Intercept Anti-Spam Quick Start Guide

When Reputation is Not Enough. Barracuda Security Gateway s Predictive Sender Profiling. White Paper

Websense Messaging Security Solutions. Websense Security Websense Hosted Security Websense Hybrid Security

Choose Your Own - Fighting the Battle Against Zero Day Virus Threats

How to Use the Greymail Spam Filter

Spam Classification Techniques

Websense Web Security Solutions. Websense Web Security Gateway Websense Web Security Websense Web Filter Websense Hosted Web Security

Websense Web Security Solutions

Hybrid Wide-Area Network Application-centric, agile and end-to-end

PROTECTING YOUR MAILBOXES. Features SECURITY OF INFORMATION TECHNOLOGIES

Report on Government Information Requests

Securing the Borderless Enterprise

Worry-Free Business Security 6.0. External FAQ

INTERNATIONAL COMPARISONS OF HOURLY COMPENSATION COSTS

Best Practices for a BYOD World

Configuring DHCP for ShoreTel IP Phones

Foreign Taxes Paid and Foreign Source Income INTECH Global Income Managed Volatility Fund

How To Create A Spam Detector On A Web Browser

Spam Filtering using Naïve Bayesian Classification

Integrating CaliberRM with Software Configuration Management Tools

Security 8.0 User Guide

Intercept Anti-Spam Quick Start Guide

STPIC/Admin/002/ / Date: Sub: Quotation for purchase/renewal of Anti Virus Software Reg.

How To Run A Realtime Blackhole List (Rbl) In Hkong Kong Ken Kong

Review of R&D Tax Credit. Invitation for Submissions

Anti Spam Best Practices

FireEye Threat Prevention Cloud Evaluation

Threat Trend Report Second Quarter 2007

TRUSTWAVE SEG SPAMCENSOR EXPLAINED

About this documentation

Recurrent Patterns Detection Technology. White Paper

Report on Government Information Requests

CaliberRM / LDAP Integration. CaliberRM

Sybase Solutions for Healthcare Adapting to an Evolving Business and Regulatory Environment

ContentCatcher. Voyant Strategies. Best Practice for Gateway Security and Enterprise-class Spam Filtering

The versatile solution of anti-spam, personal backup and recovery, easy security policy management and enforcement.

MXSweep Hosted Protection

Antispam Security Best Practices

Tightening the Net: A Review of Current and Next Generation Spam Filtering Tools

The Dirty Secret Behind the UTM: What Security Vendors Don t Want You to Know

SPAM: 101 Cause and Effect

[NUGENESIS SAMPLE MANAGEMENT ] AMPLE IMPROVING LAB EFFICIENCY, ANAGEMENT ACCELERATING BUSINESS DECISIONS. bigstock.com $69

Report on Government Information Requests

Ipswitch IMail Server with Integrated Technology

Intent Based Filtering: A Proactive Approach Towards Fighting Spam

Trend Micro Hosted Security Stop Spam. Save Time.

International Equity Investment Options for 401(k) Plans

When Reputation is Not Enough: Barracuda Spam Firewall Predictive Sender Profiling. White Paper

Symantec Messaging Gateway powered by Brightmail

Handling Unsolicited Commercial (UCE) or spam using Microsoft Outlook at Staffordshire University

Security. on your terms SOFTSCAN

Powerful and reliable virus and spam protection for your GMS installation

WANT TO STRENGTHEN YOUR CUSTOMER RELATIONSHIPS? THE RIGHT SALES STRATEGY WILL HELP

DOMINION GLOBALIZATION WORKSHOP

GE Grid Solutions. Providing solutions that keep the world energized Press Conference Call Presentation November 12, Imagination at work.

On What Resources and Services Is Education Funding Spent?

Symantec Protection Suite Small Business Edition A simple, effective and affordable solution designed for small businesses

Copyright Information. Confidentiality Notice. Anti-Spam Evaluation Guide Confidential November 2009 Page 2 of 16

EXPLANATION OF COMMON SPAM FILTERING TECHNIQUES WHITEPAPER

Responding to Healthcare s Most Urgent Business Issues. Gundersen Lutheran Health System Case Study

Test Report October InterScan Messaging Security Suite. Anti-Spam Technology Report

Technology Blueprint. Protect Your . Get strong security despite increasing volumes, threats, and green requirements

INSIDE. Neural Network-based Antispam Heuristics. Symantec Enterprise Security. by Chris Miller. Group Product Manager Enterprise Security

Cisco Conference Connection

How many students study abroad and where do they go?

Commtouch RPD Technology. Network Based Protection Against -Borne Threats

When Reputation is Not Enough: Barracuda Spam & Virus Firewall Predictive Sender Profiling

Shared Incident Response

Cisco Smart Care Service

Symantec AntiVirus Enterprise Edition

ITU WSIS Thematic Meeting on Countering Spam: The Scope of the problem. Mark Sunner, Chief Technical Officer MessageLabs

Office 365. Service Overview with a focus on Identity Federation and Directory Synchronization. Jono Luk, Program Manager jluk@microsoft.

Adaptive Filtering of SPAM

GLOBAL HRMONITOR NEW DIMENSIONS IN ONLINE HR INFORMATION TALENT HEALTH RETIREMENT INVESTMENTS

Cisco IOS Public-Key Infrastructure: Deployment Benefits and Features

CES 9 Virtualization. Reducing costs and improving operations in service provider IT environments

BT Connect Networks that think

Peak Hosting, founded in 2001, provides comprehensive ITas-a-service

Radware s Attack Mitigation Solution On-line Business Protection

PREVENTING WORM AND VIRUS OUTBREAKS WITH CISCO SELF-DEFENDING NETWORKS

Quick Reference. Administrator Guide

The Cost of Movie Piracy. An analysis prepared by LEK for the Motion Picture Association

It s critical to be able to correlate threats pre-emptively and respond to them immediately.

Cisco Security Intelligence Operations

CONSUMERS' ACTIVITIES WITH MOBILE PHONES IN STORES

Agenda. Company Platform Customers Partners Competitive Analysis

IDS or IPS? Pocket E-Guide

Systems Managed Service

Building a Global Internet Company: Driving Traffic to Your Site. Benjamin Edelman Harvard Business School

ZSCALER SECURITY CLOUD FOR LARGE AND MEDIUM ENTERPRISE

Transcription:

Nathan Turajski Jamz Yaneza Best Practices for Evaluating Anti-spam Solutions VB 2005, Dublin, Ireland

Benchmarking Validation Methodologies Accurate Comprehensive Fair Filtering Techniques Pattern matching, Heuristics, IP blocking, Whitelist/Blacklist, Challenge/Response, Community..

Anti-spam Solutions Current Solutions Software Appliance Services Legislation Methods Catch rate (effectiveness) Error rate (accuracy)

Content Defined Spam UCE, commercial bulk mail Consumers: well defined Enterprise: borderline Non-spam Appropriate, predictable, traceable Graymail Inappropriate to environment Requires exception capability

Factors for Evaluating Solutions Primary Effectiveness Accuracy Resiliency Secondary Administration Integration

Testing Failures Confused spam type classification Non real-world environment Short-term testing cycle Fixed regional origins Fixed language type Non-relative industry. Etc.

Spam Trends Estimates vary, but the total amount was usually agreed to have passed 40% by the beginning of 2002 Email was 50% SPAM by January of 2003 65% of all email was SPAM by 2004 Almost 80% of all email is currently either unwanted advertising or virus-ridden

Evaluation Guidelines Valid vs. illegitimate mail sampling over time period spam/month

30% Monthly Spam Growth (2005) Total Spam Mails Received 250000 232,194 200000 150000 163,425 202,867 183,269 100000 50000 0 March April May June

Evaluation Guidelines Predominant language English vs. Non-english New Spam Mails Received June, 46% May, 62% April, 51% March, 66% English Non-English March, 34% April, 49% May, 38% June, 54%

Evaluation Guidelines What Country does Spam like the Most? 2.97% 3.83% 2.77% 3.94% 2.21% 2.05% 1.84% 10.34% 21.42% 21.78% China United States Republic of Korea Brazil Japan France Spain Taiwan Israel Germany Point of origin broad mixed sampling Spam Countries Brazil 4% Japan 3% Spain 3% Germany 2% Poland 2% Republic of Korea 31% Switzerland 4% France 5% http://www.trendmicro.com/spam-map/default.asp United States 20% China 26%

Industry definitions Evaluation Guidelines overlap of needs vs. excess 8% Spam Categories 10% 18% 24% 36% 4% 23% 1% Adult 19% Bad Samples Commercial 8% 3% Financial Health 14% Others Non-English 32%

Chinese Language (traditional) Traditional Chinese (snapshot) Work Spiritual 0.3% Sexual 7% Health 4% Financial 22% Education 4% Spiritual Sexual Health Financial Education Commercial Other Work 23% Other 2% Commercial 38% Summary: 38% commercial offers, 23% work related, 22% financial, 7% sex related

Chinese Language (simplified) Sexual 5% Spiritual 0.04% Health 2% Simplified Chinese (snapshot) Financial 17% Education 4% Work Spiritual Sexual Health Financial Education Commercial Work 1% Other 2% Other Summary: Commercial 69% 69% commercial offers, 17% financial, 7% sex related, 4% education

German Language Health 1% Financial 1% Commercial 12% German (snapshot) Sexual Health Financial Commercial Other Sexual 15% Other 71% Summary: 15% sex related, 12% commercial, 71% mixed offers

Evaluation Guidelines Timeliness update frequency distribution strain on network/system correction efficiency

Evaluation Guidelines Summary Efficiency and accuracy dependent on spam classification and audience Used testing samples to be valid and fixed Overall results used for evaluation False positive graymail vs. legitimate mail Unmodified message delivery

Other Considerations Product configuration and tuning Out of the box state Vendor recommended tuning Tolerance rating based on audience target Long-term testing timeframe

Other Considerations Filter technique testing Signature matching Focus: catch efficiency and update timeliness Heuristic rules Focus: false positive rate and mitigation tools Hybrid techniques Focus: accuracy and update timeliness IP filtering Focus: delivery efficiency and mitigation tools

Other Considerations Performance Deployment time Management reporting tools Update overheard Message latency

SUMMARY Comprehensive evaluation includes scalability and resiliency long term performance customer specific goals exception handling minimal administration

Questions?

Mass-mailing malware spam Malware Tracking Center # of reported infections (uniqe) 2,000,000 1,500,000 1,000,000 500,000 0 January February March April May June July August September October November December 2002 2003 2004 Bulk-mailing Malware Summary: 2003, due to Mimail, Blaster, and Sobig 2004, due to Bagle, Mydoom, Netsky, and Sasser