SR B10: Improving Antispam Effectiveness and Protecting Against Threats with Submissions 2.0 Angelos Kottas, Sr. Manager, Product Management Amanda Grady, Sr. Product Manager SR B10: Submissions 2.0 1
Agenda 1 How Symantec Back-end Systems Work Today 2 Key Challenges 3 Introducing the Symantec Email Submission Client 4 Introducing Submissions 2.0 5 Q & A SR B10: Submissions 2.0 SYMANTEC VISION 2012 2
How Symantec Back-end Systems Work Today SR B10: Submissions 2.0 3
Symantec Back-end Systems: Email Security Global Intelligence Network Skeptic Link Following Heuristics Threat Intelligence Human Machine Content + IP Rules Messages Probes Submissions Statistics Rules Firing 4 Messages Blocked SR B10: Submissions 2.0 SYMANTEC VISION 2012
Reconnaissance Global Intelligence Network World leading sensor breadth and depth Global footprint across consumer, enterprise, and service provider Newly emerging intelligence feeds Phishing Norton Good Reputation Messaging Intelligence within the GIN: Industry leading patented Probe Network Submissions Symantec.cloud feeds of emerging threats via Skeptic SR B10: Submissions 2.0 SYMANTEC VISION 2012 5
Analysis Human Analysts Globally distributed Email Security Group (ESG) Coverage for 11 languages Human analysis of new attacks and synthesis of predictive filters Human remediation of false positives Tight coupling between analyst systems and automation teams Machine Automation Statistical Analysis Analysis Platform Vector Processing Engine Technology based Analyzers URL Analyzers IP Analyzers Scenario based Analyzers Hit and Run Analyzer Phishing Analyzer Symantec.Cloud analysis Heuristics Link Following SR B10: Submissions 2.0 SYMANTEC VISION 2012 6
Feedback Optimization Synchronization process through the conduit enables visibility into in-field firing rates Poorly performing rules are culled based on stats feedback Customer probe participation and URI Probes increase visibility into attack vectors specific to our customer base Remediation False Positives are processed by ESG Analysts False Negatives are analyzed and promoted to global ruleset SR B10: Submissions 2.0 SYMANTEC VISION 2012 7
Key Challenges SR B10: Submissions 2.0 8
Key Challenges Today Submissions are difficult: Preserving headers Remembering non-intuitive submission addresses Manual and error-prone Taking action is error probe: End users may submit legitimate email, or bulk/marketing mail that is considered unwanted by some customers but legitimate by other customers. Aggressive automation runs the risk of false positives Feedback is limited Global pool of millions of submissions, undifferentiated by customer Lack of concrete actions driven by a specific submission Need to integrate between on-prem gateway and cloud-based repository and reporting SR B10: Submissions 2.0 SYMANTEC VISION 2012 9
Introducing the Symantec Email Submission Client MAKING IT SIMPLE TO SUBMIT SR B10: Submissions 2.0 10
Antispam Effectiveness 101 Symantec Probe Network Global Intelligence Network Manual Submissions More Submitters More Samples Greater Accuracy Faster Submissions Quicker Rule Creation More spam blocked SR B10: Submissions 2.0 SYMANTEC VISION 2012 11
Symantec Email Submission Client (SESC) An application to allow Symantec customers to streamline the submission of spam/unwanted mail samples to Symantec using Microsoft Exchange. Simply dragging a message to the Missed Spam folder activates submission. No agent or application to be deployed to the end user desktop. Support for all rich Exchange clients (OWA, Blackberry, ios, IMAP, etc) SR B10: Submissions 2.0 SYMANTEC VISION 2012 12
Keeping it simple.. SESC is free to all Mail Security for Microsoft Exchange and Messaging Gateway customers. Available Today! Standalone Windows 2008 x64 application, supports MS Exchange 2007 & 2010. Tight integration with AD to enable controlled deployment. No end-user agent to manage or support. No training/learning curve for End Users. Ability to moderate user submissions before they are sent to Symantec. SR B10: Submissions 2.0 SYMANTEC VISION 2012 13
Submission Modes Explained Direct Submission Mode Moderated Submission Mode Customised Submission Mode Enabled end users can submit directly to Symantec. Submissions from end users are directed to a moderator. Moderator(s) decide if message should be submitted to Symantec. A combination of both direct and moderated modes. Some users can submit directly, some users are moderated. SR B10: Submissions 2.0 SYMANTEC VISION 2012 14
Submission Mode Example Warehouse Staff Moderated Executives All Moderated CTO - Direct Messaging Admin Moderators & Direct SR B10: Submissions 2.0 SYMANTEC VISION 2012 15
Automated Probe Network Participation Automated Probe Network participation Part of Symantec Messaging Gateway Streamlines participation of all enterprises in patented Probe Network Improves antispam effectiveness Globally Tailored to customer traffic SR B10: Submissions 2.0 SYMANTEC VISION 2012 16 16
Introducing Submissions 2.0 SR B10: Submissions 2.0 17
Disclaimer: This information is about pre-release software. Any unreleased update to the product or other planned modification is subject to ongoing evaluation by Symantec and therefore subject to change. This information is provided without warranty of any kind, express or implied. Customers who purchase Symantec products should make their purchase decision based upon features that are currently available. SR B10: Submissions 2.0 SYMANTEC VISION 2012 18
Next-Generation Email Protection Filtering Technology Context Global (Across all customers) Local (Tailored to an individual customer) IP Reputation (Who sent the email) Global reputation: Symantec Bad Sender List Third Party Bad Sender Lists Local reputation: Connection Classification Content (What does the email say) Global Spam Rules Customer-Specific Rules SR B10: Submissions 2.0 SYMANTEC VISION 2012 19
Submissions 2.0 Vision Three core concepts: Streamline and drive customer submissions of missed spam or false positives to Symantec Integrate submissions into custom rules to improve local effectiveness without impacting global accuracy Provide end-to-end visibility into submissions and their impact Customer A Submissions Customer-specific Rules Global Rules Customer B Customer-specific Rules Submissions SR B10: Submissions 2.0 SYMANTEC VISION 2012 20
Submissions 2.0 Vision Streamlined submissions Deliver an API to enable verified HTTPS submissions to Symantec Develop tools to streamline submission on the most popular messaging platforms (starting with Symantec Email Submission Client) Simplify and better document existing RFC-compliant submissions over email RFC-Compliant Email Submissions e.g. MS Exchange API-based HTTPS Submissions (SESC) SR B10: Submissions 2.0 SYMANTEC VISION 2012 21
Submissions 2.0 Vision Improved effectiveness Define custom filters based on submissions Deliver as a distinct disposition from global spam rules, and allow groupbased application of customer-specific spam disposition Automate creation and removal of custom rules based on false negative / false positive submissions Customize submitter roles and submission thresholds Cust. A Key Global Rules Cust. B Customer-Specific Rules Cust. C SR B10: Submissions 2.0 SYMANTEC VISION 2012 22
Submissions 2.0 Vision Improved visibility into submissions - enhanced reports for viewing submission activity Valid/invalid submissions Actions taken based on submissions Top submitters Impact of customer-specific filters (messages caught, etc.) Detailed reporting for individual submission status SMG Reporting Dashboard XML Feed SR B10: Submissions 2.0 SYMANTEC VISION 2012 23
Submission Details Report SR B10: Submissions 2.0 SYMANTEC VISION 2012 24
BLOC Aztec Mail User Mobile Mail User SR B10: Submissions 2.0 SYMANTEC VISION 2012 25
Coming in Symantec Messaging Gateway 10.0 Public Beta commenced on May 7 th, 2012 Sign up for the Beta at the following link: https://symbeta.symantec.com/callout/?callid=2814abc85bc04b879be3 34FAD97955B3 Or to keep it simple: http://tinyurl.com/smg10beta Release planned for second half of 2012 SR B10: Submissions 2.0 SYMANTEC VISION 2012 26
Thank you! Angelos Kottas: angelos_kottas@symantec.com Amanda Grady: amanda_grady@symantec.com Copyright 2012 Symantec Corporation. All rights reserved. Symantec and the Symantec Logo are trademarks or registered trademarks of Symantec Corporation or its affiliates in the U.S. and other countries. Other names may be trademarks of their respective owners. This document is provided for informational purposes only and is not intended as advertising. All warranties relating to the information in this document, either express or implied, are disclaimed to the maximum extent allowed by law. The information in this document is subject to change without notice. SR B10: Submissions 2.0 27