The Next Step in Outbound Email Protection. By Robert Mannal, CIPP, CISSP

Similar documents
Cisco IronPort C370 for Medium-Sized Enterprises and Satellite Offices

SESA Securing with Cisco Security Appliance Parts 1 and 2

Simplicity Value Documentation 3.5/5 5/5 4.5/5 Functionality Performance Overall 4/5 4.5/5 86%

Cisco IronPort X1070 Security System

Migration Project Plan for Cisco Cloud Security

IronPort C350 for Medium-Sized Enterprises and Satellite Offices

Cisco IronPort Security Appliances

Cisco IronPort Security Appliances

IronPort C300 for Medium-Sized Enterprises and Satellite Offices

Configuration Information

anomaly, thus reported to our central servers.

Core Protection Suite

European developer & provider ensuring data protection User console: Simile Fingerprint Filter Policies and content filtering rules

K7 Mail Security FOR MICROSOFT EXCHANGE SERVERS. v.109

Serial Deployment Quick Start Guide

COMBATING SPAM. Best Practices OVERVIEW. White Paper. March 2007

IronPort X1000 Security System

T E C H N I C A L S A L E S S O L U T I O N

Service Launch Guide (US Customer) SEG Filtering

Cisco IronPort C670 for Large Enterprises and ISPs

eprism Security Appliance 6.0 Intercept Anti-Spam Quick Start Guide

Cisco IronPort Security Appliances

eprism Security Appliance 6.0 Release Notes What's New in 6.0

IronPort C10 for Small and Medium Businesses

Protect Your Enterprise With the Leader in Secure Boundary Services

Core Filtering Admin Guide

Cisco C-Series and X-Series Security Appliances

IronPort X1060 Security System

Filter. SurfControl Filter 5.0 for SMTP Getting Started Guide. The World s #1 Web & Filtering Company

WEBSENSE SECURITY SOLUTIONS OVERVIEW

WatchGuard XCSv Setup Guide

Networking for Caribbean Development

FortiMail Filtering Course 221-v2.2 Course Overview

Trend Micro Hosted Security Stop Spam. Save Time.

Copyright 2011 Sophos Ltd. Copyright strictly reserved. These materials are not to be reproduced, either in whole or in part, without permissions.

Configuration Information

MESSAGING SECURITY GATEWAY. Detect attacks before they enter your network

IronPort C650 Security Appliance for Large Enterprises and ISPs

PROTECTING AND OPTIMIZING EXCHANGE ENVIRONMENTS:

SonicWALL Security Quick Start Guide. Version 4.6

WHAT S NEW IN WEBSENSE TRITON RELEASE 7.8

Internet Security Protecting Your Business. Hayden Johnston & Rik Perry WYSCOM

FortiMail Filtering Course 221-v2.0. Course Overview. Course Objectives

BitDefender Client Security Workstation Security and Management

Data Sheet: Endpoint Security Symantec Protection Suite Enterprise Edition Trusted protection for endpoints and messaging environments

1 You will need the following items to get started:

Evaluation Guide. eprism Messaging Security Suite V8.200

Reviewer s Guide. PureMessage for Windows/Exchange Product tour 1

CALNET 3 Category 7 Network Based Management Security. Table of Contents

Cisco Security Appliances

How To Configure Forefront Threat Management Gateway (Forefront) For An Server

BitDefender for Microsoft ISA Servers Standard Edition

On and off premises technologies Which is best for you?

World-class security solutions for your business. Business Products. C a t a l o g u e

Identifying Broken Business Processes

Trend Micro Encryption (TMEE) Delivering Secure . Veli-Pekka Kusmin Pre-Sales Engineer

WHITE PAPER. Safeguarding your Infrastructure INSIDE MODUS TECHNOLOGY

are some of the key drivers behind mandates from executives to move IT infrastructure from on-premises to the cloud.

Key Findings. Websense Triton Security Gateway Anywhere

WATCHGUARD IRONPORT KEY SALES PITCH TRUTH BEHIND THE PITCH

ZSCALER SECURITY CLOUD FOR LARGE AND MEDIUM ENTERPRISE

FILTERING FAQ

Data Sheet: Messaging Security Symantec Brightmail Gateway Award-winning messaging security for inbound protection and outbound control

Powerful and reliable virus and spam protection for your GMS installation

Modular Network Security. Tyler Carter, McAfee Network Security

Quarantined Messages 5 What are quarantined messages? 5 What username and password do I use to access my quarantined messages? 5

100% Malware-Free A Guaranteed Approach

Symantec Protection Suite Small Business Edition


TRENDS IN THE THREAT LANDSCAPE

Best Practice Settings

Signal Customized Helpdesk Course

Solution Brief: Enterprise Security

Section 12 MUST BE COMPLETED BY: 4/22

No per user or mail box pricing restrictions. Bundled pricing integrated with Antispam, Antivirus, Antispyware and Antimalware

Xerox Multifunction Devices. Network Configuration. Domain 2. Domino Server 2. Notes. MIME to Notes. Port. Domino. Server 1.

Jort Kollerie SonicWALL

QUESTION: 1 Which of the following are valid authentication user group types on a FortiGate unit? (Select all that apply.)

Comprehensive Anti-Spam Service

Network Security. Protective and Dependable. 52 Network Security. UTM Content Security Gateway CS-2000

The Leading Security Suites

Web Security Update. A Radicati Group, Inc. Webconference. The Radicati Group, Inc. Copyright March 2010, Reproduction Prohibited

Unified Threat Management, Managed Security, and the Cloud Services Model

Stop Spam. Save Time.

Deploying Layered Security. What is Layered Security?

Small and Midsize Business Protection Guide

Symantec Brightmail Gateway Real-time protection backed by the largest investment in security infrastructure

Intercept Anti-Spam Quick Start Guide

Gateway Security at Stateful Inspection/Application Proxy

Hosted CanIt. Roaring Penguin Software Inc. 26 April 2011

INLINE INGUARD GUARDIAN

Choose Your Own - Fighting the Battle Against Zero Day Virus Threats

Introducing IBM s Advanced Threat Protection Platform

V1.4. Spambrella Continuity SaaS. August 2

Websense Security Transition Guide

World-class security solutions for your business. Kaspersky. OpenSpaceSecurity

ExchangeDefender. Understanding the tool that can save and secure your business

IronPort C660 Security Appliance for Large Enterprises and ISPs

Cisco Security Appliances

Transcription:

The Next Step in Outbound Email Protection By Robert Mannal, CIPP, CISSP

Background and Issues Some observers are crediting email with building the Internet; reflecting that it may be the killer app that has spurred Internet growth. 1 There is no question that email has become a way of life worldwide, both in corporate environments and for personal use. Some of its advantages as a communication medium are its low cost, ubiquity, speed, and ability to provide records (logs) of communications. Most companies would agree that they would suffer significantly if their email communications were out for only a few hours. It is not surprising that opportunists moved quickly into the world of email. With its large and growing size, relatively open and trusting environment it is (and remains) a fertile field for bad people. The first wave of mis-use was broadcast SPAM, originally directed as advertising. 2 The bad people morphed the broad advertising reach into phishing 3 offers 4, which has evolved into spear phishing 5 offers. Some observers have estimated that 85-95% of email traffic today is SPAM, with the cost to the Internet system in excess bandwidth, blocking SPAM, etc., running into billions of dollars. One of the features of SPAM email is its ability to include enticing attachments, for example, Click here to see our free offer. The bad people use this feature to embed different spyware and tools on the user s computer. One effective tool for the bad people is a keylogger which captures all the key strokes that a user makes and sends them back to the bad person. The perpetrator then studies the key strokes and is quickly able to identify passwords and credit card numbers. To protect against these attacks most enterprises employ a defense-in-depth strategy, with firewalls acting as the first line, blocking any traffic that is not allowed, and forcing appropriate (yet risky) traffic through the assigned ports. For example, Port 25 is designated for Simple Mail Transfer Protocol or SMTP, which carries the bulk of email traffic. Once through the firewall, email usually goes to an email gateway 6, which is usually configured in the following fashion: Most companies would agree that they would suffer significantly if their email communications were out for only a few hours. mail.domain.com mail.otherdomain.com Internet uplink Routers/Switch ports Email Gateway Workstations 1 http://c2.com/cgi/wiki?killerapp 2 See http://en.wikipedia.org/wiki/spam_(electronic) for a description of SPAM 3 http://en.wikipedia.org/wiki/phishing 4 http://en.wikipedia.org/wiki/advance_fee_fraud 5 http://www.microsoft.com/protect/yourself/phishing/spear.mspx 5 http://www.iceteks.com/articles.php/emailgateway/2

On the email gateway, which is a server, the enterprise system administrator places the second level of protective devices, e.g., Anti-Virus, Anti-SPAM and other Malware protection. 7 These defensive products are based on signatures of known viruses or SPAM origination locations, and when a match is made, the proactive application instructs the email gateway to drop the incoming message. This has become a relatively mature area, to the point where system administrators using available tools, are able to block the vast majority of attacks. Today, the root cause of most successful attacks is when the Anti-Virus, Anti-SPAM and Malware protection applications have not been religiously applied. Traditionally, the bulk of email protection has focused on protecting the system from incoming messages. However, recent events have shown that a significant risk to an enterprise is information flowing out, rather than an attack coming in. This has resulted in companies deploying Data Leak Protection (DLP) products to monitor and protect their sensitive information. One approach is to put the DLP product on the email gateway, so that outbound email can be screened at the same location and by the same piece of equipment as the inbound email, thereby reducing the number of boxes or discrete products that have to be maintained. This email gateway can then be directed to take action on a hit, or when an outbound email contains sensitive information that should not be sent, choices can be: 1. Block the email, with appropriate notification going to the sender 2. Quarantine the email, for review by an administrator to see why it was not sent, and then has the responsibility to send it along or block it and send a notification to the sender. 3. Self-remediation, where the email is blocked, and a notice sent back to the originator saying why it was blocked, asking if he still wants to send it. Of course, all this activity is logged. 4. Encrypt the email. In these cases, the sensitive information is allowed to leave the enterprise but only if it is encrypted. An example would be a person s medical records. To protect against these attacks most enterprises employ a defense-in-depth strategy, with firewalls acting as the first line, blocking any traffic that is not allowed, and forcing appropriate (yet risky) traffic through the assigned ports. The integration of outbound protection in existing equipment appears to be an attractive solution. However, the email gateway is usually optimized in an appliance to handle relative small signature comparisons rapidly. Examination of outbound email, especially sensitive information in unstructured data, requires a larger memory and potentially faster processors. Adding DLP to the email gateway to screen for Regular Expressions, like Social Security or Credit Card Numbers, works to some degree, but if the sender obfuscates them in any way, the information will pass through. Moreover, it doubtful that it will pick up any sensitive information in unstructured data, such as the terms and conditions of a merger/acquisition, details around a product launch, or other corporate Intellectual Property (IP). 7 http://en.wikipedia.org/wiki/malware

Solution In order to block the leakage of IP, an enterprise should put in a fully featured Data Leak Protection product that uses multiple detection engines, capable of identifying sensitive information in unstructured data. This can be placed in front of an existing email gateway, providing the higher level of granularity needed for screening outbound traffic, while using the existing equipment for inbound protection. An example would be: Reviewer Vericept Console User Mail Server (Exchange, Domino) Vericept Protect IronPort Email Gateway Cisco Encryption Encryption In this configuration, the internal email server sends all outbound mail to the Vericept Protect product. Vericept scans for sensitive information, and takes the appropriate action. When encryption is required, Vericept sends the message to the encryption engine, which then sends it to the email gateway. Traditionally, the bulk of email protection has focused on protecting the system from incoming messages. Cisco/IronPort Cisco s IronPort division offers a wide range of appliances aimed at blocking Viruses, SPAM and other Malware, and includes content filtering along with encryption for outbound email. The content filtering is for regular expressions, but not for data that are more complex. The content filters on IronPort C-Series appliances identify messages to be encrypted, based on compliance and business considerations. Once encrypted, IronPort PXE messages continue through the mail pipeline for DKIM signing and delivery. The chart below shows the IronPort encryption and key management process. 8 Content Scanning Compliance Filters No Encrypt DomainKeys Signing MTA Encrypt IronPort PXE Encryption Store Message Key Key Service (Hosted of Local) 8 h http://www.ironport.com/technology/ironport_pxe_encryption.html

Merging Vericept s Protect product with its unparalleled ability to find sensitive information in unstructured data, with Cisco s IronPort products provides the optimum solution for an enterprise in protecting an enterprise s sensitive information. Depending upon the enterprise s policy, outbound email can be blocked, sent back for reconsideration, quarantined, or encrypted. Meanwhile, using the same email gateway, inbound email containing viruses, spam and other malware can be blocked with state-of-the-art equipment. The result is an optimum solution; an appliance designed to rapidly handle the high volume of inbound attacks, and a powerful contextual linguistic tool to examine the information in unstructured outbound messages, filtering and encrypting them as per policy. Robert Mannal, CIPP, CISSP With more than 25 years of experience in the security and networking arena, Robert is a Senior Manager, Product Marketing and Management at Vericept. Previously, he held management positions at Network Engines, in the Information Risk Management Practice (IRM) of KPMG, at Security Dynamics (now RSA), and at Codex (Motorola). Mannal holds an MBA in Marketing from Wharton School of Business and is Certified Information Privacy Professional (CIPP) and a Certified Information Systems Security Professional (CISSP). Vericept scans for sensitive information, and takes the appropriate action. When encryption is required, Vericept sends the message to the encryption engine, which then sends it to the email gateway. Vericept Corporation Reservoir Place 1601 Trapelo Road, Suite 140 Waltham, MA 02451 555 Seventeenth Street Suite 1500 Denver, CO 80202 800.262.0274 www.vericept.com

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information