Global Reputation Monitoring The FortiGuard Security Intelligence Database WHITE PAPER



Similar documents
FortiMail Filtering Course 221-v2.2 Course Overview

WHITE PAPER. FortiWeb and the OWASP Top 10 Mitigating the most dangerous application security threats

FortiMail Filtering Course 221-v2.0. Course Overview. Course Objectives

FortiMail Comprehensive Security System for Enterprises and Service Providers

FortiBalancer: Global Server Load Balancing WHITE PAPER

FortiMail Filtering. Course for FortiMail v4.0. Course Overview

FortiMail Filtering. Course 221 (for FortiMail v5.0) Course Overview

eprism Security Appliance 6.0 Intercept Anti-Spam Quick Start Guide

Fortinet Certified Network Security Administrator

Intercept Anti-Spam Quick Start Guide

FortiGate Multi-Threat Security Systems I Administration, Content Inspection and SSL VPN Course #201

WHITE PAPER. FortiWeb Web Application Firewall Ensuring Compliance for PCI DSS 6.5 and 6.6

FortiMail Filtering. Course 221 (for FortiMail v4.2) Course Overview

TRUSTWAVE SEG SPAMCENSOR EXPLAINED

Technical Note. ISP Protection against BlackListing. FORTIMAIL Deployment for Outbound Spam Filtering. Rev 2.2

MXSweep Hosted Protection

FortiGuard Security Services

Vulnerability Management for the Distributed Enterprise. The Integration Challenge

Overview. Where other. Fortinet protects against the fullspectrum. content- and. without sacrificing performance.

Fighting Advanced Threats

Copyright 2011 Sophos Ltd. Copyright strictly reserved. These materials are not to be reproduced, either in whole or in part, without permissions.

GFI Product Comparison. GFI MailEssentials vs Barracuda Spam Firewall

escan Anti-Spam White Paper

How To Protect Your From Spam On A Barracuda Spam And Virus Firewall

Symantec Messaging Gateway 10.6

Spam Filtering at CERN Emmanuel Ormancey - 23 October 2002

Comprehensive Anti-Spam Service

Solution Brief FortiMail for Service Providers. Nathalie Rivat

Spam Classification Techniques

WHITE PAPER. Understanding How File Size Affects Malware Detection

Comprehensive Filtering. Whitepaper

Symantec Messaging Gateway 10.5

Cisco Security Intelligence Operations

SPEAR PHISHING AN ENTRY POINT FOR APTS

PROTECTING YOUR MAILBOXES. Features SECURITY OF INFORMATION TECHNOLOGIES

FORTIGUARD SERVICES: REAL TIME RESPONSE TO SECURITY THREAT OUTBREAKS

Do you need to... Do you need to...

MailMarshal SMTP 2006 Anti-Spam Technology

Fortigate Features & Demo

High Performance NGFW Extended

WEBTHREATS. Constantly Evolving Web Threats Require Revolutionary Security. Securing Your Web World

Anti Spam Best Practices

Commtouch RPD Technology. Network Based Protection Against -Borne Threats

Technical Note. FORTIMAIL Configuration For Enterprise Deployment. Rev 2.1

Emerging Trends in Fighting Spam

Ipswitch IMail Server with Integrated Technology

When Reputation is Not Enough: Barracuda Spam & Virus Firewall Predictive Sender Profiling

How To Integrate Hosted Security With Office 365 And Microsoft Mail Flow Security With Microsoft Security (Hes)

High performance security for low-latency networks

Mailwall Remote Features Tour Datasheet

Securing your IOT journey and beyond. Alvin Rodrigues Market Development Director South East Asia and Hong Kong. What is the internet of things?

Total Cost of Ownership: Benefits of Comprehensive, Real-Time Gateway Security

Solution Brief: Enterprise Security

The Network Box Anti-Spam Solution

2012 North American Enterprise Firewalls Market Penetration Leadership Award

Reviewer s Guide. PureMessage for Windows/Exchange Product tour 1

The Leading Security Suites

The Global Attacker Security Intelligence Service Explained

Government of Canada Managed Security Service (GCMSS) Annex A-5: Statement of Work - Antispam

CYBEROAM UTM s. Outbound Spam Protection Subscription for Service Providers. Securing You. Our Products.

1Fortinet. 2How Logtrust. Firewall technologies from Fortinet offer integrated, As your business grows and volumes of data increase,

eprism Security Appliance 6.0 Release Notes What's New in 6.0

No per user or mail box pricing restrictions. Bundled pricing integrated with Antispam, Antivirus, Antispyware and Antimalware

Veranderende bedreigingen Security in het virtuele datacenter

Cloud Firewall. 1. Introduction. a. What is Spam?

ANTI-SPAM SOLUTIONS TECHNOLOGY REPORT FEBRUARY SurfControl Filter.

Trend Micro Hosted Security Stop Spam. Save Time.

The Growing Problem of Outbound Spam

Cloud Services. Anti-Spam. Admin Guide

Enabling Secure BYOD How Fortinet Provides a Secure Environment for BYOD

Comprehensive Filtering: Barracuda Spam Firewall Safeguards Legitimate

An Overview of Spam Blocking Techniques

Top 10 Features: Clearswift SECURE Gateway

Next Generation IPS and Reputation Services

PineApp Anti IP Blacklisting

Mobile Configuration Profiles for ios Devices Technical Note

When Reputation is Not Enough. Barracuda Security Gateway s Predictive Sender Profiling. White Paper

MDaemon configuration recommendations for dealing with spam related issues

Spam DNA Filtering System

How Shared Security Intelligence Can Better Stop Targeted Attacks

Technical Information

COMBATING SPAM. Best Practices OVERVIEW. White Paper. March 2007

Image Based Spam: White Paper

Cisco Security IntelliShield Alert Manager Service

REPUTATION-BASED MAIL FLOW CONTROL

Symantec Protection Suite Add-On for Hosted and Web Security

When Reputation is Not Enough: Barracuda Spam Firewall Predictive Sender Profiling. White Paper

System Compatibility. Enhancements. Operating Systems. Hardware Requirements. Security

Trend Micro Hosted Security Stop Spam. Save Time.

Symantec Security.cloud - Skeptic Whitepaper

isheriff CLOUD SECURITY

MSSP Advanced Threat Protection Service

Data Sheet: Messaging Security Symantec Brightmail Gateway Award-winning messaging security for inbound protection and outbound control

Government of Canada Managed Security Service (GCMSS) Attachment 2.1: Historical Information

I D C V E N D O R S P O T L I G H T. F o r t i f yi n g D a t a S e c ur i t y D e f e n s es w ith Ad va n c e d I n t e l l i g e n c e Servi c e s

Evaluation Guide. eprism Messaging Security Suite V8.200

Software Engineering 4C03 SPAM

Symantec Messaging Gateway powered by Brightmail

WEBSENSE SECURITY SOLUTIONS OVERVIEW

Transcription:

Global Reputation Monitoring The FortiGuard Security Intelligence Database WHITE PAPER

FORTINET Global Reputation Monitoring PAGE 2 Overview Fortinet s FortiGuard Security Services delivers two essential services to Fortinet customers: Blocking spam emails before they reach customers mailboxes and blocking customers access to malicious web sites. To deliver real-time protection of emerging threats to Fortinet customers, the FortiGuard team has built one of the largest antispam and web filtering intelligence networks in the world. The FortiGuard Security Intelligence Database (SID) is a global intelligence database that creates and maintains a reputation score of email senders and websites. The FortiGuard SID is at the core of Fortinet s antispam and web filtering threat protection technology. Delivering a Global View Fortinet has collected information on hundreds of millions of email senders and web sites from around the world and used that information to create the FortiGuard SID, with data continuously being added. Every day, the FortiGuard Global Threat Research Team and the FortiGuard SID analyze millions of email messages and URL rating queries. Based on this analysis, the FortiGuard SID manages reputations of over 300 million IP addresses and maintains ratings on over 50 million websites. The FortiGuard SID contains the security reputation scores of email sender IP addresses and website URI, their volume and trend of messaging and web traffic, and other information used in Fortinet's antispam and web filtering technologies. It collects data from the approximately 500,000 Fortinet antispam appliances (both FortiGate and FortiMail) and FortiClient endpoint agents deployed worldwide, as well as Fortinet s global spam trapping network. When a Fortinet antispam appliance or endpoint receives an email, it extracts email signature information (including IP, URI, and checksum) and queries the FortiGuard Distribution Network (FDN) to determine if the email is spam. The FDN servers maintain all of the query histories in the form of antispam logs. It aggregates and analyzes these logs, providing a real-time, global view of spam and web traffic patterns. The FortiGuard team updates the reputations in the FortiGuard SID every three minutes and updates the web filtering ratings every 30 minutes. A Multi-Layered Approach to Spam Detection Fortinet uses several techniques to detect and filter spam: Global Filters Through the FDN, the FortiGuard antispam service provides two databases, FortiIP and FortiSig, as global filters. FortiIP is a sender IP reputation database, and FortiSig is a spam signature database containing three types of signatures: FortiSig1, FortiSig2 and FortiSig3. The FortiSig database also contains FortiRule, a database of dynamic heuristic rules. The FortiGuard team constantly updates these global filters, enabling FortiGate, FortiClient and FortiMail products to detect and filter most prevailing spam in the Internet. The details of the FortiIP and FortiSig databases are as follows: - FortiIP (Sender IP reputation database): Misconfigured or virus-infected hosts account for the majority of spam today. The FortiGuard Antispam Service maintains a global IP reputation database that builds and maintains the reputation of each IP. It uses a range of properties of the IP address, gathered from various sources, including whois information, geographical location, service provider, whether it is an open relay or hijacked host, and so forth. One of the key properties used to maintain the reputation is the email volume from this sender, as gathered from our FDN. By comparing a sender's recent email volume with its historical pattern, the FortiGuard Antispam Service updates each IP's reputation in real-time and provides a highly effective sender IP address filter. - FortiSig1 (Spamvertised URLs): Approximately 90% of spam has one or more URLs in the message body. These URLs link to spammers' websites promoting their products and services. In the phishing spam, these URLs direct one to a fraudulent bank or other financial institution's website in an attempt to obtain private financial information. The FortiGuard Antispam Service collects spam samples through our global spam trap network and spam sample submissions from

FORTINET Global Reputation Monitoring PAGE 3 our customers and partners. It extracts the URLs from the spam samples and subjects them to rigorous QA processes before augmenting the FortiSig Database. The URLs are then subject to the continuous aging process by which the database removes obsolete items promptly. - FortiSig2 (Spamvertised email addresses) Similar to the spamvertised URLs described above, another hallmark of spam is an email address in the message body that prompts the recipient to contact the spammers. By extracting these email addresses from the spam samples, the FortiGuard Antispam Service use these spamvertised email addresses to provide another powerful global filter to identify and filter spam. - FortiSig3 (Spam object checksums) To detect spam that avoids detection by FortiSig1 and FortiSig2 filters, the FortiGuard Antispam Service created an additional global filter: FortiSig3 (available in FortiOS 3.0 and later). Using a proprietary algorithm, FortiSig3 detects objects in spam and calculates a fuzzy checksum from each object (the object can be part of the message body or an attachment). FortiSig3 provides another highly effective global filter with virtually no false positives. - FortiRule (Dynamic heuristic rules) This is the latest component offered in the FortiGuard Antispam Service, available in FortiMail version 3.0 MR1 and later. This global filter uses dynamically updated heuristic rules to identify spam, exploiting various attributes in the spam message header, body, MIME header, and attachments. With manually crafted heuristic rules for specific spam attacks, FortiRule further increases the catch rate with virtually no false positives. Customized Filters Fortinet provides various customized spam filters to complement the Fortinet's antispam solution on FortiGate and FortiMail appliances and FortiClient endpoint agents. These customized filters range from banned words filters, local white and black lists of sender email address, heuristic rules, to highly sophisticated techniques such as Bayesian training in FortiMail (Consult the technical documentation of each respective product for more information on customized filters). Dedicated Service Team The FortiGuard Antispam Service Team completes Fortinet's antispam solution, providing Fortinet customers with a best in class antispam service. The dedicated service team of engineers and analysts is committed to responding to and resolving any false positive reports and other issues in 24 hours. The FortiGuard antispam service team also monitors and analyzes the latest spam techniques, continuously updates FortiIP and FortiSig databases, as well as researching and designing new spam filters. Measuring Reputation The FortiGuard SID calculates a reputation score for every email signature and website, from 1 to 9. A score of 1 means the signature/website is most likely malicious, eight means the signature/website is most likely clean, and nine indicates a white signature or site. To calculate the score, the FortiGuard SID uses proprietary algorithms that consider a wide range of parameters for spam reputation and web site reputation. The FortiGuard SID first analyzes global behaviors of the email or website, mined from the data collected from the installed base of FortiGate and FortiMail appliances and FortiClient endpoints. It examines a broad range of data to ensure that no one parameter or value triggers a spam listing or malicious site listing, to minimize both false positives and false negative. It analyzes the existing reputation in the context of new patterns, volumes, locations, and trends over a range of timestamps, starting with the last five minutes up to the previous 30 days. The FortiGuard Threat Research Team also uses its expertise in intelligent email and web traffic behavior analysis techniques to provide early detection of emerging threats. This expertise, combined with the global data collection and analysis techniques, ensure that FortiGate and FortiMail appliances, as well as FortiClient-protected endpoints indentify and block emerging threats.

FORTINET Global Reputation Monitoring PAGE 4 FortiGuard Security Information Database Portal (under development) The FortiGuard Threat Research Team is developing a portal to post an excerpt from the FortiGuard SID to give visitors access to summary data about IP/Web site reputation and current threats. The portal will provide a snapshot of current email spammers and malicious web sites. It will contain the following summary and detailed information: Estimated global daily email volume, both clean and spam, over the past month Top spam sender distributions by countries over the last 24 hours Top 10 spam sender IP addresses over the last 24 hours Distribution of malicious, illegal & unethical, and potentially liable websites among all websites visited over the last 24 hours Lookup function of the reputation information of an IP address and domain or website Figure 1: FortiGuard Security Information Database Portal (under development)

FORTINET Global Reputation Monitoring PAGE 5 Summary The FortiGuard Security Intelligence Database is a global intelligence database that creates and maintains a reputation score of email senders and websites. It combines Fortinet s ten years experience in detecting and blocking mail and web threats with the broad reach of 500,000 installed appliances for data collection to create one of the most respected threat intelligence databases in the world. It enables Fortinet s FortiGuard Security Services to deliver accurate and timely updates to subscribers based on real-time analysis of emerging threats, significantly reducing the risk of a successful attack. Fortinet (NASDAQ: FTNT) is a worldwide provider of network secur.ity appliances and the market leader in unified threat management (UTM). Our products and subscription services provide broad, integrated and high-performance protection against dynamic security threats while simplifying the IT security infrastructure. Our customers include enterprises, service providers and government entities worldwide, including the majority of the 2009 Fortune Global 100. Fortinet s flagship FortiGate product delivers ASIC-accelerated performance and integrates multiple layers of security designed to help protect against application and network threats. Fortinet s broad product line goes beyond UTM to help secure the extended enterprise from endpoints, to the perimeter and the core, including databases and applications. Fortinet is headquartered in Sunnyvale, Calif., with offices around the world. WPR-146 -R1-201004

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information