Symantec AntiSpam Complete Overview (PowerPoint)
-
Upload
webhostingguy -
Category
Documents
-
view
1.586 -
download
1
Transcript of Symantec AntiSpam Complete Overview (PowerPoint)
Symantec Brightmail Anti-Spam 6.0 Product Overview Presentation
08. März 2005
Christoph Kugler
Territory Account Manager
2
Agenda
The Growing Spam Problem
Symantec Mail Security
SBAS Product Features
Architecture, Deployment, Sizing
Filtering Technologies
Brightmail Scanner
Brightmail Control Center
Folder Agents
Brightmail Plug-in for Outlook
Symantec Mail Security 8200 Series
Summary – Why is Brightmail the best
The Growing Spam Problem
4
Who am I?
Name: Laura Betterly
Age: 41
Single, mother, 2 kids
Annual salary: 300’000$
Owner of Data Resource Consulting Inc.
Job Title: Spam Queen
5
Merkmale von Spam
Wird meistens an eine grosse Anzahl Benutzer gesendet
Empfänger weiss nicht wer der Sender ist
Empfänger hat es nie angefordert
Schwierig bzw. Unmöglich es abzubestellen
Wenn Sie es nicht erhalten, Würden Sie es vermissen??
6
Spam Continues to Grow and Evolve
Symantec Mail Security
8
Symantec Mail Security
SMS - Symantec Mail Security
SBAS - Symantec Brightmail AntiSpam
9
Symantec Mail Security Product Family
Protection Tier Deployment Key Features
Groupware Gateway Network Software Appliance AS AVContent Filtering
Traffic Shaping
SMS 8100
Limited
SMS 8200
Limited
SBAS
SMS for SMTP
SMS for Domino SMS for Exchange
Symantec Brightmail Anti-Spam 6.0Product Features
11
Leadership
Brightmail is the worldwide leader in anti-spam technology, providing anti-spam software at the Internet gateway
325 million mailboxes25% of global mailboxes2,000 businesses9 of top 12 U.S. ISPs
Protects over
100 billion in June 2004*15% of global Internet traffic*
*Nearest competitor: 6 billion messages & 1% global traffic
Messages Filtered
*Nearest competitor: 6 billion messages & 1% global traffic
12
Zero Administration
Why low administration matters?• Do you have time to write rules, whitelist
senders or resolve false positives?
• Do you have visibility into new spam trends?
• Do you want to be an expert at fighting spam?
• Can you provide 24x7 spam fighting capability?
Largest hidden cost of an anti-spam solution
Look for: Zero Administration
13
Lowest False Positives
BAS has the industry’s lowest false positive rate
• Brightmail is 99.9999% accurate (1 in 1 million)
• 10x fewer then the closest competitor
Why are we the lowest?
• Brightmail will NOT introduce a technology without accuracy
• Competitors taking quickest approach to effectiveness
Look for: 1 in 1 million false positives
14
Catch the Most Spam
Multiple technologies for complete spam defense• There is no silver bullet anti-spam technology
• Different filters effective against different types of spam
• With multi-layer solutions spammers must avoid each layer
Innovation & global coverage• Need to constantly innovate to stay ahead of spammers
• Ability to filter foreign language spam effectively
Look for: 95% Catch Rate
15
Symantec Brightmail Anti-Spam Customers
Enterprise Service Provider
16
Product Review and Industry Analyst Validation
"A benchmark in the field……95 to 96 percent effectiveEasy to install and maintain
“Brightmail caught the highest %of spam and had the lowest false-positive rate of any of the products tested.”
“…a real "set and forget" system. “
Brightmail Anti-Spam's false-positive score speaks for itself…Brightmail Anti Spam is the best answer we know of.”
Positioned in the “Leaders” Quadrant - Magic Quadrant for Enterprise Spam Filtering
- Gartner Research, 2004
“Brightmail, the leading provider of AntiSpam software, achieves a 1-message-in-1-million false positive rate.”
– Yankee Group 2004
17
Info World Article Review
18
Architecture, Deployment, Sizing
20
What is Brightmail 6.0 (BAS)?
Not an MTA
Integrates with industry standard MTA’s
Centralised Management / Reporting
Not a Content Filtering engine (Attachments)
Has AV scanning capabilities
Multiple Operating Systems supported
Deployed anywhere within your messaging topology
21
Key Features
Flexible Spam Handling• Modify subject line or header• Delete• Forward to email address for review• Administrator Quarantine
Per-User Quarantines• Web-based quarantine• Groupware quarantines - Exchange and Domino
Customized Mail Policies• Group Policies• Adjustable spam thresholds
Per User Spam Control• Allow/Block lists• Language preference• Submissions
Powerful Administration• Web-based Control Center• Global management of multiple servers• Centralized granular reporting• Assignable administrator privileges• Alerts
Flexible Architecture• Multiple LDAP integrations• Multiple MTA integrations
Content Filtering• Block Lists• Allow Lists• Custom Filters Editor
Complete Threat Protection• Anti-Virus – Optional module
22
High-level Architecture
Symantec Operations Customer Site
23
Spam Analysis and Operations: the BLOC
24
Flexible DeploymentInstall components on one or many machinesDeploy where you want (gateway, relay, or mailbox server)Choose Quarantine option (Web-based or email client-based)Incorporate end-user tools and features with Outlook Plug-in
25
Scalability
Brightmail Anti-Spam scalability proof points
On a single CPU
• Linux server, handles around 25 messages/sec
• e.g. 25 x 3600 = 9000 messages/hour
• 9000 x 9 = 81000 messages / business day
Additional performance through more CPUs or more servers at no additional cost (BAS is licensed per user)
Filtering Technologies
27
Defending Against Spam: a Multi-layered Approach
28
Points to Remember
Technology Custom Rules
Regular Expression (Header & Body)
Reputation Service
Hashing (Body & URL’s)
URL Filtering
Heuristics
Language Support Chinese
Dutch
English
French
German
Italian
Japanese
Korean
Portuguese
Russian
Spanish
Brightmail Scanner
30
• Communicates with your MTA (doesn’t replace it)
• Receives updated filters from the BLOC
• Examines incoming messages for spam, viruses, email threats, and special content
• Produces a verdict for a message
• Server component that filters mail and returns verdict
• Filtering engine
• Conduit component that manages statistics and updated filters
• Client component that integrates with MTA (optional)
What it Does What it Includes
What is the Brightmail Scanner?
The Brightmail Scanner is one of the key software components that powers Brightmail Anti-Spam
31
Secure Filter Transmission
Filter Download Sizes
First complete set of filters
10-15MB
Future downloads (updates only)
40-50KB
Polls for new filters every
minute
New filters are:• Downloaded via
HTTPS• Available every
10 minutes
Each Scanner retrieves its own
filters
32
Platform and Mail Server Support
Sendmail 8.12Sendmail Switch 3.1EximPostfix 2.1.3QMailSun Messaging Server 5.2/6.0
Solaris 8Solaris 9
Solaris
Sendmail 8.12Enterprise Linux ES 3.0Enterprise Linux AS 3.0
Linux (Red Hat)
Microsoft IIS SMTP*Exchange 2000Exchange 2003
Windows 2000 ServerWindows Server 2003
Windows
MTA SupportVersionPlatform
* Other MTAs, including Exchange 5.5 and Domino, can be supported in a relay configuration. To enable this support, Brightmail Anti-Spam is installed on an upstream machine with the IIS SMTP Service relaying filtered mail to the target MTA.
Sendmail 8.12Linux 9.1Linux (SuSe)
Control Center
34
Brightmail Control Center
Web-based interface for: Centralized management
• Push settings out
• Pull logging back
Web quarantine
• Administrator interface
• End user interface
Monitoring
• Summary dashboard
• Per-machine status
• Logs
• Statistics and reports
35
Brightmail Control Center Settings
Create list of blocked sendersCreate list of allowed senders Adjust threshold for filtering aggressiveness
Choose reputation filters to employEnable language identification features
• Embedded Tomcat • Embedded MySQL• Brightmail Software
– Web Pages– SMTP Listener– Expunger– Notifier
Complete Solution
Migrate settings from previous releases
Set up alert triggers
Work with consolidated reportsView consolidated and individual logs
Set up group policies
Set up and view Web Quarantine
Work with Brightmail ScannersIdentify external mail servers
Add admins with specific privileges
Set up antivirus filtering
Create custom content filters
Change LDAP settings
36
Spam Scoring
Each spam message given a score
Messages over 90 are given “spam” verdict
Administrators can turn on/off suspect spam threshold
Administrators can define lower end of suspect spam
In policies, administrators can set different actions for spam and suspect spam
37
Detailed Reporting
Multiple reporting categories Processed, spam, suspected spam, allowed/blocked messages,
and viruses
Reporting by multiple criteria Recipient Sender Recipient Domain Sender Domain IP Connection etc.
Benefits 19 reports available Report viewer in Control Center Generate as needed or
pre-set intervals Export to multiple formats
38
Group Policies
39
Group Policies
• All email domains
• Sub domains
• Individual users
• Wildcard Support
Multiple Types of Members
• Spam
• Suspect Spam
• Blocked Sender
• Allowed Sender
• Virus
• Worm
Six Email Categories
• Delete
• Mark up message subject
• Mark up message header
• Forward to an email address
• Save to disk
• Deliver normally
Six Verdicts
40
Communication HTTPS between Scanner and Control Center HTTPS between administrator, end users, Control Center (Optional)
Administrator Privileges Support for multiple administrators
Different privileges for different administrators (Some access only quarantine, others can change server settings)
End User Authentication Via LDAP to Active Directory
Exchange 5.5
SunOne
Control Center Security
41
LDAP Capabilities and Features
Alias Expansion Quarantine automatically resolves all
aliases and delivers messages to the quarantine account for the underlying email address.
Quarantine can access LDAP directories such as: Active Directory (Exchange 2000 and
Exchange 2003) Exchange 5.5 Sun ONE Directory Server
Customisable LDAP attributes Fully-configurable LDAP query settings
and attributes to match your LDAP schema.
42
System Alerts
Immediate notification when certain operating conditions arise
Sends email alerts to administrators or other parties
Applicable conditions: A Brightmail component is not
responding or working
Anti-spam filters are older than a specified time
Anti-virus filters are older than a specified time
Brightmail Quarantine is low on disk space.
43
Enhanced Web-based Quarantine
• Spam stored centrally at gateway; not passed through network
• End users notified daily/weekly about new spam
• Centralized message purging after x days
• Can “release” quarantined messages to user(s) inbox
• End users can access quarantine at any time
• Search functionality for both administrators and end-users
Benefits
44
Sample Quarantine Screenshots
Folder Agents
46
Exchange Spam Folder Agent
Quarantine that lives in Exchange End users can access from their mail client
Appears as a mail folder
Software installed on each Exchange server
Creates a “Spam” folder for each user
Administrator defines number of days to hold spam before deleting
47
Domino Agent
Creates a “Spam” folder for each user in the system
Administrator can set how many days before deleting spam
Message Submission Single click submission of
missed spam & false positives to Brightmail
Missed spam → Probe Network
Potential false positive → Reviewed by a BLOC Technician
Brightmail Plug-in for Outlook
49
Brightmail Plug-in for Outlook
Provide powerful spam management tools for your users
Empower users to take control of their inboxes
Single click submissions of misidentified messages
Symantec Mail Security 8200 Series
51
High-level Overview
Model 8240 8260
Customer segment 100-1,000 Users Over 1,000 Users
Antispam
Antivirus
Traffic shaping Limited Limited
Form factor 1U 1U
Storage 40 GB 73 GB
Redundancy Hard disk Hard disk, power supply, fans
*Under testing, subject to change
The most accurate email security appliance powered by the award-winning, industry-leading Brightmail AntiSpam technology from
Symantec, the global leader in Information Security
52
Appliance Platform Highlights
Symantec Branded Product (no overt reference to OEM) Based on OEM Hardware from Dell
High Performance: Intel CPUs High Quality: Field Failure rates < 1% High Resiliency: Built in Redundant Parts
Enterprise Class Support Standard HW warranty = Next Biz Day ONSITE repair* Platinum support includes Same Day ONSITE repair*
Quick Lead-times Symantec can order product at any time Manufactured on 8-12 Day Lead-Times
Compliant to Ship World-wide at FCS*Where available: some small European countries and rural areas are excluded
53
Key Features
Appliance Form Factor • Hardware*• Hardened Operating System*• Hardened Mail Relay*• TLS Encryption*
Filtering Engine• Brightmail AntiSpam• Symantec AntiVirus• Email Firewall—TurnTide Traffic Shaping*• Email Firewall—Automated Defenses*• Email Firewall—Reputation Lists• Content Filtering—Attachment Mgmt*• Content Filtering—Dictionaries*• Content Filtering—Annotations*• Content Filtering—Custom Rule Editor• SPF*
System Management• Web-based Administration• Global Management• Multiple Administrator Roles• Automatic Rule Updates• 55 Reports (35 New)*• Software Update Mechanism*
Mail Management • Group Policies• Outbound Policies*• LDAP Group Policies*• 16 Actions (8 New)*• Compound Actions*• End User Preferences—Block/allow list*• End User Preferences—Language*• Administrator & End User Quarantine
* Denotes new feature
54
Architecture
SummaryWhy is Brightmail the best …
56
Why is Brightmail the Best…
The most complete e-mail security technology Has the most complete arsenal of anti-spam technology
• Heuristics, URL Rules, Source filters, Signatures etc.
Symantec AV
The most extensive anti-spam operations center Anti-spam filters updated every 10 minutes
BLOC is unmatched for detecting spam and rule distribution
Complete manageability with hands off capability Flexible spam management & control
Powerful global management console
Integrated anti-virus and content filtering technology
Thank You
Kostenloser 30 Tage Download unter: http://emea.symantec.com/brightmail