Transcript as Power Point Presentation

BorderWare Security Platform
Solution Update
Agenda





Market opportunity
Customer Requirements
BSP - Comprehensive Security
BorderWare Security Platform…a closer look
BorderWare Security Network
August 2007
© Copyright 2006 BorderWare Technologies Inc. All Rights Reserved.
2
BorderWare Security Platform
Market opportunity
Convergence of Secure Content & Threat Management
Source: IDC, 2007
August 2007
© Copyright 2006 BorderWare Technologies Inc. All Rights Reserved.
4
Convergence of Secure Content & Threat Management
BorderWare Solutions
Source: IDC, 2007
August 2007
© Copyright 2006 BorderWare Technologies Inc. All Rights Reserved.
5
Market Opportunity
 The Secure Content Management Market was a $6.2B market in 2005
and is growing at 16.3%
 IT spending on security remains the top priority on CIO’s wish lists ahead
of BI, desktop OS’s & applications, ERP and SOA/web services
Worldwide SCM Product Revenue by Segment
2003 - 2009
$4,605
($ in 000s)
$5,406
$6,100
$6,714
Top Areas for Security Investment in 2006
$7,266
1
2
3
4
5
6
7
8
9
10
3,000
2,500
2,000
1,500
1,000
500
2003
Antispyw are
2004
2005
Web Filtering
2006
2007
2008
Messaging Security
2009
Anti-Virus
E-mail filtering / Anti-Spam
Network Intrusion Detection
Firewall
Encryption
SSL VPN
Wireless LAN Security
Data Security
VPN for Remote Office or Partners
Host Intrusion Detection
Source: Merrill Lynch.
Antivirus
Source: IDC.
August 2007
© Copyright 2006 BorderWare Technologies Inc. All Rights Reserved.
6
Worldwide Secure Content Management Revenue by
Segment, 2004-2010 ( $M)
2004
2005
2006
2007
2008
3,693.0
4,331.3
5,012.7
5,693.3
Antispyware
117.0
294.5
397.7
Web
filtering
423.5
549.0
Messaging
security
675.4
4,908.9
Antivirus
Total
20052010
CAGR
(%)
2009
2010
6,360.7
6,823.9
7,283.0
11.0
485.9
544.9
575.0
565.0
13.9
650.8
732.6
786.7
861.0
926.3
11.0
919.0
1,210.1
1,553.4
1,901.5
2,369.2
2,804.4
25.0
6,093.8
7,271.4
8,465.3
9,593.7
10,629.2
11,578.7
13.7
IDC 2006 - Worldwide Secure Content Management 2006-2010, Forecast Update and 2005 Vendor Shares: The Convergence of Secure
Content and Threat Management
August 2007
© Copyright 2006 BorderWare Technologies Inc. All Rights Reserved.
7
Security Concerns
How would you rate the items below on the threat each poses to your company’s
enterprise network security? (Scale: 5=Significant threat; 1= no threat)
44%
Employees following security
policy
52%
49%
51%
Increasing sophistication of
attacks
33%
Business executives
following security policy
44%
38%
40%
Security Budget too small
36%
39%
Increasing complexity of
security solutions
33%
Increasing volume and
complexity of network traffic
39%
27%
Mobile clients
IDC 2007
August 2007
37%
2006
2005
© Copyright 2006 BorderWare Technologies Inc. All Rights Reserved.
Top 2 boxes (rating of 4 or 5)
8
BorderWare Security Platform
Customer Requirements
Today’s Extended Enterprise
Enterprise
Apps
Office Apps
Laptops
PDA’s
Mobile
Phones
Proliferation of
Threat Vectors
Data Leakage
Web
Apps
•Brand Risk
•Legal Risk
•Privacy
VoIP
eMail
IM
August 2007
© Copyright 2006 BorderWare Technologies Inc. All Rights Reserved.
10
Today - Perimeter Security Infrastructure
Email Security
IM Security
• Lack of comprehensive security
• Complexity in management
August 2007
Web Security
• Limited scalability & redundancy
• Expensive to own & operate
© Copyright 2006 BorderWare Technologies Inc. All Rights Reserved.
11
Customer Requirements
Email
Inbound
Protection
Outbound
Content
Infrastructure
Management
August 2007
Web
IM
• Reduce SPAM - employee
productivity
• React quickly to new SPAM
• Protect against malicious
scripts and Viruses
• DoS, DHA attack protection
• Protect against Phishing,
Pharming, Spyware attacks
• Network Resources
• HTML embedded
viruses and malicious
scripts
• Spyware/Malware
protection
• Phishing, Pharming
protection
• Protect against
malicious scripts and
viruses
• Phishing/Pharming
protection – embedded
URLs – blended threat
• Pass compliance audits
• Intellectual property
protection
• Privacy protection
• Reduce legal liability acceptable use
• Data Leakage Protection
• Monitor/block social
networking sites –
Facebook, blogs, wikis,
etc
• Data Leakage
Protection
• Reduce legal liability –
acceptable use
• Privacy protection
• Reduce legal liability –
acceptable use
• Access Control
• Audit and forensic
analysis
• Data Leakage
Protection
•
•
•
•
Ease of management
Consolidated policy management
Application specific reporting
Availability and Scalability
•
•
•
•
Distributed deployment – central management
Modular deployment
Application control
Low TCO
© Copyright 2006 BorderWare Technologies Inc. All Rights Reserved.
12
The Analysts Agree…
“As communications channels become more diverse, an effective content inspection
policy needs to span not only e-mail but also Web mail, IM, blog postings, chat
rooms and so on if it is to be comprehensive. Moreover, having separate policy and policy
definitions, groups and directories is nonsensical…A single policy engine that can define
communications policy across all modes of communications for groups and users is
necessary…” Gartner 2006
“Content inspection, compliance, and retention policies must cut across all
communications media rather than be silos in themselves. Organizations do not
want to create a new Health Insurance Portability and Accountability Act (HIPAA) or
ethical-wall policy for each communication medium.” Gartner 2006
“The key to scalability is to provide a component architecture for enforcement but
with a single management layer to apply policy” Gartner 2006
August 2007
© Copyright 2006 BorderWare Technologies Inc. All Rights Reserved.
13
BorderWare Security Platform
Comprehensive Security
BorderWare Security Platform
Protect



Virus, spam, malware, spyware,
bots, zombies, image spam, …
Integrated - Email, Web, IM
Detect, correlate and block
blended threats
Control



Content Management
Meet compliance requirements
Enforce corporate policies
Manage




Centralized Policy
Centralized Management
Scalable
High Availability
August 2007
© Copyright 2006 BorderWare Technologies Inc. All Rights Reserved.
15
BorderWare Security Platform
Security for Email, IM and Web
Viruses, worms, Trojans
Spam & phishing
DoS, DHA, Protocol
attacks
Blended Threats
Multi-application
Web Drive by Downloads
Malware, Spyware
August 2007
© Copyright 2006 BorderWare Technologies Inc. All Rights Reserved.
Compliance
• Government regulations
• Industry compliance
• Email encryption
Data Leakage Protection
• IP protection
• Accidental disclosure
• Anomaly detection
Acceptable Use Policy
• Real time monitor & block
• Policy enforcement
• Web reputation filtering
16
Real-time, multi-application reputation services
BorderWare Security Network
Comprehensive Security





Reputation scoring for Web, email, IM, and VoIP
Half billion sources of threat information from email, IM, Web, VoIP
Proactive defense to block unwanted and malicious content at perimeter
Seamless integration with BorderWare Security Platform
Pinpoint accuracy with domain and user reputations
Over Half Billion Sources
Good
Reject
August 2007
© Copyright 2006 BorderWare Technologies Inc. All Rights Reserved.
17
BorderWare Security Platform Benefits
Capabilities
Benefits
Integrated, appliance delivery, easy management
Low TCO
360o security protection, control and management
Comprehensive security
Integrated by design, single software platform
Reduced complexity
Modular architecture
Investment protection
On-demand scalability through intelligent clustering
High Performance
Enhanced messaging security made simple, scalable, and affordable
August 2007
© Copyright 2006 BorderWare Technologies Inc. All Rights Reserved.
18
BorderWare Security Platform
A closer look….
BSP Core Value Proposition




Comprehensive Security
Ease of Use
High Performance Availability
Lower Total Cost of Ownership (TCO)

50% less cost to own & operate
Enhanced messaging security made simple, scalable, & affordable
August 2007
© Copyright 2006 BorderWare Technologies Inc. All Rights Reserved.
20
Comprehensive Security:
Real-Time, Proactive Threat Protection






Reputation
Anti-Virus
Anti-Spam
Anti-Phishing
Zero Hour Virus Protection
Malware Protection
Intercept Engine
Anti-Malware
Threat Prevention
 Web, IM and Email
 Integrated Protection
PROTECT
Anti-Virus
Anti-Spam
Anti-Phishing
DoS & DHA
 Comprehensive Content
Monitoring and Filtering
August 2007
© Copyright 2006 BorderWare Technologies Inc. All Rights Reserved.
21
Detect & Block malicious email
PROTECT
Improve Email Threat Detection
 Image analysis engine enhances to detect the latest variants of image
spam
 Intercept engine detects obfuscated URL’s to prevent blended phishing
attacks
[email protected]
Joe Victim
August 2007
http://www.paypal.com@%32%32%
30%2E%36%38%2E%32%31%34
%2E%32%31 %33
© Copyright 2006 BorderWare Technologies Inc. All Rights Reserved.
22
Detect & Block malicious email
Improve Spam Detection
PROTECT
Update 2
 Detect and block PDF and ZIP spam
Legal
Joe Victim
August 2007
© Copyright 2006 BorderWare Technologies Inc. All Rights Reserved.
23
BorderWare Quarantine Server
PROTECT
Eliminate False Positives
Improve Gateway Performance




Dedicated quarantine solution
Scales to 100,000 enterprise users
Policy-driven domain support
Customized plain text or HTML spam digest layout
 Multiple languages
 End user-defined Trusted and Blocked Senders Lists
 Imported on a scheduled basis
 View, release, trust or block sender, and delete messages
directly from the spam digest message
 Customize frequency of notifications and the language
templates for the spam digest
August 2007
© Copyright 2006 BorderWare Technologies Inc. All Rights Reserved.
24
BorderWare Quarantine Server
PROTECT
 SP-1000 Quarantine Server




Up to 100,000 users
2 x Intel Xeon 3.2 GHz CPU with 2 GB RAM
4 x Gigabit Ethernet NIC
4 x 146 GB SCSI HDD (584 GB total, 292 GB effective), RAID 1+0,
hot swap
 2 x power supply, hot swap
 SP-200 Quarantine Server




August 2007
New
Up to 5,000 users
1 x Intel Celeron D 3.2 GHz CPU with 1 GB RAM
3 x Gigabit Ethernet NIC
1 x 80 GB HDD
© Copyright 2006 BorderWare Technologies Inc. All Rights Reserved.
25
BSP Weighted Dictionaries
CONTROL
Reduce False Positives
 Provides intelligent & granular enforcement of corporate &
compliance policies
 For example:
> Diagnosis name by itself may not be a compliance violation
> Diagnosis name, Patient Number & the word “terminal” may be a violation
 Used for
 Content scanning for email
 Objectionable Content Filtering (OCF) for email, Web & IM
 Spam dictionaries (email)
August 2007
© Copyright 2006 BorderWare Technologies Inc. All Rights Reserved.
26
IM Protocols & Clients
CONTROL
Secure Popular IM Clients
 AIM (AOL)
 AIM 5.9 or previous version for Windows
 Apple iChat 3.1.5
 Pidgin (GAIM) for Linux 1.5 & greater
 XMPP/Jabber
 Google Talk for Windows (Google Talk Web client is not supported)
 Psi Jabber Client 0.10 for Windows
 Kopete for Linux 0.12
 Windows Live Messenger
Rel 7.1
 Windows Live Messenger 8.1 for Windows
 Yahoo! Messenger
Rel 7.1
 Yahoo! Messenger 8.1 for Windows
August 2007
© Copyright 2006 BorderWare Technologies Inc. All Rights Reserved.
27
Download Size Limit for Web
Manage network resources
MANAGE
Rel 7.1
 Administrators define a size limit for Web downloads, files larger than this
size will be blocked.
August 2007
© Copyright 2006 BorderWare Technologies Inc. All Rights Reserved.
28
BSP Installation Wizard
MANAGE
Simplify BSP Installation
August 2007
© Copyright 2006 BorderWare Technologies Inc. All Rights Reserved.
29
Reporting & Logging Enhancements
MANAGE
Improve system visibility

Report Generation





Report Viewing




14 pre-canned reports
Derived from various system logs, then stored in the database
Ad hoc or scheduled
Pre-defined reports for Web & IM Rel 7.1
PDF format
Emailed to specific users
CSV and HTML formats
Rel 7.1
Separate Email, Web & IM Logs
August 2007
© Copyright 2007
2006 BorderWare Technologies Inc. All Rights Reserved.
Rel 7.1
3030
Centralized Management & Clustering
MANAGE
 Centralized Management is a different &
complimentary function to Clustering
 Clustering
 Used for high-availability
 Load balancing of messages at a single site
 Comprised of systems with identical configurations
 Centralized Management
 Used to centrally manage & monitor multiple clusters &
multiple systems at many sites
 Accommodates a heterogeneous mix of configurations
August 2007
© Copyright 2006 BorderWare Technologies Inc. All Rights Reserved.
31
Clustering
MANAGE
The entire cluster is
managed from a single node
(the cluster Primary)
Clustered systems
form a single logical
unit
New York
August 2007
© Copyright 2006 BorderWare Technologies Inc. All Rights Reserved.
32
Centralized Management
MANAGE
Any BorderWare Security
Platform can be licensed as
the Centralized Management
console
New York
August 2007
London
© Copyright 2006 BorderWare Technologies Inc. All Rights Reserved.
Hong Kong
33
Centralized Management
Simplify Administration & Deployment
MANAGE
Rel 7.1
 Manage multiple systems at the same time
 Manage geographically dispersed systems on different network segments
over LAN & WAN connections
 Manage individual systems & clusters of systems
 Ensure consistent configuration across all systems
 Increase reliability, scalability & flexibility
 Reduce Administration overhead
 Supports global configuration & local policies
 Centralized reporting & mail history searches
 No extra hardware required
 Totally secure & can be used over public networks
 Cost option that must be licensed
 30 day evaluation is available
August 2007
© Copyright 2006 BorderWare Technologies Inc. All Rights Reserved.
34
Centralized Management Licensing
MANAGE
 A license key is required to enable the
manager system
 Number of managed nodes = 8
 Price = 8 x License price
New York
August 2007
London
© Copyright 2006 BorderWare Technologies Inc. All Rights Reserved.
Hong Kong
36
Web & IM LDAP Authentication
Simplify Deployment
MANAGE
Rel 7.1
 Simplifies Web & IM user authentication & provides Cluster support
 Web & IM users can authenticate by:
 Local System Users where the user is defined directly on the BSP
system & is suitable for single system deployments.
 LDAP Mirrored Users where the user information is imported from an
LDAP directory (i.e., mirrored) & is suitable for single & clustered
system deployments.
 LDAP Authenticated Users where the user is authenticated directly
against an LDAP directory (i.e., not mirrored) & is suitable for single &
clustered system deployments.
August 2007
© Copyright 2006 BorderWare Technologies Inc. All Rights Reserved.
37
Configurable Web & IM Notifications
MANAGE
Enhance Policy Customization
Rel 7.1
 Configurable notifications for sender, recipient & administrator
 Configurable by Default, User, Group or Domain Policy
August 2007
© Copyright 2006 BorderWare Technologies Inc. All Rights Reserved.
38
Web & IM Activity Screens
Increase System Visibility
MANAGE
Rel 7.1
Displays connection time, message IDs, source, destination, status & final
disposition.
August 2007
© Copyright 2006 BorderWare Technologies Inc. All Rights Reserved.
39
Message History Searches
Simplify Operations & Administration
MANAGE
Rel 7.1
Mail History has been replaced by Message History and searches across
mail, Web & IM
August 2007
© Copyright 2006 BorderWare Technologies Inc. All Rights Reserved.
40
BorderWare Security Network
Reputation Services
 Designed to combat Spam and unwanted content by
measuring the reputation of message sources
 Virtually all existing reputation services are limited to email
 Most reputation services focus on email volumes
 Increases in volume are interpreted as suspicious activity
 Over reliance on past activity, ignoring current behaviour
 Examples
 SenderBase – Ironport – www.senderbase.org
 TrustedSource – Secure Computing –
www.trustedsource.org
August 2007
© Copyright 2006 BorderWare Technologies Inc. All Rights Reserved.
42
Challenges with Reputation Service
 Organizations suffer from
 Incorrect assignment of poor reputation due to
> Spoofed email
> Shared mail relay
> Shared IP by managed service
 Assignment of poor reputation caused by
> Botnet (infected PC)
> Individual malicious user
 Identifying real cause of poor reputation is difficult
 Removal from block lists is difficult
August
April
2007
2007
© Copyright 2006 BorderWare Technologies Inc. All Rights Reserved.
43
Problems with ISP and Managed Services
 Managed services and ISP provide mail relay
service to many customers via a single (or multiple)
IP addresses
 As a result, customers reputation is shared among
multiple organizations (domains)
 If one organization is infected by a botnet or sends
viruses
 Resulting lower reputation across entire IP affecting all
customers
August
April
2007
2007
© Copyright 2006 BorderWare Technologies Inc. All Rights Reserved.
44
BSN is “Next” Generation
 BSN incorporates more than just spam and
volume information, some examples:
 BSN tracks recent virus behavior from IP
addresses
 Allows known virus senders to be outright
rejected. Systems that have been
accidentally infected can be temporarily
rejected until they get clean
 BSN classifies and tracks “dial-up” accounts
 Can be used to reject all mail from dialups, which are often zombie and botnet
systems
 Good recipients vs. Bad recipients being
tracked
August 2007
© Copyright 2006 BorderWare Technologies Inc. All Rights Reserved.
45
BSN enhanced “Domain Reputation”
 BorderWare Patent Pending technology for
identifying reputation by domain and sender
 Intelligently analyses and correlates
 Overall IP address reputation
 Domain name for each IP
 User (envelope sender) from each IP
August
April
2007
2007
© Copyright 2006 BorderWare Technologies Inc. All Rights Reserved.
46
Domain Reputation Benefits
 Shared mail relays and ISPs
 Good senders maintain good reputation
 Bad senders maintain bad reputation
 Mitigate spoofed email
 BSN tracks domain IPs that are sending good email
 Attempts to send email from a different IP is detected as
spoofed
 Protection against Back Scatter (bounce back)
 Isolate mailer daemon messages sending bounce backs
 BSN prevents NDRs from affecting user's reputations
August
April
2007
2007
© Copyright 2006 BorderWare Technologies Inc. All Rights Reserved.
47
BSN Public Portal
 Putting it all together… DEMO!
 http://bsn.borderware.com/sand
August
April
2007
2007
© Copyright 2006 BorderWare Technologies Inc. All Rights Reserved.
48
How does BSN work?
Three Tier
Architecture
BSN Data
Center
BSN
Server
Nodes
Customer
Systems
August 2007
© Copyright 2006 BorderWare Technologies Inc. All Rights Reserved.
49
Using BorderWare Security Network
BorderWare Security Network has distinct value propositions
Product Integration
Public Portal
August
April
2007
2007
© Copyright 2006 BorderWare Technologies Inc. All Rights Reserved.
50
BSN Product Integration
 Information from BSN can be used in two ways within
the BorderWare Security Platform:
1. To reject connections during SMTP conversation
> Known malicious senders can be rejected right away to
prevent spam, spyware, and virus mail from being delivered
> Rejects 60-90% of all bad messages at the front door
2. In the BSP Intercept decision strategy
> Behavior information can be used to help decide message
disposition
> Provides “second opinion” for questionable emails
August 2007
© Copyright 2006 BorderWare Technologies Inc. All Rights Reserved.
51
BSN Product Integration
BorderWare suggested defaults:
• Intercept Connection Control
Lenient
Standard
Aggressive
•
Intercept Anti-Spam Aggressiveness
August
April
2007
2007
© Copyright 2006 BorderWare Technologies Inc. All Rights Reserved.
52
BSN Product Integration
For those that like to dabble:
August
April
2007
2007
© Copyright 2006 BorderWare Technologies Inc. All Rights Reserved.
53
BSN Key Messages
 BSN is next generation reputation solution offering proactive
protection through behavioral analysis
 Blocks 60-90% of all spam, viruses, spyware, and malicious
content at the front door. As email volumes rise, your
infrastructure costs don’t have to.
 Provides a real time granular view of content from multiple
users and domains. Better data means better results.
 BSN is seeing what others are not. E.g. domain lookup data
and “worst behaved” list.
August 2007
© Copyright 2006 BorderWare Technologies Inc. All Rights Reserved.
54
Let’s get tactical
 BSN = Door opener for new and existing customers
 Target end users with high interest in their Internet
reputation
> Financial Services, Insurance, Retail, Government
 Perform a BSN Domain look up for these prospects
 Make it real for the prospect
> Perform the same look up with SenderBase and Trusted Source in
two other tabs within your browser
> http://www.senderbase.org; http://www.trustedsource.org
 BSN is more accurate and granular over other reputations
such as Sender Base and Trusted Source
August 2007
© Copyright 2006 BorderWare Technologies Inc. All Rights Reserved.
55
Supporting documentation
 Copy of Presentation
 BSP FAQ on new features
 Promotional information coming for existing
customers.
 Updated pricing which includes Centralized
management
August 2007
© Copyright 2006 BorderWare Technologies Inc. All Rights Reserved.
56
Thank You
Q&A