Embed Size (px)
Citation preview
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confiden:al 2 © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confiden:al 2 © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confiden:al 2
Hrvoje Dogan, Consulting Systems Engineer, Security, EM East
Forward-‐Looking Statements
“ Many of the products and features described herein remain in varying stages of development and will be offered on a when-‐and-‐if-‐available basis. This roadmap is subject to change at the sole discre>on of Cisco, and Cisco will have no liability for delay in the delivery or failure to deliver any of the products or features set forth in this document.”
• Sales Momentum • Spam Landscape • Recent Developments
• New Security Mechanisms
• Other Improvements
• Q & A
Cisco Confiden:al 5 Cisco Confiden:al 5 © 2010 Cisco and/or its affiliates. All rights reserved.
Turning point in the war against spam
Cisco, ASR
“
0
50
100
150
200
250
300
350
400
450
Jan 09
Feb09
Mar09
Apr 09
May 09
Jun 09
Jul 09
Aug 09
Sep 09
Oct 09
Nov 09
Dec 09
Jan 10
Feb10
Mar10
Apr 10
May 10
Jun 10
Jul 10
Aug 10
Sep 10
Oct 10
Nov 10
• Database leaked to law enforcement, industry • Ceased opera:ons on October 1, 2010 • Russian police press charges against owner, Gusev
• Ceased spamming between September 20 and 23
• Shutdown coincided with SpamIt.com shutdown no:ce
• Cisco SIO observed a spike in IPS events aXer shutdown
• Operated by Georg Avanesov • Arrested in Armenia in October
2010 • Alleged SpamIt.com affiliate
and botnet reseller
• Operated by Oleg Nikolaenko • Alleged SpamIt and
SanCash affiliate • Arrested in Las Vegas
on November 4, 2010 • Charged with felony
CAN-‐SPAM viola:ons and mail fraud
• Pled “Not Guilty” and held without bail
• Sales Momentum • Spam Landscape • Recent Developments
• New Security Mechanisms
• Other Improvements
• Q & A
Mass A\acks Targeted A\acks
Inbound Hygiene Outbound Control
Premise or Cloud Hybrid
Isolated Telemetry Coordinated Intelligence
Cisco Confiden:al 14 © 2010 Cisco and/or its affiliates. All rights reserved.
Cisco Confiden:al 15 © 2010 Cisco and/or its affiliates. All rights reserved.
mgmt3.iol.cz - 27 May 2009 10:17 (GMT +0200)
Copyright © 2009 IronPort Systems, Inc. All rights reserved. 1
SECURITY MANAGEMENT APPLIANCE
Overview mgmt3.iol.cz
27 Apr 2009 00:00 to 27 May 2009 10:16 (GMT +0200) View Data for: All Email Appliances | Data in time range: 99.13 % complete
Incoming Mail Graph Incoming Mail Summary
Message Category % Messages
Stopped by Reputation Filtering 90.3% 295,826,644
Stopped as Invalid Recipients 0.0% 5,899
Spam Detected 5.8% 18,886,099
Virus Detected 0.0% 0
Stopped by Content Filter 0.0% 9
Total Threat Messages: 96.1% 314,718,651
Clean Messages 3.9% 12,788,852
Total Attempted Messages: 327,507,503
Outgoing Mail Graph Outgoing Mail Summary
Message Processing % Messages
Spam Detected 86.9% 132,687,877
Virus Detected 0.0% 0
Stopped by Content Filter 0.0% 0
Clean Messages 13.1% 20,005,181
Total Messages Processed: 152,693,058
Message Delivery % Messages
Hard Bounces 0.1% 11,885
Delivered 99.9% 21,953,599
Total Messages Delivered: 21,965,484
Flexibility Inbound: Mail Hygiene Outbound:
Sensi:ve Data Protec:on Feature Deployment
An#-‐Spam
DLP Encryp#on
An#-‐Virus An#-‐Virus
In The Cloud
On-‐Premises
Cisco Threat Opera:ons Center
Global Threat Telemetry
Dynamic Updates and Ac:onable Intelligence
Adaptive Security Appliances
Intrusion Prevention Solution
Email Security Appliances
Web Security Appliances
wwwwww
Global Threat Telemetry
System Administrators
• Sales Momentum • Spam Landscape • Recent Developments
• New Security Mechanisms
• Other Improvements
• Q & A
Forward-‐Looking Statements
“ Many of the products and features described herein remain in varying stages of development and will be offered on a when-‐and-‐if-‐available basis. This roadmap is subject to change at the sole discre>on of Cisco, and Cisco will have no liability for delay in the delivery or failure to deliver any of the products or features set forth in this document.”
Our Future Ease of Use
Staying ahead of new threats
• Targeted A\acks • Purpose-‐built URLs per message
• Shortened URLs Threat Evolu#on
23
Large Spam Handling Improvements
Message Size Scanned Scanned
(Partial) Not Scanned
Advisory Scan Size
Maximum Scan Size
24
Usage
• Suspicious Threat Msgs • All Threat Types (spam, phish, targeted)
Delay
• Suspected URLs via Cisco Web Security Redirect
• Message Content (subject line) • Add Warning Statements
Modify
Evolving Protec:on Mul:-‐layer Targeted Protec:on
Protec:on from suspect emails
URL Redirection
Malicious site
URL Redirection
Deep inspec:on X
Users Protected from Targeted AJacks
• Sales Momentum • Spam Landscape • Recent Developments
• New Security Mechanisms
• Other Improvements
• Q & A
Addi:onal flexibility
By DLP Policy
Global Administrator
Read-‐Only Operator Helpdesk PCI Supervisor PII Supervisor
PCI Auditor
Flexible Feature Assignment: • Read Only • Read / Write Access • Repor:ng visibility • Quaran:ne access
Per policy
By Policy Group for Mul#-‐Branch Use Cases
Per applica:on and policy
Includes Quaran#ne and Message Tracking Control for DLP Admin Uses
Per func:on
Provide Granular Access
User security
SMTP call ahead
Seamlessly and Securely Use Exis:ng Directory Informa:on Wherever It May Exist Sender Email System
Email Security
Recp Valida:on Svr
2
3 Groupware Servers
1
Time-‐Based Log Rollover
• Outbreak Filters • Enhanced Large Spam Scanning
• Delegated Administra:on • Strong Password Controls • SMTP Call Ahead • Scheduled Log Rollover • Tracking Search Enhancements • More
• Sales Momentum • Spam Landscape • Recent Developments
• New Security Mechanisms
• Other Improvements
• Q & A
Thank you.
