Upload
tyler-welch
View
232
Download
0
Embed Size (px)
Citation preview
1 Confidential © Clearswift 2014
Introducing SEG V4
Clearswift
2 Confidential © Clearswift 2014
Gateways – SEG v4.0
• Features– Platform
– New spam engine
– DKIM support
– New Adaptive Redaction Features
– Japanese character set improvements
• Upgrade
• Roadmap
• Q&A
3 Confidential © Clearswift 2014
Gateways v4.0 - Platform
• 64 bit Operating system and Platform
• SECURE Email Gateway– Non-root application (and other security tightening)
– Some files moved to fit in with RHEL formats
– Linux style upgrade process
– Tighter integration with O/S
• Red Hat Enterprise Linux x64 6.6– Wider support for Hardware and virtualisation platforms
– Long life support
– License included with SEG product (non-transferable)
– New file systems (ReiserFS to Ext4)
– IPv6 capable (but not activated at this point)
4 Confidential © Clearswift 2014
Gateways v4.0: Why RedHat? (RHEL 6.6)
5 Confidential © Clearswift 2014
Gateways v4.0: Why RedHat?
• Initially delivered as software, appliance to follow
• Standard OS permits customers to load System Management agents– UPS
– System Monitoring
– Backup
– Virtualisation tools
• Should enable us to work on other platforms (AWS etc)– Deployments in cloud more cost effective than on a VM
• Supported platform by vendor - rather than the open source community
6 Confidential © Clearswift 2014
RHEL is a commercial product
• Red Hat is not free, $799 pa (1 physical or 2 virtual)
• Does a customer have to buy it…..No its included….
• Support comes from Clearswift, as do upgrades
• If you have your own RedHat license you can still use it– Support and Upgrades comes from RHEL
7 Confidential © Clearswift 2014
Gateways v4.0: Why RedHat?
RHEL repositoriesClearswift repositories
~small delay
Device driversSecurity fixes (checked)
Clearswift customer Red Hat customer
8 Confidential © Clearswift 2014
SEG v4.0: Improved Anti-Spam
• New Anti-Spam Engine– Reputation – Removes old legacy “Clearswift” engines (Bayes, CURBL
and ASE)– New signatures engine
• Consistent improved detection rates
• Reduced false positive rates
• Enables simple whitelisting of business partners
• Full whitelisting by domain/IP address
9 Confidential © Clearswift 2014
Comparison
• With a feed of ~1m spam messages per day
10 Confidential © Clearswift 2014
Revised UI – SpamLogic filters
11 Confidential © Clearswift 2014
Revised UI – Whitelisting by domain
12 Confidential © Clearswift 2014
Domain Keys Identified Mail (DKIM)
• DKIM is a method of identifying if an email is authentic
• Will help to reduce the amount of spoofed messages being sent into an organization
• Add’s validity to messages that are sent by an organization so their business partners are more trusted
• Similar to Sender Policy Framework (SPF), but different
13 Confidential © Clearswift 2014
SPF
• Senders publish the IP addresses of mail servers that may send mail from their domains in DNS
• Receivers get messages and compare the source addresses to see if the message came from a listed address
• If it does, the message is authentic
DKIM
• Senders publish their public key in DNS. Messages are sent containing a cryptographic hash of the message
• Receivers get message and decode the hash of the message using the published public key
• If it matches, the message is authentic
Comparision of authentication methods
14 Confidential © Clearswift 2014
Adaptive Redaction: Open Office Support
• Popular alternative to MS Office – 135m copies in use (Wikipedia)
• Top 5 countries by users– USA
– France
– Germany
– Italy
– Japan
• Cost-effective choice, especially for governments
• Included as part of the AR license
15 Confidential © Clearswift 2014
DLP enhancements
• Adaptive Redaction
• Selective scanning
16 Confidential © Clearswift 2014
DLP enhancements
• Document properties
17 Confidential © Clearswift 2014
Upgrade path
• There is no simple upgrade– Changing the operating system completely
– Changing the disk layout
– Changing the file system
• Customers will need to build a new system– Can request PSO
– Hardware refresh
– Virtualisation opportunity
• Install SEG 4.0 and customers can import their existing SEG 3.8 backup– Or just their policy file
18 Confidential © Clearswift 2014
Install steps
1. Start RHEL 6.6 install
2. Deploy a Clearswift Kickstarter script
3. Setup network settings
4. Installs required operating system
5. Reboots
6. Login and initiate the Gateway install
7. Gateway installs
8. Reboots
9. Run wizard
10.Rename as required
Q. How long does it take ?
A. About 10 minutes, slowest
part can be rebooting if on
hardware
19 Confidential © Clearswift 2014
Migrating from 3.8 to 4
Categ
ory 1
Categ
ory 4
0
3
6
Categ
ory 1
Categ
ory 4
0
3
6
V3.8 V4.0
Policy
MessageManagement
Reporting
20 Confidential © Clearswift 2014
Migrating from 3.8 to 4
Categ
ory 1
Categ
ory 4
0
3
6
Categ
ory 1
Categ
ory 4
0
3
6
V3.8 V4.0
Policy
MessageManagement
Reporting
FTPBackup
21 Confidential © Clearswift 2014
Peering in a mixed environment
Categ
ory 1
Categ
ory 4
0
3
6
Categ
ory 1
Categ
ory 4
0
3
6
Categ
ory 1
Categ
ory 4
0
3
6
X
V3.8 V3.8 V4.0
Policy
MessageManagement
Reporting
22 Confidential © Clearswift 2014
• Initially can sit behind a 3.8 platform
• Spam settings should be configured with the 3.8 as the upstream host
• You should see expect to see the V4.0 catching spam missed by 3.8
• Gradually implement content rules from 3.8 to 4.0 platform
How do I test 4.0?
V3.8
V4.0
23 Confidential © Clearswift 2014
• Bring the V4.0 to the front
• Most of policy should be running on 4
• Spam settings should be configured with the 4.0 as the upstream host
• Spam being detected on the 3.8 should be minimal
How do I test 4.0?
V3.8
V4.0V3.8
V4.0
24 Confidential © Clearswift 2014
• Use a relay-to action and “dual deliver” messages
• Drop messages after processing on the V4 system
How do I test 4.0?
V3.8
V4.0
25 Confidential © Clearswift 2014
Collateral/Training plan
• Install Guide
• FAQ document
• Updated Hardware compatibility list (HCL)
• Ports and Protocols
• Support KB - Technotes
• Support video’s
• Available on w/c 19th January
26 Confidential © Clearswift 2014
Near term roadmap
• SEG 4.1 (April 2015)– Import whitelists from file
– Support for whitelists with range and CIDR formats
– LDAP/S for address list connections
– FTP/S & SFTP for backups
– FTP/S & SFTP for Logfile export
– Keyserver lookups using LDAP/S & HTTP/S
• SEG 4.2 (Summer 2015)– tbc
27 Confidential © Clearswift 2014
Confidential © Clearswift 2014 27 Confidential © Clearswift 2014
Questions