1 Confidential © Clearswift 2014 Introducing SEG V4 Clearswift

1 Confidential © Clearswift 2014

Introducing SEG V4

Clearswift


Gateways – SEG v4.0

• Features– Platform

– New spam engine

– DKIM support

– New Adaptive Redaction Features

– Japanese character set improvements

• Upgrade

• Roadmap

• Q&A


Gateways v4.0 - Platform

• 64 bit Operating system and Platform

• SECURE Email Gateway– Non-root application (and other security tightening)

– Some files moved to fit in with RHEL formats

– Linux style upgrade process

– Tighter integration with O/S

• Red Hat Enterprise Linux x64 6.6– Wider support for Hardware and virtualisation platforms

– Long life support

– License included with SEG product (non-transferable)

– New file systems (ReiserFS to Ext4)

– IPv6 capable (but not activated at this point)


Gateways v4.0: Why RedHat? (RHEL 6.6)


Gateways v4.0: Why RedHat?

• Initially delivered as software, appliance to follow

• Standard OS permits customers to load System Management agents– UPS

– System Monitoring

– Backup

– Virtualisation tools

• Should enable us to work on other platforms (AWS etc)– Deployments in cloud more cost effective than on a VM

• Supported platform by vendor - rather than the open source community


RHEL is a commercial product

• Red Hat is not free, $799 pa (1 physical or 2 virtual)

• Does a customer have to buy it…..No its included….

• Support comes from Clearswift, as do upgrades

• If you have your own RedHat license you can still use it– Support and Upgrades comes from RHEL


Gateways v4.0: Why RedHat?

RHEL repositoriesClearswift repositories

~small delay

Device driversSecurity fixes (checked)

Clearswift customer Red Hat customer


SEG v4.0: Improved Anti-Spam

• New Anti-Spam Engine– Reputation – Removes old legacy “Clearswift” engines (Bayes, CURBL

and ASE)– New signatures engine

• Consistent improved detection rates

• Reduced false positive rates

• Enables simple whitelisting of business partners

• Full whitelisting by domain/IP address


Comparison

• With a feed of ~1m spam messages per day


Revised UI – SpamLogic filters


Revised UI – Whitelisting by domain


Domain Keys Identified Mail (DKIM)

• DKIM is a method of identifying if an email is authentic

• Will help to reduce the amount of spoofed messages being sent into an organization

• Add’s validity to messages that are sent by an organization so their business partners are more trusted

• Similar to Sender Policy Framework (SPF), but different


SPF

• Senders publish the IP addresses of mail servers that may send mail from their domains in DNS

• Receivers get messages and compare the source addresses to see if the message came from a listed address

• If it does, the message is authentic

DKIM

• Senders publish their public key in DNS. Messages are sent containing a cryptographic hash of the message

• Receivers get message and decode the hash of the message using the published public key

• If it matches, the message is authentic

Comparision of authentication methods


Adaptive Redaction: Open Office Support

• Popular alternative to MS Office – 135m copies in use (Wikipedia)

• Top 5 countries by users– USA

– France

– Germany

– Italy

– Japan

• Cost-effective choice, especially for governments

• Included as part of the AR license


DLP enhancements

• Adaptive Redaction

• Selective scanning


DLP enhancements

• Document properties


Upgrade path

• There is no simple upgrade– Changing the operating system completely

– Changing the disk layout

– Changing the file system

• Customers will need to build a new system– Can request PSO

– Hardware refresh

– Virtualisation opportunity

• Install SEG 4.0 and customers can import their existing SEG 3.8 backup– Or just their policy file


Install steps

1. Start RHEL 6.6 install

2. Deploy a Clearswift Kickstarter script

3. Setup network settings

4. Installs required operating system

5. Reboots

6. Login and initiate the Gateway install

7. Gateway installs

8. Reboots

9. Run wizard

10.Rename as required

Q. How long does it take ?

A. About 10 minutes, slowest

part can be rebooting if on

hardware


Migrating from 3.8 to 4

Categ

ory 1

Categ

ory 4

0

3

6

Categ

ory 1

Categ

ory 4

0

3

6

V3.8 V4.0

Policy

MessageManagement

Reporting


Migrating from 3.8 to 4

Categ

ory 1

Categ

ory 4

0

3

6

Categ

ory 1

Categ

ory 4

0

3

6

V3.8 V4.0

Policy

MessageManagement

Reporting

FTPBackup


Peering in a mixed environment

Categ

ory 1

Categ

ory 4

0

3

6

Categ

ory 1

Categ

ory 4

0

3

6

Categ

ory 1

Categ

ory 4

0

3

6

X

V3.8 V3.8 V4.0

Policy

MessageManagement

Reporting


• Initially can sit behind a 3.8 platform

• Spam settings should be configured with the 3.8 as the upstream host

• You should see expect to see the V4.0 catching spam missed by 3.8

• Gradually implement content rules from 3.8 to 4.0 platform

How do I test 4.0?

V3.8

V4.0


• Bring the V4.0 to the front

• Most of policy should be running on 4

• Spam settings should be configured with the 4.0 as the upstream host

• Spam being detected on the 3.8 should be minimal

How do I test 4.0?

V3.8

V4.0V3.8

V4.0


• Use a relay-to action and “dual deliver” messages

• Drop messages after processing on the V4 system

How do I test 4.0?

V3.8

V4.0


Collateral/Training plan

• Install Guide

• FAQ document

• Updated Hardware compatibility list (HCL)

• Ports and Protocols

• Support KB - Technotes

• Support video’s

• Available on w/c 19th January


Near term roadmap

• SEG 4.1 (April 2015)– Import whitelists from file

– Support for whitelists with range and CIDR formats

– LDAP/S for address list connections

– FTP/S & SFTP for backups

– FTP/S & SFTP for Logfile export

– Keyserver lookups using LDAP/S & HTTP/S

• SEG 4.2 (Summer 2015)– tbc


Confidential © Clearswift 2014 27 Confidential © Clearswift 2014

Questions

Documents

1 Confidential © Clearswift 2014 Introducing SEG V4 Clearswift