1

Commtouch:Cloud-based Internet Security

Tim Johnson - Director, Strategic AlliancesIan Hess - Technical Account ManagerSeptember 2010

Agenda

2

Who We Are

What We Do

How it Works

Cloud Architecture & Security

Q&A

Foundations

3

Cloud-based security services leader

• Award-winning Internet security technology

• Global delivery & service platform

Unique business model

• Focus on OEM partners and Service Providers

• Partner-centric support organization

Solid financial foundation

• Est. 1991, Public (NASDAQ: CTCH)

• Profitable and growing

Security & Network Vendors

Selected Customers and OEM Partners

4

Service Providers

Messaging Security, Web Security & Antivirus Services

5

Outbound Spam ProtectionBlock and identify outbound spam & spammers

GlobalView Mail ReputationBlock unwanted email traffic at the network perimeter

GlobalView URL FilteringComprehensive coverage, accuracy and real-time security

Zero Hour Virus Outbreak ProtectionBlock email-borne malware outbreaks in real time

Anti-spamProtect against spam & phishing outbreaks in real-time

Industry Standard Plugins

2002

2004

2006

2008

2010

2010Command AntivirusProtect against malware threats

2Q10 Email Threats by the numbers

• 82% of all emails are spam

• 179 Billion spam messages per day

• Pharmacy spam 62% of all spam

• 307,000 zombies lit up per day

• 1800 variants of Mal/Bredo virus

• 1.3 Sextillion ways to spell \/ l @ g r /-\

Virus Attacks Aren’t Letting Up

7

Zero hour virus outbreaks – last 90 days

Spam Maxims

8

A cloud-based solution with global view of internet email cansolve the problem

Spam is only economical in large volumes

Single endpoint or rule-based systems cannot detect spam and viruses quickly or accurately enough

Cloud Security Market Requirements

9

Messaging Web Antivirus

Real-timeSpam, phishing and virus outbreak detection

Zero-Hour detection of Web threats and new sites

Zero-Hour malware detection via multi-layered approach

False positives

Near zero Near zero Near zero

Global solution

Language agnostic detection

Worldwide, relevant coverage of URLs

Worldwide sample feed and updates

AccuracyTypically 99%+ spam detection

Industry’s highest accuracy, with unparalleled Web 2.0 granularity

Certified by Checkmark, ICSA Labs and Virus Bulletin

ScalableAutomatic engines servicing hundreds of millions of users worldwide

Cloud-based architecture servicing hundreds of millions of users worldwide

Implementations from desktop to carrier-grade

Commtouch’s GlobalView Network

10

Service platform

Unified service platform for Internet security applications Servicing OEM vendors & service providers Protecting hundreds of millions of users worldwide

Collection & Analysis

Collection of billions of Internet transactions daily Across diversified segments & geographies RPD™ technology, multiple analysis engines and 3rd

party sources

Infrastructure

5 Carrier grade data centers: US (3), Europe, Asia Operational for over 12 years Multiple collection nodes distributed worldwide

Commtouch Technology Overview

11

Queries by endpoints

Global collection of Internet traffic & data

Real-time analysis

Real-time traffic

Web data sources

Security Alliance

Malware samples

Email AnalysisRecurrent Pattern

Detection

URL analysisMultiple engines

Resolution; Query results build locally relevant DB

OEM partner & Service Provider

Endpoints

Malware analysisMultiple engines

Commtouch Technology Overview: Messaging

12

三最機是般

取 /m取

IPAddresses

Malwarepatterns

URLsSpam/

phishing patterns

Patented RPD™

Distribution and structure pattern correlation

Real time detection of global outbreaks

Commtouch Technology Overview: Web

13

User-behavior driven URL filtering cloud database

Multiple sources and analysis engines for broadest coverage and highest accuracy

Zero-hour Web threat protection

More than 100M sites in 64 categories including 8 security categories

Threat research

3rd party Security

Alliance data

Open trafficcollectors

URL dynamics,popularity & reputation

Userqueries

Spam/ phishing

URLs

AnalysisEngines

ZeroHour

Commtouch Architecture Detail

15

Data Center Nuts and Bolts

16

5 Operated by Commtouch, 4 co-operated by Commtouch

• North America, Europe, Asia

• Colo with Tier 1 DC providers

They provide building, physical security, connectivity, power & cooling

Host our equipment in our own cage

• We own network equipment, firewalls, etc.

Complete physical redundancy

• Multi-peering with different local ISPs

• Managed remotely

• Highly scalable

2 months to spin up from A to Z

Datacenter Security

17

Hosted in dedicated cage

• Hand scan/Iris scan access

DC provides physical security protocols

• Who has access

• Who can request/make changes

• Who can receive shipments, etc.

We manage technical security

• Communications to DC from Ops is encrypted and via private VPN

• Access, change, etc.

Technology Nuts and Bolts

18

Connectivity

• Local engine/client

Checks local cache first

Contacts DC if not found locally

Variable TTL in cache

• Client chooses ‘best’ DC to work with

• 100% up time to clients for 8 years

Technology Security

19

Protocols

• Proprietary protocol over HTTP

• 100% proprietary servers

Service requires authentication We manage keys and can disable key/service

Partners have optional 2nd level key management

No successful attacks on DCs or clients

Questions?

20

Thank You

21