Embed Size (px)
Citation preview
Infinigate Security Day September 9th 2011
Marcel KooringBusiness Development Manager
Agenda
• Introduction
• Statistics from our yearly Work/Life survey.
• Challenges on the Internet– Web 2.0/Social Media– Data Leakage
• Benefits of the Web Gateway
• Benefits of the Email Gateway
3
Web 2.0 / Social Media
4
Facebook users?
• Raise your hand if you have a Facebook account!
5
Social Media in Denmark
• According to the European Union Denmark has 2,566,060 Facebook users on a total population of 5,515,575 citizens!
• That is a 46,5% penetration rate.
6
Results from our work/life research
• 80% of managers see the business benefits of the new social Web.• 48% of managers have identified Web 2.0 usage as an issue of
concern at management level.• 19% of markets in 2011 report that their companies are engaged
in blocking, as opposed to 9% in 2010• There is widespread concern about Web 2.0 among managers,
with 57% expressing security concerns, 48% worried about loss of confidential data via employees
7
Web 2.0 benefits
• Wide variety of useful tools and services that people use in domestic and business life
• Communication is the most common benefit expected• Web-enabled devices and Cloud based services drive usage
forward• The growth of social media for marketing is accelerating
• 41%+ Tweets per day• Monthly Signups 52%• 104% increase in Android apps
• 600k developers• 900k apps• 13B api requests per day
8
On the downside…
• Virus proliferation is much higher on Web than on email
• Popular websites offer a greater chance of malicious infection
• We need Web Security Solutions to allow us to benefit from the web in a save way!
9
Today's Challenges
Even (large) trusted websites are being exploitedLarge sites, with lots of traffic are the ideal way to spread malware.
Dynamic content / Web 2.0/ Social MediaWeb content is not controlled by a single webmaster anymore, but comes from many sources, is user generated and changes rapidly!
Preferred attack vector– The web is becoming the attack vector of choice.
Challenges: •Number and types of sites increasing dramatically• Legitimate sites are used to embed spyware and malware • Proxy avoidance used widely to avoid URL categorization • Encrypted end-to-end content can’t be inspected • Mashups aggregate content from multiple sites• Static URL databases are increasingly ineffective• HTTPS is being adopted widely
Challenges: •Number and types of sites increasing dramatically• Legitimate sites are used to embed spyware and malware • Proxy avoidance used widely to avoid URL categorization • Encrypted end-to-end content can’t be inspected • Mashups aggregate content from multiple sites• Static URL databases are increasingly ineffective• HTTPS is being adopted widely
10
Spam and Malware
• Short lived success for the good guys
11
Malware
12
Data Leakage
13
Data Leakage
The 4 main reasons of data leakage are:
1. Accidentally publishing information through Email or Web. So make sure you check all web and email traffic
2. Malware designed to steel information. Make sure you protect yourself from malware that is mainly distributed by web and email.
3. Hackers who break there way into networks.4. Employees steeling information for personal gain
14
Data Leakage
• It is a multi headed monster• Do not try to solve everything in one go! Pure-play DLP solutions
are often very expensive and very complex......and until today they have failed to proof their value!
• Start with the obvious and start protecting you Web and Email traffic.
• Clearswift has 20 years of experience in this area and is probably one of few companies that actually have very large, high security customers protecting their information with Clearswifts products on a daily basis!
SECURE Web Gateway
Technology Overview
Unified Web and Email security that offers easier management, shared policy and enhanced reporting across all web and email based communications
SECURE Email Gateway
SECURE Web Gateway
• Integrated AV/Malware & Anti-SPAM
• Automated on-box encryption
• HTML, Web 2.0 and HTTPS traffic
• Integrated Cache, URL filtering, Anti-Virus/Malware & SPYware
Introduction to Clearswift 16
17
Clearswift SECURE Web Gateway
Easy to use & manage100% web-based GUI.Graphical ‘drill-down’ reporting.Automatic security software updates.
Easy to install– Up and running in under an hour.– Pre-configured with Default ‘Standard’ Policy.
Secure and resilient platform– Pre-built and supplied on Dell hardware. – Deployed on own hardware or as VMware.– Optimisation of Linux OS tuned for web gateway.
INBOUND THREATS
18
19
Complete Web Gateway protection
Anti-spywareSpyware “call home” preventionTracking Cookie detection/removal
MIMEsweeper content-aware policy engine– True binary signature file identification– Suspicious script analysis
URL filtering– 77 categories, million of web sites– Security Risk Group
– Malware, Phishing– Anonymous proxies
Kaspersky Anti-virus/malware– Viruses, worms, Trojans and malicious code
20
Comprehensive URL filtering capabilities
• URL Database– Millions of sites– 77 categories– Daily updates
• Real-time categoriser– Pornography– Anoynmizer– Hate, violence etc.
• Embedded URL detection– Google & Yahoo! Cached
items– Google translation pages
DATA LOSS PREVENTION
21
22
Lexical Analysis
• Detect and prevent document types being uploaded
– Office, Open Office, Drawing formats– True signature based file recognition– Deep content inspection i.e. inside
zips, embedded in documents
• Lexical content rules easily configuredto search for words or phrases within:– Requested URL– Documents Excel, Word, etc.– Web Page or status updates – HTTP Headers
Full HTTPS content scanning and certificate policy
• Full content scanning of HTTPS/SSL encrypted data
• Detects malware or data leakage in encrypted HTTPS traffic
• Provides policy based certificate checking for added protection
COMPLIANCE
25
Data loss templates & compliance lists
• Predefined regular expressions for PII (Personally Identifiable Information) and PCl (Personal Credit Information)
– National insurance number– Credit card numbers– Social security number
• Editable compliance dictionaries – Gramm-Leach-Bliley Act (GLBA), Health Insurance Portability and
Accountability Act (HIPAA), Securities and Equities Commission (SEC) and Sarbanes Oxley (SOX).
• Benefits– Easy to use (simply add to route)– No configuration errors
Interactive and scheduled reporting
26
Interactive drill downs
FLEXIBLE POLICIES
27
28
Easy to understand and use policy model
• Policy Configuration– User authentication with NTLM or Kerberos– Policy based on Users, Content Rules & Routes – The Web policy protects ‘Everyone’
• Viruses, Spyware, dangerous payloads types such as executables• Dubious types of site such as Pornography, Hacking, etc.• Block uploading of ‘office’ or ‘confidential’ documents
29
Personalized user feedback
• Block Pages– Policy violations
• Progress Pages– Informative feedback when
downloading large files
• Acceptable Use Policy Page– Users are reminded at regular
intervals with ‘Accept’ button
30
Web Gateway Email Gateway
Policy
Fully conjoined policy updating
MANAGEMENT AND DEPLOYMENT
31
32
SNMP and SMTP alerting
Clearswift SECURE Email Gateway
SECURE Email Gateway
• Highly Scalable, Resilient Message processing suite– Security– Routing– Logging and Reporting
• Keeps the Spam and Viruses out– Multi-layer Malware control– Multi-layer Anti-spam, Phishing
• Prevents sensitive data leaks and maintain compliance
– Pre-built dictionaries: PCI, PII, SEC, SOX, HIPAA– On-board encryption
• Prevents inappropriate usage– Pornography, profanity, copyright infringement
• Granular policies to ensure collaboration with right people
– Provides consistent enforcement of AUP – AD integration
Introduction to Clearswift - America's Growth Capital 2011 35
INBOUND THREATS
Introduction to Clearswift - America's Growth Capital 201136
37
• Email still remains a vector for viruses to propagate• Many thousands of new viruses and variants are
created daily
Kaspersky
Content Detection
Zero-Hour
Multi-layered Malware protection system
38
• TRUSTmanager– global reputation network– Rejects 80-90% of all traffic before it
reaches your gateway• SpamLogic
– delivers in total 99.6% accuracy rate– Multi-engine layered defence
World class spam protection
39
Reputa
tion
Gre
ylis
ting
BATV
Anti
-Spoof
RB
L
SPF
Valid
ate
Sender
LDA
P
Sig
natu
res
(Junk/
Bulk
)
CU
RB
L
Bayesi
an
Anti
-sp
am
Eng
ine
80-90%+ of spam rejectedusing these filters
Connection/Network LevelChecks
Content LevelChecks
Multi-layered spam defences
40
• Web Portal to permit users to release own messages• Digests allow end users to perform simple tasks or they can
connect to the portal 24x7 using their existing Windows credentials• Per-user localisations: English, German, French, Italian, Spanish,
Portuguese, Japanese, Traditional and Simplified Chinese
End user message release
DATA LOSS PREVENTION
41
42
• Files detected using true-file type technology
• Banned file types can be blocked or stripped from messages
• Selective scanning enables searches of areas of interest– Headers, Messages, Attachments (MS Office, Open Office, PDF,
HTML)
• Powerful search criteria– Dictionaries for PCI, PII, Profanity, etc.– Expressions, Regular expressions and Operators
• ImageLogic to detect registered images from distribution
Deep inspection – multiple ways to inspect message content
43
Received: from eric ([192.168.201.1]) by prodman11.europe.clearswift.com (8.14.1/8.14.1)
with SMTP id nB2MGP3d006083 for [email protected];
Wed, 2 Dec 2009 22:16:27 GMT Date: Wed, 2 Dec 2009 22:16:25 GMT Message-Id: <[email protected]> From: <[email protected]> To: <[email protected]>
Subject: Here is a great document
Hi Eric
This is a really document , call me on 01189 038503
Regards Alyn
Here is my site http://www.clearswift.com
Headers, footers and meta-data
44
• Predefined regular expressions for PII (Personally Identifiable Information) and PCl (Personal Credit Information)– National insurance number– Credit card numbers– Social security number– IBAN numbers
• Editable Compliance dictionaries– GLBA, SOX, HIPAA, SEC, PCI, PII
Data loss templates
45
Powerful regular expression engine
• Powerful expression list features permit customers to build up search patterns for detecting content leaks
• Regular expression engine combined by boolean and positional operators permit constructs such as
– Credit card numbers NEAR expiry dates– Employee id AND postal code– Reference Number FOLLOWEDBY =1 Part Number
COMPLIANCE
47
• Supports PGP, S/MIME and Password Protected messages
• Allows signing, encryption and decryption of messages
• Policy based encryption, i.e. by route or by content
• Opportunistic TLS for server to server communications
• Portal based encryption
Email Encryption
48
On a policy route
On a content rule
Encryption by direction or content
FLEXIBLE POLICIES
49
50
• Contents Rules to inspect the data applied to Policy Routes that define what is allowed over that email communication channel
Easy policy model
51
Content Rules
• Predefined Policy enables customers to get up and running quickly and easily
• Customers can build policies on – Encryption/Decryption* Signature validation– Active Content– Filenames– Textual Phrases in headers, body and attachments– Media Types– Spam– Unacceptable Images– Malware– Missing Managers– Message Size– Disclaimers
52
Track messages using extensive criteria
Works across peer group
Message Tracking across peers
Export data into CSV file
53
Over 70 different reports available
Scheduled or on-demand
Built-in Reporting
54
Over 60 different alarms available
SMTP and SNMP as standard
System Alerting
CONCLUSION
55
Conclusion
• Clearswifts technology will enable your organisation to maximise the benefits from Web & Email while keeping out the security risks.
• We enable a safe and controlled way of taken the full benefit from Web 2.0 and Social Media
• Data Leakage Prevention is part of our standard offering
THANK YOU!
ANY QUESTIONS?
57
