WEBSENSE CONFIDENTIAL Mail Security Overview Claudio Zattoni Technical Support Engineer...

34
WEBSENSE CONFIDENTIAL Mail Security Overview Claudio Zattoni Technical Support Engineer claudio.zattoni@itwayv ad.com

Transcript of WEBSENSE CONFIDENTIAL Mail Security Overview Claudio Zattoni Technical Support Engineer...

Page 1: WEBSENSE CONFIDENTIAL Mail Security Overview Claudio Zattoni Technical Support Engineer claudio.zattoni@itwayvad.com.

WEBSENSE CONFIDENTIAL

Mail SecurityOverview

Claudio ZattoniTechnical Support Engineer

[email protected]

Page 2: WEBSENSE CONFIDENTIAL Mail Security Overview Claudio Zattoni Technical Support Engineer claudio.zattoni@itwayvad.com.

WEBSENSE CONFIDENTIAL2

Ogni mail e’ un rischio

Ogni mail ricevuta e’ potenzialmente un rischio per la sicurezza

Ogni mail in uscita e’ potenzialmente un rischio per la perdita di informazioni importanti per la nostra azienda

Ogni mail non necessaria e’ uno spreco di risorse per la rete aziendale

Ogni mail non controllata e’ una minaccia per la reputazione e la profittabilita’ dell’azienda

Page 3: WEBSENSE CONFIDENTIAL Mail Security Overview Claudio Zattoni Technical Support Engineer claudio.zattoni@itwayvad.com.

WEBSENSE CONFIDENTIAL3

Inbound E-mail Traffic

Spam ha raggiunto il 71% di tutti i messaggi di posta elettronica worldwide. Nel 2001 erano solo l’ 8%

United Nations 52 billion spam messages al giorno 900 million viruses al giorno 70 billion directory harvest attacks al giorno

The Radicati Group “E-Mail Security 2005-2009

28% crescita negli attacchi di phishing ogni mese Anti-Phishing Working Group Report, March 2005

In 2006…

Page 4: WEBSENSE CONFIDENTIAL Mail Security Overview Claudio Zattoni Technical Support Engineer claudio.zattoni@itwayvad.com.

WEBSENSE CONFIDENTIAL4

Outbound E-mail Traffic

Piu’ del 69% delle organizzazioni ha subito una perdita di informazioni.

Questa perdita di informazioni si divide in:

– 39% confidential business information

– 27% informazioni personali sui clienti

– 24% intellectual property

– 10% informazioni personali sui dipendentiPonemon Institute, 2005 Report

Page 5: WEBSENSE CONFIDENTIAL Mail Security Overview Claudio Zattoni Technical Support Engineer claudio.zattoni@itwayvad.com.

WEBSENSE CONFIDENTIAL5

L’obiettivo del mail filtering

Protezione da:– spam– phishing attacks– malicious URL links in e-mails– spyware protection– virus

Miglior gestione delle risorse di rete della nostra azienda

Rafforzamento delle policies

Protezione in ambito legale

Aumento della profittabilita’

Page 6: WEBSENSE CONFIDENTIAL Mail Security Overview Claudio Zattoni Technical Support Engineer claudio.zattoni@itwayvad.com.

WEBSENSE CONFIDENTIAL

Websense Email Security

Page 7: WEBSENSE CONFIDENTIAL Mail Security Overview Claudio Zattoni Technical Support Engineer claudio.zattoni@itwayvad.com.

WEBSENSE CONFIDENTIAL7

E Mail Security

Protezione posta in entrata e in uscita

Pre-screening (DHA, Denial of Service…)

Permette di ottimizzare le risorse del Mail Server

Antivirus

Powered by Authentium, Mcafee e tecnologia On Demand

Antispam

- Spam Digital Figerprint

- Heuristic Engine

- Lexi Rules

Content filtering

- Dizionari

- Virtual Learning Agent

- Internet Threat Database

Page 8: WEBSENSE CONFIDENTIAL Mail Security Overview Claudio Zattoni Technical Support Engineer claudio.zattoni@itwayvad.com.

WEBSENSE CONFIDENTIAL8

Standard E-mail Communication

SMTP (port 25)SMTPS (port 465)

The MTA looks up he recipient’sMX record in DNS (port 53)

POP3 (port 110)IMAP4 (port 143)

SMTPSMTPS

Page 9: WEBSENSE CONFIDENTIAL Mail Security Overview Claudio Zattoni Technical Support Engineer claudio.zattoni@itwayvad.com.

WEBSENSE CONFIDENTIAL9

E-mail Filter(Inbound Anti-Spam/Anti-Virus Only)

SMTP (port 25)SMTPS (port 465)

The MTA looks up the recipient’sMX record in DNS (port 53)

POP3 (port 110)IMAP4 (port 143)

SMTPSMTPS

SMTPSMTPS

Page 10: WEBSENSE CONFIDENTIAL Mail Security Overview Claudio Zattoni Technical Support Engineer claudio.zattoni@itwayvad.com.

WEBSENSE CONFIDENTIAL10

E-mail FilterInbound & Outbound

SMTP (port 25)SMTPS (port 465)

E-mail Filter looks up the recipient’sMX record in DNS (port 53)

POP3 (port 110)IMAP4 (port 143)

SMTPSMTPS

SMTPSMTPS

SMTPSMTPS

Page 11: WEBSENSE CONFIDENTIAL Mail Security Overview Claudio Zattoni Technical Support Engineer claudio.zattoni@itwayvad.com.

WEBSENSE CONFIDENTIAL11

Powerful Connection Management

Protegge le risorse di rete dell’azienda (Mailserver)

Denial of Service Protection

Directory Harvest Protection

Reverse DNS e SPF protegge contro le mail “spoofed”

Blacklist dei mittenti indesiderati

Integrazione con Websense Reputation Services

Server to Server Encryption

Page 12: WEBSENSE CONFIDENTIAL Mail Security Overview Claudio Zattoni Technical Support Engineer claudio.zattoni@itwayvad.com.

WEBSENSE CONFIDENTIAL12

WRS License incluso nella licenza

Antispam Agent.

Verifica sui Datacenter

OnDemand la “reputation” dei

mailserver.

Consente di “passare” al mail

server solo le mail provenienti da ip

validi.

Reputation/DNS Blacklist “Websense Reputation Service” (WRS)

Page 13: WEBSENSE CONFIDENTIAL Mail Security Overview Claudio Zattoni Technical Support Engineer claudio.zattoni@itwayvad.com.

WEBSENSE CONFIDENTIAL13

In Work Out

Isolate Delay Discard MX or Relay Host

Page 14: WEBSENSE CONFIDENTIAL Mail Security Overview Claudio Zattoni Technical Support Engineer claudio.zattoni@itwayvad.com.

WEBSENSE CONFIDENTIAL14

Feature Authentium AV e Zero-hour anti-virus protection nella Anti-Virus Malware Scanning

Advantage Protezione totale contro I virus.

Benefit Maggior Network Security.

Soluzione UNICA per AV e AS sullo stesso server.

Enhanced Threat ProtectionSignature-Based e Zero-Hour AV

Page 15: WEBSENSE CONFIDENTIAL Mail Security Overview Claudio Zattoni Technical Support Engineer claudio.zattoni@itwayvad.com.

WEBSENSE CONFIDENTIAL15

“Zero-Hour” Virus Scanning

Oltre alla “classica” protezione AV, Mailfilter include la “Zero Hour” protection, potenziata dalla tecnologia Huntsman (On Demand) che permette l’identificazione di minacce prima del rilascio di una signature.

Page 16: WEBSENSE CONFIDENTIAL Mail Security Overview Claudio Zattoni Technical Support Engineer claudio.zattoni@itwayvad.com.

WEBSENSE CONFIDENTIAL16

00101100

The Science of Security

Threat data used by analysis teams Real-time feed of zero-day

threat data

Adaptive Threat Intelligence

Threat Analysis Teams

Gateway and Desktop Solutions

Threat information used to improve services and

detection capabilities

Real-time threat informationProvided by on-demand infrastructure

Updat

ed U

RL lis

t

Page 17: WEBSENSE CONFIDENTIAL Mail Security Overview Claudio Zattoni Technical Support Engineer claudio.zattoni@itwayvad.com.

WEBSENSE CONFIDENTIAL17

Zero-Hour Threat Intelligence: Unique to ODS

Closing the Window of Vulnerability: ODS

(On-Demand System VirusReport)

Appena Websensericonosce un “pattern”

la minaccia e’ bloccata.

ODS ha bloccato + di2,000 istanze del malware

prima del primo vendor AV.

Hunstman e’ arrivato prima di 1.7 ore

rispetto al primo vendor AV

Page 18: WEBSENSE CONFIDENTIAL Mail Security Overview Claudio Zattoni Technical Support Engineer claudio.zattoni@itwayvad.com.

WEBSENSE CONFIDENTIAL18

Websense Anti-Spam Agent

Spam Digital Fingerprints

– Categorizzato per specifiche tipologie di Spam

Heuristics Engine

– Miglialia di regole per identificare phishing & spam attacks

– Filtraggio sensibile alla scelta del cliente LexiRules

– Analisi lessicale per l’identificazione di spam

Integrated URL Database Aggiornamenti ogni 2 ore

Page 19: WEBSENSE CONFIDENTIAL Mail Security Overview Claudio Zattoni Technical Support Engineer claudio.zattoni@itwayvad.com.

WEBSENSE CONFIDENTIAL19

Spam Protection – Digital Fingerprints

100% Human Review

17 Categorie Database

Proprietary “Digital Fingerprints”

Piu’ di 300,000 signature per milioni di attacchi

~10,000 signature aggiunte ogni mese

DFP database aggiornato continuamente da 3 laboratori in tutto il mondo

Page 20: WEBSENSE CONFIDENTIAL Mail Security Overview Claudio Zattoni Technical Support Engineer claudio.zattoni@itwayvad.com.

WEBSENSE CONFIDENTIAL20

Spam Protection– Heuristics

Analizza e pesa le caratteristiche del messaggio

– Cosa “sembra” spam

– Analisi su tutto il messaggio

– Overall score + customer sensitivity control = Allow/Disallow il messaggio

~3000 rules, aggiornate 3 volte al giorno

Customizzabile per la verifca delle mail legittime

Page 21: WEBSENSE CONFIDENTIAL Mail Security Overview Claudio Zattoni Technical Support Engineer claudio.zattoni@itwayvad.com.

WEBSENSE CONFIDENTIAL21

Feature Euristica avanzata per lo spam a immagini

Advantage Cattura piu’ immagini e spam PDF basati sui criteri specifici e tipici di questo spam (numero di .gif images, etc.). Incluso nell’ Anti-Spam Agent

Benefit Migliora la percentuale di cattura di spam a immagini e PDF

Enhanced Threat ProtectionAdvanced Spam Capture Heuristics

Page 22: WEBSENSE CONFIDENTIAL Mail Security Overview Claudio Zattoni Technical Support Engineer claudio.zattoni@itwayvad.com.

WEBSENSE CONFIDENTIAL22

Spam Protection – LexiRules

Utilizza gli operatori Booleani

Centinaia di regole pre definite

Lavora di pari passo con il motore Euristico

Page 23: WEBSENSE CONFIDENTIAL Mail Security Overview Claudio Zattoni Technical Support Engineer claudio.zattoni@itwayvad.com.

WEBSENSE CONFIDENTIAL23

Content Filtering: dizionari

19 categorie di dizionari

12 language packs importabili (xml)

– English, Dutch, French, Spanish, German, Italian, Japanese, Chinese Traditional, Chinese Simplified, Portuguese, Russian, Korean

“Peso” dei vocabili customizzabile per ottimizzare il filter.

Creazione di dizionari custom

Creazione di regole basate sui dizionari custom

Page 24: WEBSENSE CONFIDENTIAL Mail Security Overview Claudio Zattoni Technical Support Engineer claudio.zattoni@itwayvad.com.

WEBSENSE CONFIDENTIAL24

Protegge dalla perdita intenzionale o accidentale di informazioni confidenziali (confidential information leakage)

Puo’ essere “allenato” per riconoscere documentazione proprietaria.

Basato sul contenuto dei documenti

Content Filtering: Virtual Learning Agent

Page 25: WEBSENSE CONFIDENTIAL Mail Security Overview Claudio Zattoni Technical Support Engineer claudio.zattoni@itwayvad.com.

WEBSENSE CONFIDENTIAL25

Controllo di immagini per adulti - Virtual Image Agent

Distingue tra immagini pornografiche e immagini lecite

Lascia il materiale inappropriato fuori dalla sede di lavoro

Migliora la produttivita’ e la serenita’ sul posto di lavoro

Usa piu’ di 22.000 algoritmi Migliora il controllo e le policies senza

intaccare le performance

Page 26: WEBSENSE CONFIDENTIAL Mail Security Overview Claudio Zattoni Technical Support Engineer claudio.zattoni@itwayvad.com.

WEBSENSE CONFIDENTIAL26

Who

Page 27: WEBSENSE CONFIDENTIAL Mail Security Overview Claudio Zattoni Technical Support Engineer claudio.zattoni@itwayvad.com.

WEBSENSE CONFIDENTIAL27

What

Page 28: WEBSENSE CONFIDENTIAL Mail Security Overview Claudio Zattoni Technical Support Engineer claudio.zattoni@itwayvad.com.

WEBSENSE CONFIDENTIAL28

Operations

Page 29: WEBSENSE CONFIDENTIAL Mail Security Overview Claudio Zattoni Technical Support Engineer claudio.zattoni@itwayvad.com.

WEBSENSE CONFIDENTIAL29

Notify

Page 30: WEBSENSE CONFIDENTIAL Mail Security Overview Claudio Zattoni Technical Support Engineer claudio.zattoni@itwayvad.com.

WEBSENSE CONFIDENTIAL30

Actions

Page 31: WEBSENSE CONFIDENTIAL Mail Security Overview Claudio Zattoni Technical Support Engineer claudio.zattoni@itwayvad.com.

WEBSENSE CONFIDENTIAL31

End-User ControlPersonal E-mail Manager

Elimina I falsi positivi

Notifica dei messaggi schedulabile o immediata

Portale https

End user blacklist/whitelist

Controllo della posta in entrata e in uscita

Controllo dell’attivita’ dell’utente finale

Page 32: WEBSENSE CONFIDENTIAL Mail Security Overview Claudio Zattoni Technical Support Engineer claudio.zattoni@itwayvad.com.

WEBSENSE CONFIDENTIAL32

Page 33: WEBSENSE CONFIDENTIAL Mail Security Overview Claudio Zattoni Technical Support Engineer claudio.zattoni@itwayvad.com.

WEBSENSE CONFIDENTIAL33

Websense Report CentralUnrivalled Visibility

Page 34: WEBSENSE CONFIDENTIAL Mail Security Overview Claudio Zattoni Technical Support Engineer claudio.zattoni@itwayvad.com.

WEBSENSE CONFIDENTIAL

Grazie!