may 19-20 l washington, dc l omni shoreham the roi of messaging security jf sullivan vp marketing,...
TRANSCRIPT
May 19-20 l Washington, DC l Omni Shoreham
The ROI of Messaging Security
JF Sullivan
VP Marketing, Cloudmark, Inc.
Parallels Summit 20082 © 2
00
1-2
00
6 C
lou
dm
ark
In
c.
| C
ON
FID
EN
TIA
L
2
About Cloudmark
• Market Leader in Carrier-Grade Messaging
Security
• Anti-Spam, Anti-Phishing, Anti-Virus Solutions
• Protecting 600 Million Mailboxes in 190+ countries
• Customers: Leading ISPs and Web Hosting
Providers
Cloudmark & Parallels• Partnership under development
• Integrated with Plesk solution
Parallels Summit 20084 © 2
00
1-2
00
6 C
lou
dm
ark
In
c.
| C
ON
FID
EN
TIA
L
4
The Direction of Spam
What do Spammers and Legitimate Sender(s) have in Common?
Both send email in order to Make $$$
Parallels Summit 20085 © 2
00
1-2
00
6 C
lou
dm
ark
In
c.
| C
ON
FID
EN
TIA
L
5
The Direction of Spam
Spammers challenged by advances in anti-abuse
technologies.
Parallels Summit 20086
6
The Direction of Spam
Spammers have responded.
Parallels Summit 20087
7
More Sophisticated Attacks Blended Threats Indistinguishable Phishing Attacks
Parallels Summit 20088
Higher Margin Spam
Pump and Dump Image Spam
Parallels Summit 20089
Broader Distribution
Bots
Dynamic Server Mapping
Target
Attacker
Servers
Botnets for Spam Distribution
Parallels Summit 200810
Spam as % of Worldwide Email Volume
0%
10%
20%
30%
40%
50%
60%
70%
80%
90%
100%
02 03 04 05 06 07
Greater Volume of Spam
25%
95%
11
Impact on Web Hosting Companies
Infrastructure
Operations/Administration
Customer Satisfaction
Parallels Summit 2008
© 2
00
1-2
00
6 C
lou
dm
ark
In
c.
| C
ON
FID
EN
TIA
L
12
What We’ve Learned
Specific approaches and attacks can’t be predicted
Flexible architecture is required for rapid integration of new anti-abuse schemes
Analysis must be language and content-type agnostic
Fast distribution of threat intelligence is key
Parallels Summit 2008
13
Evolution of Email Spam
2002
Threats
Solutions
• Whitelist• IP Blacklist• Content rules
• Attach Scan• Policies• More rules• Desktop security
• URL Scan• OCR• More rules• More policies• Heuristics
• Laws• Regulations• Indictments
•Fingerprinting and collective network intelligence
• Mass Mailing • Viruses• Malicious HTML
• Phishing• Image Spam• Spyware
• Botnets• Stock Scams
• Blended threats• Hacked URLs• Mutating attacks
25%
Mid-2006
85%
2006
90%
2007
95% spam
2004
35%
13 Parallels Summit 2008
© 2
00
1-2
00
6 C
lou
dm
ark
In
c.
| C
ON
FID
EN
TIA
L
14
How Fingerprinting Works
Spam
Legit.
User
Fingerprint Cache Reject
Algorithms Fingerprints Local Lookup/ Verdict
© 2
00
1-2
00
6 C
lou
dm
ark
In
c.
| C
ON
FID
EN
TIA
L
15
Collective Network Intelligence: Cloudmark Example
GLOBAL THREAT NETWORKSERVICE
TRUST EVALUATIONSYSTEM
CLOUDMARK RESEARCH
ADVANCED MESSAGE FINGERPRINTINGTM
ALGORITHMS
Threats
15 Parallels Summit 2008
© 2
00
1-2
00
6 C
lou
dm
ark
In
c.
| C
ON
FID
EN
TIA
L
Fingerprinting Advantages
Identifies mutations in real time
Language, content agnostic
Significantly less CPU intensive
Higher Accuracy and Performance
Updates every minute
16 Parallels Summit 2008
© 2
00
1-2
00
6 C
lou
dm
ark
In
c.
| C
ON
FID
EN
TIA
L
17
Impact of Better Messaging Security
Performance
Filtering Accuracy
Filtering servers Rack space
Storage Support Churn
Improved Management Admin
17 Parallels Summit 2008
© 2
00
1-2
00
6 C
lou
dm
ark
In
c.
| C
ON
FID
EN
TIA
L
18
Web Hosting Typical Results
SpamAssassin deployed
Filtering accuracy at 75-80%
Administering rules and lists became unmanageable
Storage and mail servers getting overwhelmed
Filtering 0.5 messages/sec
Customer complaints about spam (approx. $6 customer complaint per spam message)
Challenges
Plug-in with fingerprinting
Accuracy jumped to 98% (23% improvement)
20-25 man-hours week saved in administration
700GB storage saved (2 yrs)
Filtering 10 messages/sec
80-90% reduction in filtering servers (from 10 → 2)
Near zero customer complaints related to spam
Results
18 Parallels Summit 2008
© 2
00
1-2
00
6 C
lou
dm
ark
In
c.
| C
ON
FID
EN
TIA
L
19
Economic Impact of Better Messaging Security
Performance
Filtering Accuracy
Filtering servers
Rack space
Storage
Support
Churn+20%
$6K - $30K
$80K - $900K
$20K- $100K
$6K - $54K
$30K - $150K
Improved Management
First Year Savings
Admin $42K - $52K
$180K -$1.3M
10X Faster
19 Parallels Summit 2008
Parallels Summit 200820
Thank you