Symantec Brightmail Anti-Spam 6.0 Product Overview Presentation

08. März 2005

Christoph Kugler

Territory Account Manager

christoph_kugler@symantec.com

2

Agenda

The Growing Spam Problem

Symantec Mail Security

SBAS Product Features

Architecture, Deployment, Sizing

Filtering Technologies

Brightmail Scanner

Brightmail Control Center

Folder Agents

Brightmail Plug-in for Outlook

Symantec Mail Security 8200 Series

Summary – Why is Brightmail the best

The Growing Spam Problem

4

Who am I?

Name: Laura Betterly

Age: 41

Single, mother, 2 kids

Annual salary: 300’000$

Owner of Data Resource Consulting Inc.

Job Title: Spam Queen

5

Merkmale von Spam

Wird meistens an eine grosse Anzahl Benutzer gesendet

Empfänger weiss nicht wer der Sender ist

Empfänger hat es nie angefordert

Schwierig bzw. Unmöglich es abzubestellen

Wenn Sie es nicht erhalten, Würden Sie es vermissen??

6

Spam Continues to Grow and Evolve

Symantec Mail Security

8

Symantec Mail Security

SMS - Symantec Mail Security

SBAS - Symantec Brightmail AntiSpam

9

Symantec Mail Security Product Family

Protection Tier Deployment Key Features

Groupware Gateway Network Software Appliance AS AVContent Filtering

Traffic Shaping

SMS 8100

Limited

SMS 8200

Limited

SBAS

SMS for SMTP

SMS for Domino SMS for Exchange

Symantec Brightmail Anti-Spam 6.0Product Features

11

Leadership

Brightmail is the worldwide leader in anti-spam technology, providing anti-spam software at the Internet gateway

325 million mailboxes25% of global mailboxes2,000 businesses9 of top 12 U.S. ISPs

Protects over

100 billion in June 2004*15% of global Internet traffic*

*Nearest competitor: 6 billion messages & 1% global traffic

Messages Filtered

*Nearest competitor: 6 billion messages & 1% global traffic

12

Zero Administration

Why low administration matters?• Do you have time to write rules, whitelist

senders or resolve false positives?

• Do you have visibility into new spam trends?

• Do you want to be an expert at fighting spam?

• Can you provide 24x7 spam fighting capability?

Largest hidden cost of an anti-spam solution

Look for: Zero Administration

13

Lowest False Positives

BAS has the industry’s lowest false positive rate

• Brightmail is 99.9999% accurate (1 in 1 million)

• 10x fewer then the closest competitor

Why are we the lowest?

• Brightmail will NOT introduce a technology without accuracy

• Competitors taking quickest approach to effectiveness

Look for: 1 in 1 million false positives

14

Catch the Most Spam

Multiple technologies for complete spam defense• There is no silver bullet anti-spam technology

• Different filters effective against different types of spam

• With multi-layer solutions spammers must avoid each layer

Innovation & global coverage• Need to constantly innovate to stay ahead of spammers

• Ability to filter foreign language spam effectively

Look for: 95% Catch Rate

15

Symantec Brightmail Anti-Spam Customers

Enterprise Service Provider

16

Product Review and Industry Analyst Validation

"A benchmark in the field……95 to 96 percent effectiveEasy to install and maintain

“Brightmail caught the highest %of spam and had the lowest false-positive rate of any of the products tested.”

“…a real "set and forget" system. “

Brightmail Anti-Spam's false-positive score speaks for itself…Brightmail Anti Spam is the best answer we know of.”

Positioned in the “Leaders” Quadrant - Magic Quadrant for Enterprise Spam Filtering

- Gartner Research, 2004

“Brightmail, the leading provider of AntiSpam software, achieves a 1-message-in-1-million false positive rate.”

– Yankee Group 2004

17

Info World Article Review

18

Architecture, Deployment, Sizing

20

What is Brightmail 6.0 (BAS)?

Not an MTA

Integrates with industry standard MTA’s

Centralised Management / Reporting

Not a Content Filtering engine (Attachments)

Has AV scanning capabilities

Multiple Operating Systems supported

Deployed anywhere within your messaging topology

21

Key Features

Flexible Spam Handling• Modify subject line or header• Delete• Forward to email address for review• Administrator Quarantine

Per-User Quarantines• Web-based quarantine• Groupware quarantines - Exchange and Domino

Customized Mail Policies• Group Policies• Adjustable spam thresholds

Per User Spam Control• Allow/Block lists• Language preference• Submissions

Powerful Administration• Web-based Control Center• Global management of multiple servers• Centralized granular reporting• Assignable administrator privileges• Alerts

Flexible Architecture• Multiple LDAP integrations• Multiple MTA integrations

Content Filtering• Block Lists• Allow Lists• Custom Filters Editor

Complete Threat Protection• Anti-Virus – Optional module

22

High-level Architecture

Symantec Operations Customer Site

23

Spam Analysis and Operations: the BLOC

24

Flexible DeploymentInstall components on one or many machinesDeploy where you want (gateway, relay, or mailbox server)Choose Quarantine option (Web-based or email client-based)Incorporate end-user tools and features with Outlook Plug-in

25

Scalability

Brightmail Anti-Spam scalability proof points

On a single CPU

• Linux server, handles around 25 messages/sec

• e.g. 25 x 3600 = 9000 messages/hour

• 9000 x 9 = 81000 messages / business day

Additional performance through more CPUs or more servers at no additional cost (BAS is licensed per user)

Filtering Technologies

27

Defending Against Spam: a Multi-layered Approach

28

Points to Remember

Technology Custom Rules

Regular Expression (Header & Body)

Reputation Service

Hashing (Body & URL’s)

URL Filtering

Heuristics

Language Support Chinese

Dutch

English

French

German

Italian

Japanese

Korean

Portuguese

Russian

Spanish

Brightmail Scanner

30

• Communicates with your MTA (doesn’t replace it)

• Receives updated filters from the BLOC

• Examines incoming messages for spam, viruses, email threats, and special content

• Produces a verdict for a message

• Server component that filters mail and returns verdict

• Filtering engine

• Conduit component that manages statistics and updated filters

• Client component that integrates with MTA (optional)

What it Does What it Includes

What is the Brightmail Scanner?

The Brightmail Scanner is one of the key software components that powers Brightmail Anti-Spam

31

Secure Filter Transmission

Filter Download Sizes

First complete set of filters

10-15MB

Future downloads (updates only)

40-50KB

Polls for new filters every

minute

New filters are:• Downloaded via

HTTPS• Available every

10 minutes

Each Scanner retrieves its own

filters

32

Platform and Mail Server Support

Sendmail 8.12Sendmail Switch 3.1EximPostfix 2.1.3QMailSun Messaging Server 5.2/6.0

Solaris 8Solaris 9

Solaris

Sendmail 8.12Enterprise Linux ES 3.0Enterprise Linux AS 3.0

Linux (Red Hat)

Microsoft IIS SMTP*Exchange 2000Exchange 2003

Windows 2000 ServerWindows Server 2003

Windows

MTA SupportVersionPlatform

* Other MTAs, including Exchange 5.5 and Domino, can be supported in a relay configuration. To enable this support, Brightmail Anti-Spam is installed on an upstream machine with the IIS SMTP Service relaying filtered mail to the target MTA.

Sendmail 8.12Linux 9.1Linux (SuSe)

Control Center

34

Brightmail Control Center

Web-based interface for: Centralized management

• Push settings out

• Pull logging back

Web quarantine

• Administrator interface

• End user interface

Monitoring

• Summary dashboard

• Per-machine status

• Logs

• Statistics and reports

35

Brightmail Control Center Settings

Create list of blocked sendersCreate list of allowed senders Adjust threshold for filtering aggressiveness

Choose reputation filters to employEnable language identification features

• Embedded Tomcat • Embedded MySQL• Brightmail Software

– Web Pages– SMTP Listener– Expunger– Notifier

Complete Solution

Migrate settings from previous releases

Set up alert triggers

Work with consolidated reportsView consolidated and individual logs

Set up group policies

Set up and view Web Quarantine

Work with Brightmail ScannersIdentify external mail servers

Add admins with specific privileges

Set up antivirus filtering

Create custom content filters

Change LDAP settings

36

Spam Scoring

Each spam message given a score

Messages over 90 are given “spam” verdict

Administrators can turn on/off suspect spam threshold

Administrators can define lower end of suspect spam

In policies, administrators can set different actions for spam and suspect spam

37

Detailed Reporting

Multiple reporting categories Processed, spam, suspected spam, allowed/blocked messages,

and viruses

Reporting by multiple criteria Recipient Sender Recipient Domain Sender Domain IP Connection etc.

Benefits 19 reports available Report viewer in Control Center Generate as needed or

pre-set intervals Export to multiple formats

38

Group Policies

39

Group Policies

• All email domains

• Sub domains

• Individual users

• Wildcard Support

Multiple Types of Members

• Spam

• Suspect Spam

• Blocked Sender

• Allowed Sender

• Virus

• Worm

Six Email Categories

• Delete

• Mark up message subject

• Mark up message header

• Forward to an email address

• Save to disk

• Deliver normally

Six Verdicts

40

Communication HTTPS between Scanner and Control Center HTTPS between administrator, end users, Control Center (Optional)

Administrator Privileges Support for multiple administrators

Different privileges for different administrators (Some access only quarantine, others can change server settings)

End User Authentication Via LDAP to Active Directory

Exchange 5.5

SunOne

Control Center Security

41

LDAP Capabilities and Features

Alias Expansion Quarantine automatically resolves all

aliases and delivers messages to the quarantine account for the underlying email address.

Quarantine can access LDAP directories such as: Active Directory (Exchange 2000 and

Exchange 2003) Exchange 5.5 Sun ONE Directory Server

Customisable LDAP attributes Fully-configurable LDAP query settings

and attributes to match your LDAP schema.

42

System Alerts

Immediate notification when certain operating conditions arise

Sends email alerts to administrators or other parties

Applicable conditions: A Brightmail component is not

responding or working

Anti-spam filters are older than a specified time

Anti-virus filters are older than a specified time

Brightmail Quarantine is low on disk space.

43

Enhanced Web-based Quarantine

• Spam stored centrally at gateway; not passed through network

• End users notified daily/weekly about new spam

• Centralized message purging after x days

• Can “release” quarantined messages to user(s) inbox

• End users can access quarantine at any time

• Search functionality for both administrators and end-users

Benefits

44

Sample Quarantine Screenshots

Folder Agents

46

Exchange Spam Folder Agent

Quarantine that lives in Exchange End users can access from their mail client

Appears as a mail folder

Software installed on each Exchange server

Creates a “Spam” folder for each user

Administrator defines number of days to hold spam before deleting

47

Domino Agent

Creates a “Spam” folder for each user in the system

Administrator can set how many days before deleting spam

Message Submission Single click submission of

missed spam & false positives to Brightmail

Missed spam → Probe Network

Potential false positive → Reviewed by a BLOC Technician

Brightmail Plug-in for Outlook

49

Brightmail Plug-in for Outlook

Provide powerful spam management tools for your users

Empower users to take control of their inboxes

Single click submissions of misidentified messages

Symantec Mail Security 8200 Series

51

High-level Overview

Model 8240 8260

Customer segment 100-1,000 Users Over 1,000 Users

Antispam

Antivirus

Traffic shaping Limited Limited

Form factor 1U 1U

Storage 40 GB 73 GB

Redundancy Hard disk Hard disk, power supply, fans

*Under testing, subject to change

The most accurate email security appliance powered by the award-winning, industry-leading Brightmail AntiSpam technology from

Symantec, the global leader in Information Security

52

Appliance Platform Highlights

Symantec Branded Product (no overt reference to OEM) Based on OEM Hardware from Dell

High Performance: Intel CPUs High Quality: Field Failure rates < 1% High Resiliency: Built in Redundant Parts

Enterprise Class Support Standard HW warranty = Next Biz Day ONSITE repair* Platinum support includes Same Day ONSITE repair*

Quick Lead-times Symantec can order product at any time Manufactured on 8-12 Day Lead-Times

Compliant to Ship World-wide at FCS*Where available: some small European countries and rural areas are excluded

53

Key Features

Appliance Form Factor • Hardware*• Hardened Operating System*• Hardened Mail Relay*• TLS Encryption*

Filtering Engine• Brightmail AntiSpam• Symantec AntiVirus• Email Firewall—TurnTide Traffic Shaping*• Email Firewall—Automated Defenses*• Email Firewall—Reputation Lists• Content Filtering—Attachment Mgmt*• Content Filtering—Dictionaries*• Content Filtering—Annotations*• Content Filtering—Custom Rule Editor• SPF*

System Management• Web-based Administration• Global Management• Multiple Administrator Roles• Automatic Rule Updates• 55 Reports (35 New)*• Software Update Mechanism*

Mail Management • Group Policies• Outbound Policies*• LDAP Group Policies*• 16 Actions (8 New)*• Compound Actions*• End User Preferences—Block/allow list*• End User Preferences—Language*• Administrator & End User Quarantine

* Denotes new feature

54

Architecture

SummaryWhy is Brightmail the best …

56

Why is Brightmail the Best…

The most complete e-mail security technology Has the most complete arsenal of anti-spam technology

• Heuristics, URL Rules, Source filters, Signatures etc.

Symantec AV

The most extensive anti-spam operations center Anti-spam filters updated every 10 minutes

BLOC is unmatched for detecting spam and rule distribution

Complete manageability with hands off capability Flexible spam management & control

Powerful global management console

Integrated anti-virus and content filtering technology

Thank You

Kostenloser 30 Tage Download unter: http://emea.symantec.com/brightmail