Fixed Network Security Solutions Guide

needmorebaitΔίκτυα και Επικοινωνίες

20 Νοε 2013 (πριν από 3 χρόνια και 11 μήνες)

85 εμφανίσεις







Fixed Network Security Solutions Guide
October 2012

Fixed Network Security Solutions Guide

Page 1 of 11
Contents
Executive Summary ............................................................................................................ 2

How Can Cloudmark Help You? ......................................................................................... 2

Attackers Are Sending Spam, Phishing and Malware Email to Your Customers
and End Users ............................................................................................................... 2

Your Inbound Messaging Infrastructure Can’t Keep Up with the Amount of
Messaging Traffic and Messaging Abuse Entering Your Network ........................... 3

Your Outbound Messaging Infrastructure Can’t Keep Up with the Amount of
Messaging Traffic and Abuse on Your Network. ........................................................ 3

Your Administrative Staff Does Not Have the Resources Available to Architect,
Deploy and Manage a Messaging Security Solution .................................................. 3

Service Provider Challenges .............................................................................................. 3

Growth in Email Subscriber Accounts ........................................................................ 3

Spam 4

Viruses and Malware ..................................................................................................... 4

Phishing Attacks ........................................................................................................... 4

Cloudmark Messaging Security Solutions for Fixed Networks ....................................... 5

Cloudmark Security Platform for Email ....................................................................... 5

Best Performing Messaging Security .................................................................................................. 6

Flexible Deployment ............................................................................................................................ 6

IPv6 Support ........................................................................................................................................ 7

Easy Integration with Existing IT Infrastructure ................................................................................... 7

Granular Threat Control ...................................................................................................................... 7

Centralized Management .................................................................................................................... 7

Centralized Monitoring and Visibility ................................................................................................... 7

Cloudmark Authority ..................................................................................................... 8

Spam Protection .................................................................................................................................. 9

Phishing Protection ............................................................................................................................. 9

Virus Protection ................................................................................................................................... 9

Cloudmark Global Threat Network .............................................................................. 9

Cloudmark Sender Intelligence ...................................................................................10

Cloudmark ActiveFilter ................................................................................................10

Summary ............................................................................................................................ 11





Fixed Network Security Solutions Guide

Page 2 of 11
Executive Summary
Analysts estimate that up to 74% of today’s email traffic includes some form of messaging abuse such as
spam, malware and phishing attacks. Unwanted email traffic burdens ISP and hosting provider networks,
causing administrative fire drills and unplanned investments in infrastructure, storage and bandwidth.
Email-borne viruses can infect consumer devices and network servers, requiring expensive support and
remediation programs. Customers call to complain, or simply move their service to a more trusted
provider.
In order to remain competitive and improve adoption of additional services, providers must deliver a
secure and trusted messaging experience. Cloudmark Fixed Network Security Solutions automatically
detect and block all forms of inbound and outbound messaging abuse, before it impacts subscribers and
networks. Cloudmark unburdens your network and email servers of unwanted traffic to reduce operating
costs, infrastructure requirements and customer support call volumes. Customers will enjoy a secure and
trusted messaging experience, improving brand loyalty and increasing acceptance of additional profitable
services. Cloudmark messaging security solutions offer the following benefits to ISPs and service
providers:
 360 Degree Messaging Security – Cloudmark scans all inbound and outbound email, instant
messaging, social networking, web browsing, and other messaging traffic to protect provider
networks, enterprise customers and consumers against all types of spam, viruses and phishing
attacks. Blocking outbound spam protects your company’s reputation with receiving ISPs,
reducing throttling and IP address blacklisting.
 Fast Threat Response with Unmatched Accuracy – Cloudmark detects and blocks spam and
threats using advanced algorithms refined over 12 years, and information from the Cloudmark
Global Threat Network™. The Global Threat Network feeds up-to-the-minute spam and threat
intelligence from more than 2 billion user accounts worldwide to Cloudmark security solutions.
 Enables Additional Value-added Services – Cloudmark blocks unwanted messaging traffic,
freeing additional bandwidth for use. Spam and virus mitigation builds subscriber trust, increasing
acceptance rates of additional profitable services. Cloudmark enables value-added services
including corporate archiving, personal quarantining, anti-sexting and anti-bullying.
 Cost and Overhead Reduction – Cloudmark scans all messages with minimal processing
requirements, drastically reducing necessary hardware and freeing system resources. Security
automation and simplified management frees system administrators for other tasks.
 Low Latency Message Scanning – Less than 10ms latency reduces network impact and
maintains customer service levels.
 High Reliability and Scalability – Cloudmark’s carrier-class messaging security solutions enable
ISPs and service providers to offer secure, enterprise-class messaging services to business
customers with the highest levels of reliability, scalability and availability.
How Can Cloudmark Help You?
The Cloudmark Mobile Security Solution solves a wide variety of problems facing operators today. Some
typical applications are listed below:
Attackers Are Sending Spam, Phishing and Malware Email to Your Customers and
End Users
This unwanted traffic is burdening your network infrastructure, degrading quality of service and
increasing your operating costs. Users are complaining about spam, requesting virus removal or
simply moving their service to a more trusted provider.
The Cloudmark Security Platform for Email™ provides the highest levels of filtering accuracy
against all forms of messaging abuse, delivering superior message filtering rates and improvements
in edge MTA reliability. Carrier-class flexibility and scalability provide the environment-wide
management that service providers require. In addition to, the Cloudmark Security Platform uses
significantly less processing power than other solutions, enabling significant consolidation of
messaging infrastructure. Cloudmark backs its solutions with a seasoned team of technical services

Fixed Network Security Solutions Guide

Page 3 of 11
personnel, support staff and professional services engineers that work only with Service Provider
customers.
Your Inbound Messaging Infrastructure Can’t Keep Up with the Amount of
Messaging Traffic and Messaging Abuse Entering Your Network
Unplanned network and messaging infrastructure upgrades are increasing your operating costs and
affecting quality of service. Maximize your inbound spam filtering rates while improving performance
and security of existing messaging platforms and edge mail transfer agent (MTA) investments. The
Cloudmark Security Platform provides the industry's most effective and highest performing anti-
spam, anti-phishing and anti-virus protection. Cloudmark's easy-to-manage, scalable solution
consistently blocks over 99% of inbound messaging attacks in real-time with near zero false
positives.
Your Outbound Messaging Infrastructure Can’t Keep Up with the Amount of
Messaging Traffic and Abuse on Your Network.
Your outbound IP address space is being added to global real-time black lists (RBLs), support costs
are increasing and subscribers are complaining about spam, phishing attacks and malware.
Cloudmark’s ability to stop inbound messaging threats extends to outbound protection as well. The
Cloudmark Security Platform provides the industry's most effective and highest performing anti-
spam, anti-phishing and anti-virus protection. Cloudmark's easy-to-manage, scalable solution
consistently blocks over 99% of outbound messaging attacks in real-time with near zero false
positives.
Your Administrative Staff Does Not Have the Resources Available to Architect,
Deploy and Manage a Messaging Security Solution
The Cloudmark Managed Operations Service is able to provide full operational management of a
customer messaging infrastructure. The Managed Operations Service team can also augment
existing operations teams at Service Providers, accelerating the troubleshooting process or
assisting with system tuning, upgrades, and policy management.
Service Provider Challenges
Service providers continue to face significant operational challenges. Escalating spam volumes and
unexpected attacks cause disruptive fire drills, leading to unplanned infrastructure investments, unreliable
service, and increased customer support costs. As ISPs and service providers roll out new value added
services needed to maintain profitability and competitive advantage, it becomes increasingly important for
them to provide a secure messaging experience for customers and end users. If customers are forced to
wade through spam and remove infections from their computers, they may not be willing to try new
services, or might even look to other providers.
Growth in Email Subscriber Accounts
In 2011, 75 percent of the 3.15 billion worldwide email accounts were consumer in nature, while 25
percent of email accounts were classified as corporate. Email accounts overall are expected to
grow to 4.09 billion by 2015, a 7 percent average annual growth rate. Consumer email accounts are
generally offered by ISPs, web portals and a variety of hosting providers free of charge. Over the
next four years, however, corporate email accounts are expected to increase at a faster pace than
consumer email accounts, due in part to the growth of affordable cloud-based email services. The
following table shows growth expectations for both coprorate and consumer email accounts
1
:

2011
2012
2013
2014
2015
Worldwide Email Accounts (M)
3,146
3,375
3,606
3,843
4,087
Corporate Email Accounts
788
850
918
991
1,070
% Corporate Email Accounts
25%
25%
25%
26%
26%
Consumer Email Accounts
2,358
2,525
2,688
2,852
3,017
% Consumer Email Accounts
75%
75%
75%
74%
74%

1

The Radicati Group, 2011


Fixed Network Security Solutions Guide

Page 4 of 11
Figure 1: Growth of Corporate vs. Consumer Email Accounts
1
(millions)

Asia Pacific currently accounts for 49 percent of worldwide email users, Europe about 22 percent,
and North America about 14 percent.
Spam
Spam is generally defined as any unwanted or unsolicited electronic message sent in a bulk format.
In 2011, approximately 74 percent of email originating from an estimated 3.15 billion active email
accounts worldwide was classified as spam. Spam can range from annoying advertisements to
dangerous messages containing links to malicious phishing or malware sites. Most spam includes a
‘call to action’ that entices subscribers to click on a link that leads to offensive material or allows the
sender to collect a click-through commission. Some messages contain social engineering hoaxes
that encourage users to forward the message to all of their contacts in return for a reward.
Increasingly, spam contains some sort of financial fraud or scam seeking bank account numbers or
passwords. In addition to email user frustration, spam clogs ISP and service provider networks,
raises operational costs and damages trusted brands.
Viruses and Malware
Viruses and malware propagated through electronic messaging cause some of the most damaging
attacks on networks and end user systems. These fraudulent messages typically prompt users to
click on a link to download or install seemingly legitimate applications that contain malware. Once
the malware code is installed on a computer, hackers can steal login credentials and other
confidential information, or install botnet software to turn their computer into a remotely controlled
spam server.
Phishing Attacks
Phishing messages are typically crafted to appear genuine, even copying content and URLs directly
from authorized business communications. Most phishing messages include a call to action with
links that appear legitimate, but redirect the subscriber to a phishing website that requests personal
information such as their name, social security number, banking passwords, etc. The phishing site
may also download malware onto their computer which then directs them to additional phishing
sites or scams. Studies have shown that up to 50% of phishing victims’ credentials are harvested by
cyber criminals within the first hour of phishing messages being sent, so it’s important to block these
messages immediately to minimize damage and loss.

Figure 2: Phishing Email Example

Fixed Network Security Solutions Guide

Page 5 of 11

Cloudmark Messaging Security Solutions for Fixed Networks
It’s clear that spam, viruses and web-based threats will continue to evolve as attackers become more
sophisticated. Attackers will increasingly employ multiple mechanisms and targeted campaigns in order to
obtain sensitive information for monetary gain and identity theft. Regardless of the methods used, all of
these attacks will impact a provider’s ability to function and maintain profitability, while eroding customer
trust and increasing churn. An effective security solution must be able to detect and remove spam,
phishing attacks and viruses from messaging traffic before they have a chance to impact networks and
customers.
Purpose-built for service provider environments, the Cloudmark Security Platform for Email provides the
most effective protection against the widest range of messaging threats, and the fastest response to email
abuse. Cloudmark’s carrier-grade solutions leverage real-time threat analysis from global sources,
offering content and user-level policy controls to filter messages at a granular level. Rather than relying on
static rules or imprecise heuristics, Cloudmark uses proprietary Advanced Message Fingerprinting
technology based on high-performance algorithms together with a Global Threat Network™ consisting of
more than 2 billion trusted reporters in over 165 countries. Cloudmark enables providers to automatically
block messaging and security threats as they occur, without any service interruption or manual operator
involvement.

Figure 3: Cloudmark Messaging Security and Edge Infrastructure Solution

Cloudmark Security Platform for Email
The Cloudmark Security Platform for Email is the best performing next-generation messaging edge
security platform, with the policy flexibility needed to secure the most complex messaging
environments of the world's largest service providers. It is an open messaging platform, supporting
a wide array of anti-spam, anti-virus, and authentication applications in a reliable, scalable, and
extensible framework. Spam and viruses are blocked, unburdening messaging servers, storage
systems and other infrastructure while reducing hardware requirements and operating costs.

Fixed Network Security Solutions Guide

Page 6 of 11

Figure 4: Cloudmark Security Platform for Email Deployment Overview

Best Performing Messaging Security
The Cloudmark Security Platform for Email is a carrier-grade mail transfer agent (MTA) solution
that enables service providers to apply granular protocol and content-based filtering algorithms
to massive messaging streams in real time. Innovative technology such as a massively
optimized SMTP protocol stack, a highly efficient workflow policy processor, and unique flow
control technology enable Cloudmark to deliver industry leading performance:
• Leading MTA performance – more than 8 million emails per hour (800 Mbps)
• Sustainable real-life performance – 35 GB per hour of email volume (80 Mbps or 600
email/second) with anti-spam, anti-virus and anti-phishing enabled
Clustering capabilities enable carrier-class scalability and reliability for the most demanding
environments:
• High scalability – up to 10x faster than existing systems, with virtually no limit on
clustered deployment
• High reliability – up to 99.999% guaranteed availability in a clustered deployment
Cloudmark has developed and patented highly efficient message processing and filtering
protocols that require only a fraction of the resources of competitive solutions, allowing for
further hardware consolidation and power savings:
• High hardware density – up to one million mailboxes per server
• Low system requirements – reduces bandwidth, hardware and storage required for
messaging services
Flexible Deployment
Cloudmark Security Platform for Email can be deployed as an edge inbound mail transfer agent
(MTA) to filter incoming messages, or as an outbound MTA to perform SMTP authentication

Fixed Network Security Solutions Guide

Page 7 of 11
and traffic monitoring to stop outbound messaging abuse. It can also be used as an internal
MTA to deliver value-added applications, process user-defined functions (such as per-user
allow or block lists), enforce legal intercept requirements, or simply to route messages to
multiple messaging platforms under different policies.
IPv6 Support
Cloudmark Security Platform for Email can be deployed in dual-stack IPv4/IPv6 networks and in
native IPv6 networks. Policy logic can be applied separately to IPv6 and IPv4 SMTP
connections for added control. Reputation aggregation by IPv6 network prefix allows storage-
efficient handling of IP reputation tracking.
Easy Integration with Existing IT Infrastructure
Cloudmark Security Platform for Email can integrate anti-abuse and business logic with
numerous standard directories, databases, and local policy systems including LDAP, Web
Services, ODBC-compliant databases, and SNMP systems. This feature provides the highest
levels of protection for any commercial and open source mail stores.
In addition, it integrates with numerous standard backend authentication and policy repository
systems, as well as existing mail store environments such as Openwave, Zimbra, Sun, Critical
Path, and Microsoft Exchange. Launching or testing of new messaging services with Cloudmark
requires configuration only, with no additional hardware deployment or software development.
Granular Threat Control
Cloudmark Security Platform for Email allows service providers to optimize security and
network performance at a granular level. Administrators can apply advanced threat prevention
techniques including flow control, denial-of-service protection, traffic shaping, and connection
throttling to restrict all forms of messaging abuse and related threats.
Centralized Management
The Cloudmark management console allows administrators, operators and messaging abuse
teams to easily create and manage message handling rules while monitoring threat trends. The
convenient web-based interface provides access to a sophisticated message handling policy
framework including data from the Cloudmark Authority
®
automated content filtering service, the
Cloudmark Sender Intelligence service, and local data repositories including the Subscriber
Preferences Directory. The management console also provides access to system configuration,
reports, statistics, and spooled messages.
Centralized Monitoring and Visibility
Cloudmark’s convenient web-based user interface allows administrators to quickly understand
how the system or cluster is performing. It provides all of the summary information required to
gain insight into emerging attacks, messaging ecosystem status, and downstream delivery
problems. Summary dashboards consolidate all key information into an easy to understand
format that can be exported as executive reports.
In addition, all installed applications, policies and integrated data sources are all fully
instrumented. Performance of active policies and installed applications can be monitored with
millisecond granularity from the user interface, enabling rapid diagnosis of performance
bottlenecks.


Fixed Network Security Solutions Guide

Page 8 of 11

Figure 5: Cloudmark Security Platform for Email Monitoring Dashboard

Cloudmark Authority
Cloudmark’s content filtering is based on Cloudmark Authority, which combines highly sophisticated
and high-performance Advanced Message Fingerprinting technology to analyse message contents.
Fingerprints, or data hashes, are generated based on message content and attributes, and matched
against Cloudmark’s Global Threat Network database of known fraudulent fingerprints. If there is a
match, the message is blocked. Authority’s content scanning capabilities take into account all
information in the message including the sending address, message content, message structure,
and other information. This allows Cloudmark Authority to track commonalities across all malicious
messages.


Figure 6: Cloudmark Authority Message Fingerprinting


Fixed Network Security Solutions Guide

Page 9 of 11
Reports from end users, administrators, messaging honeypots and probes are continuously
analyzed and new threats are immediately added to the database. Traffic data is analyzed to detect
and identify anomalies and suspicious sending patterns. Cloudmark Authority also receives data on
the latest known threats from the Cloudmark Global Threat Network every 60 seconds.
Spam Protection
Cloudmark Authority protects customers and relieves internal messaging infrastructure by
stopping spam and threats at the gateway with greater than 99% accuracy. Cloudmark's
superior accuracy means that service providers see a significant, measurable reduction in
customer service calls and related expenses.
Phishing Protection
Provides the industry’s only gateway-based anti-phishing protection for service providers,
Cloudmark blocks millions of phishing messages every week by inspecting message structure
as well as content. Real-time responsiveness to new attacks ensures that mutations are
blocked immediately.
Virus Protection
The anti-virus landscape has changed dramatically since the rise of viruses on personal
computers almost 20 years ago. Traditional anti-virus technologies use heuristics to target
anything resembling a virus or its variants. These heuristics must be written manually and then
tested on all virus variants. Until the heuristics are ready, individual virus definition signatures
must be developed and deployed to cover each of the worm’s variants. This process is
resource intensive and time consuming, often allowing viruses to propagate widely before the
fix is ready.
By contrast, Cloudmark offers the only effective messaging security solution that is able to
combat all types of virus threats simultaneously, including Trojan viruses. Cloudmark provides
an automated response system that protects during the zero-hour timeframe to prevent
widespread propagation.
Cloudmark Global Threat Network
The Cloudmark Global Threat Network receives real-time threat reports from more than 2 billion
subscribers based in 165 countries. Members of the Global Threat Network span mobile operator
abuse teams, system administrators, automated spam traps and end users. The latest threats are
typically added to the Cloudmark Global Threat Network within minutes of the first attack instance.

Figure 7: The Cloudmark Global Threat Network

Fixed Network Security Solutions Guide

Page 10 of 11

The Cloudmark Global Threat Network also collects statistics on traffic volume and fingerprint logs
of inspected messages. The fingerprint log data enables further analysis that can indicate
anomalous or suspect behavior. Cloudmark’s inspection network currently scans about 12% of
global email traffic sent over the internet.
Cloudmark Sender Intelligence
Cloudmark Sender Intelligence™ (CSI) uses real-time data from the Cloudmark Global Threat
Network to create the industry’s most comprehensive and accurate profiles of message senders.
CSI maintains a current database of bad, suspect and ‘mail forwarder’ sender IP addresses,
enabling the creation sender-aware filtering policies. CSI can be integrated and deployed with
Cloudmark and with other third-party messaging products to create a variety of inbound and
outbound message filtering solutions:
• CSI for inbound IP address filtering – CSI can be used with Cloudmark Security Platform for
Email or integrated with existing solutions to provide significant additive protection.
• CSI for outbound IP address filtering – CSI can be used to rate-limit outbound IP addresses to
prevent messaging abuse via webmail and authenticated or unauthenticated SMTP.
• CSI for botnet filtering – CSI identifies and blocks IP addresses that may be compromised by
botnets for distributing spam, phishing attacks and viruses.

Figure 8: Actual Weekly Blocking Statistics Following CSI Deployment

Cloudmark ActiveFilter
Cloudmark ActiveFilter™ retroactively identifies and removes spam and potential viruses from a
user’s inbox, providing a capability unique to Cloudmark. ActiveFilter maintains a cache of
‘fingerprints’ and other data from each message that has been scanned. When new information
from the Cloudmark Global Threat Network identifies the fingerprints of any stored messages as
spam or viruses, these messages are removed from the user’s inbox. ActiveFilter makes it possible
to go ‘back in time’ to catch spam and viruses that may have been missed during initial scanning.

Fixed Network Security Solutions Guide

Page 11 of 11

Figure 9: Cloudmark ActiveFilter Service

Summary
End users and customers have learned to place a high degree of trust in the messaging services that they
receive from ISPs and service providers. In order to maintain that trust, providers must deploy effective
protections to stop attackers from sending spam and malicious messages to their customers. Cloudmark
Fixed Network Security Solutions provide the technology, tools, and expertise to automatically block the
latest messaging attacks, threats and spam - before they can impact networks and customers.
Cloudmark Security Platform for Email receives real-time threat intelligence from the Cloudmark Global
Threat Network, content filtering information from Cloudmark Authority, and reputation data from
Cloudmark Sender Intelligence. This comprehensive information provides broad visibility into the latest
messaging threats, trends and traffic patterns, enabling rapid creation and deployment of effective
security policies. Even rapidly morphing phishing attacks and zero-day malware outbreaks are quickly
identified and stopped. With threats and spam under control, service providers can increase revenue and
profits by offering new value-added security services to subscribers.