IBM Global Services © 2008 IBM Corporation IBM Internet Security Systems Ahead of the threat. ™ Mail Security Solution Proventia® Network Mail Security System (MS3004) 25 2006 .
IBM Global Services
© 2008 IBM Corporation
IBM Internet Security SystemsAhead of the threat.™
Mail Security Solution
Proventia® Network Mail Security System (MS3004)���������� ��� ����������
�������� ��������� 25 �������2006 �.
IBM Internet Security Systems
© 2008 IBM CorporationProventia® Network Mail Security System (MS3004)
����� – �������� �������������������
� ������ �� �������� ��� �������
–����� �� �� ���
–��������� ���� � ����� �� ����
–�������� �������� �� �
� ������������� ���� �������
–������������ �� �
–����
– �!���
–���"� �����#
IBM Internet Security Systems
© 2008 IBM CorporationProventia® Network Mail Security System (MS3004)
��������� $$%
Proventia Network Mail
Proventia Network MFS (MX5010)
Target Market Enterprise SMBDescription Complete email security Antispam onlyNetwork Layer 7 3Protocol SMTP only SMTP, POP3Users 2,500 users and above Under 2,500 usersRated messages per hour 36,000 14,400Per-user configurable settings Y N
Allow / Blocklists Y NQuarantine List Y N
Rules / Policy Granular BasicLDAP/Active Directory Support Y NOutbound mail filtering Y YTraditional Anti-Virus Y YZero-day Virus Prevention Y YIPS engine Y YWeb filtering N YVPN Integration N YTotal Price (2,500 users) $20,300 $14,890Average Per-user Cost *** $8.12 $5.96
IBM Internet Security Systems
© 2008 IBM CorporationProventia® Network Mail Security System (MS3004)
&���� ��"����� Proventia Network Mail
� ������
–������� ���������������������� Virus Prevention System
–������� ���������������������� �� ���������
�#�������� IPS
–��! Proventia Filter Database�������� ����� ��� 500 web ������ � 800 ����'� �� �����, ���������('�#5.9 ����������web �����)� ����� – ���������� Google!
–������"�������������X-Force � C-Force, ����� ������(���������������� � ������� ��
IBM Internet Security Systems
© 2008 IBM CorporationProventia® Network Mail Security System (MS3004)
&�� ��������#� ���� ����������� ������� �����'�� � �� �� ������ �����
� IBM Proventia Network Multi-Function Security
–��������'�� ��������• Firewall• Intrusion Prevention / PAM
–Web *���
–Email anti-spam
–������ �� ���������������� �����
• Virus Prevention System•�������������������(Sophos)
� IBM Proventia Network Mail Security System
–��������'�� �������� �������• Intrusion Prevention / PAM
–Email anti-spam
–��� ���!����������� �����������"���
–������ �� ������ ���������� �����
• Virus Prevention System
•�������������������(Sophos)
� #����������$���
–IBM Proventia Network Mail Filter
–IBM Proventia Network Web Filter
IBM Internet Security Systems
© 2008 IBM CorporationProventia® Network Mail Security System (MS3004)
+��������� ��!����#
Anti-spam ����������.
#����������� %��������������
- ����#������.
IBM Internet Security Systems
© 2008 IBM CorporationProventia® Network Mail Security System (MS3004)7 PRO_ISS_Solutions 4/22/2008
IBM Internet Security Systems
© 2008 IBM CorporationProventia® Network Mail Security System (MS3004)
, � �#����� ��'�'��:
����
������ , spyware � ������������������������������, � ��� ��������������� � ����
������ �� SMTP, � ��� �������� ���� zero-day � DoS������ ���"���!��� �����"����!��
�"�� ���!��������������
������������ ����������������������������� ��������
��������� ��������!�� ����������� �� ���������������� ��������
�������� �� "�$���� "����������
�������� URL ������ ��������� �����!��
IBM Internet Security Systems
© 2008 IBM CorporationProventia® Network Mail Security System (MS3004)
�� �� ������ ��'�� �������(��:������� ������������������� �� ���� (10 ����������������������)
������ ������"�� ���!�� ������� � ��������� (Mail Firewall)� �����!������������������������, �� ����������������
Sophos������������������� �������������� ���������������������������������� � ������� ������������� IBM ISS: Virus Prevention System (VPS)
� ���� ����������������(IPS) �� ��������� ����������(PAM), ���������������� Virtual Patch
� ���� ������������������������� ������ ����������"����� (JPG, ANI, PPT, DOC � ��.) ShellCode Heuristics (SCH)
������ ������ ���SiteProtector������ ������!�� SiteProtector������ ��������������������� ����
IBM Internet Security Systems
© 2008 IBM CorporationProventia® Network Mail Security System (MS3004)
&�����������*�� )�����:
�������������������WEB ����"�
������������SiteProtector
�������!�� ���� ���� LDAP
���������!�� (������������ ��� ���� ���������� ���� ����������������� &��
������������"���)
�High Availability
������������� �������
IBM Internet Security Systems
© 2008 IBM CorporationProventia® Network Mail Security System (MS3004)
��� �
� ������ �������� ������������
� '������ C-Force
� (�����!�� LDAP
� )�������LMI ��� SiteProtector
IBM Internet Security Systems
© 2008 IBM CorporationProventia® Network Mail Security System (MS3004)
���� �����#����� � WEB URL- ����� � � C-Force
–Honey pot ���������� ������ : 1.5 �������� �� ����, 100,000 ������ ������ ���
–55 ��������� ������ ������ ������������������ � ��
–72 �������� ������ ������������������
–62 URL�������� "�� ���!��–100,000 �������� � ��������
URL � �� (� ����) ������� � ���
–150 ��������� ������ ������� ��������� ��������������� ISS
–*��� ������������������������ �� ������ISS – 6 ����������( ��� Google: 8 ���������� )
IBM Internet Security Systems
© 2008 IBM CorporationProventia® Network Mail Security System (MS3004)13 PRO_ISS_Solutions 4/22/2008
Proventia® Network Mail�������������� ����������'����
IBM Internet Security Systems
© 2008 IBM CorporationProventia® Network Mail Security System (MS3004)
C-Force���#��� ����� �� ������
� +���������� ����������� ��������� ����
� (��� ������ ������ ��������
� ,�� �� �� ����������� ���� – ������� ����� ��������
� ��������� ����������� � �������� ��������
sig://C3B90474A349823E sig://C3B90474A349823E sig://C3B90474A349823E
IBM Internet Security Systems
© 2008 IBM CorporationProventia® Network Mail Security System (MS3004)
Analysis Modules for email Content
� 10+ ������� ����
� Message Field Check
� Attachment Check
� Keyword Search
� Media Type
� URL Check
� Language Check
� User Sender Block/Allow List
� Sender Policy Framework
� Virus Check: VPS & Sophos Signatures
� Compound (Multiple modules with sources & thresholds)
IBM Internet Security Systems
© 2008 IBM CorporationProventia® Network Mail Security System (MS3004)
Policy Responses & Actions
� Allow, Block (final)
� Continue within Policy (rule chain)
� Modify Header Fields
� Send To
� BCC
� Redirect
� To/From Rewrite (on roadmap)
� Add Attachment
� Log with extensive Macro support
� Add Disclaimer (HTML and/or text, top or bottom)
� Store (original, modified, with scheduled quarantine reports)
� Remove Attachment
� Set / Clear Condition
IBM Internet Security Systems
© 2008 IBM CorporationProventia® Network Mail Security System (MS3004)PRO_ISS_Solutions 4/22/2008
Proventia® Network Mail-� ������� � ������
� #���� �������� �� �� ������ (�� � , ��� – ��� – ����� –�����), � >10 �������������������� (�� � , ����"���!��, �������)
� ����������������� � ������������ ������������������ ��������� ����������
� #����…–- ���� ��������, ����� �������������� ��$����������������
����������� *����)��
��������� ����� �, ����, ��, � ��� ��"������. ��"��� ���, �� �� ��������������
������������.
IBM Internet Security Systems
© 2008 IBM CorporationProventia® Network Mail Security System (MS3004)
������ �������
1. Spam Fingerprint – �"��� ����� ���������� ����( 128 ����(��������. .��������������������� ��'����('��� ���������� ����� �����#*����, �� ������������ ������������'����('�� ����.
2. Spam Signature Database – ��� �����128 ������������������������� "� ����� ����#����� �����(�������� ����������)�). .� �������� ��������(��� �"� ��'����('��� � �������� ��� ���������, ����������� ����� ������������������'����.
3. Spam Structure Check – ����������� ��� HTML, ����������"������� �����( �����*�)������� ����� � ���� ����������� ��� �����.
4. Spam URL Check – ����� ��� 80% ���#������� ����������"����� �. ����� ������� ����� �� ������ � ���� �����##������� URL� ����� ������(��� ������� �#�����#. ,��� �#�"����� URL ������ �������� �����*�)���������� � ����.
IBM Internet Security Systems
© 2008 IBM CorporationProventia® Network Mail Security System (MS3004)
������ �������
5. Spam Heuristics – �� �����*� ��� ���������������������� �� ������� ������#������ �� ����-�����, �������� �� ����� ����� ������� � �����. +��������������������������)�� � ��� �"���� ������ �, ��('������� ����"������ ���� ���)������ �����'����, ����������� ���� �����'���������� �������� ��������� #���. /��� ���������� ��**�)��������!��������������������� ������, � ����� �����*�)������ � ����.
6. Spam RBL check – IP ����� #���������!��� SMTP ����'��������������������� ��� ��� �� �#RBL �������#.
7. Spam Bayesian Classifier – �������� ���)�� �, ����������������������� ����� ��"��� ��� ���������� ����� �������������������#��� ����� ��. .��������������������� ��� ������"���� ������ ��������.
IBM Internet Security Systems
© 2008 IBM CorporationProventia® Network Mail Security System (MS3004)
������ �������
8. Spam Flow Check – ������������� ����� � ��������������� �����"� ��������. /��� ���� � � "� �����(���������������� ���������� ���##��� ����� ) �������� ����� �� ������ ��������� ������� ���������������� ������� �����"� �������� � ������������� ���������������, � ����� �����*�)������ � ����.
9. Spam Keyword – �� �����*� ��� ����������������� �(����� ������ !������ (���������� ����"����) ����������� ��#���� �����. 0�����C-Force ������� IBM ISS���������������('�� �(����� ������ !������ ���"��������#��������� � �)�������#������������ ��������������� ��'�� ������.
10.Phishing Check – ����������������)���� ����� ������� �������������#���������������**� ����� ��'������� *�!������#�����, � �(��������� � URL � ������ �.
IBM Internet Security Systems
© 2008 IBM CorporationProventia® Network Mail Security System (MS3004)PRO_ISS_Solutions 4/22/2008
.���� ���WEB ����"�
Proventia® Network Mail����������
/��� �������� –
� 0�������������
�������� ���
SiteProtector
� '�������!�� / ��������������
–��� �� � ��������������(���������� ����
IBM Internet Security Systems
© 2008 IBM CorporationProventia® Network Mail Security System (MS3004)PRO_ISS_Solutions 4/22/2008
��$������
MS3004 �� 10,000 ��� �������
Proventia® Network Mail ����� ����� �
#����������� ��� *
36,000 �� ����� ��
* - #������������ - Intrusion Prevention, Antivirus, Antispam
IBM Internet Security Systems
© 2008 IBM CorporationProventia® Network Mail Security System (MS3004)
���*����
� MS3004 �� �� Intel 2400SR 2U� Linux-based Proventia OS with automatic updates
� LMI Web Administration, SiteProtector Integration, ssh-access� HTTPS end user inteface� IPS featuring Virtual Patch Technology
� 4 network interfaces - each protected by iptables firewall� Up to 10,000 users; supports clustered environment for larger deployments
� Performance raw mail: 750,000 emails/hour� Performance real-world-traffic: 36,000 emails/hour with full analysis and
quarantine
� Harddisks 4 x 80 GB + 2x250 GB (RAID1)� Redundant Hard disk, power supply, fans
IBM Internet Security Systems
© 2008 IBM CorporationProventia® Network Mail Security System (MS3004)
IBM Internet Security Systems
© 2008 IBM CorporationProventia® Network Mail Security System (MS3004)
-���� ������� �� Mail Filter
YESDo you provide OCR function to recognize email spamming
based on images only
YESDo you support single e-mail fields analisys
YESDo you support customized message notification in case of
blocked mail
YESDo you have attachments identification and filter based on real
file type
YESDo you provide attachments identification and filter based on
file extension
YESDo you support all available encoding format(Unicode,Base64
..)
YESDo you provide multi spam identification methods (Bayesian's
filter...)
YESDo you have detailed white/black list management
YESDo you support italian/european content semantic analisys
YESDo you provide log saving in database or file
Not clear what this meansDo you provide environments log filtering
YESDo you have central management console with differente
administrative profiles
YESDo you manage configuration changes in real time
YESDo you provide a Management console
Windows ISA Server Version: Windows 2000 Server, MS ISA Server - Windows Standalone Version: Windows 2000, Windows 2000 Server, or Windows Server
System 2003
Does it run on Microsoft OS? Version?
No, for the software versionDoes it run on Linux OS? Version?
IBM Internet Security Systems
© 2008 IBM CorporationProventia® Network Mail Security System (MS3004)
-���� ������� �� Mail Filter
NO the console is a software component installed on a workstationDo you provide web management
YESDo you provide remote management
YESDo you provide manual lists management
(black/white/exclusions)
NODo policies behave in the same way even for web mail access
YES (internet)Do you have automatic web site updates
YESDo you provide statistics on logged data
YESDo you provide third parties spamming database compatibility
YESHave you got predefined antispamming categories
The available choices are McAfee ViruScan, Symantec CarrierScan, CA InoculateITand Sophos Anti-Virus.
Do you support multiple antivirus scanning engine
YESDo you have virus and malicious codes identification
YES, anonymous logging is possibleDo you provide username exclusion from data logging
YESDo you have a time stamp for every event logged
YESDo you have data logging with username correlation
YESDo you have centralized data Logging
YESDo you support customized logging
YES, for system eventsDo you provide event logging
YESDo you have scheduling and automatic report generation
YESDo you support different type report generations (at least HTML
and PDF)
YESDo you support customized report
IBM Internet Security Systems
© 2008 IBM CorporationProventia® Network Mail Security System (MS3004)
-���� ������� �� Mail Filter
Yes, automatic rotationDo you provide event log store functionalities
YES have the getting started whit step by step instruction guide for installation and initial testig.
Do you have troubleshooting List
YES, graphic displayDo you have event log visualization
Is potected by OS filesystem settingsDo you provide event log protection from unauthorized access
NODo you provide event log protection from administrative users
NoDo you have confidential information shredding
Not beyond basic storage controlsDo you provide enhanced log security
Username and passwordDo you provide strong authentication for administrative users
Username and passwordDo you provide strong authentication
Log access is account and password controlledDo you support data authenticity
Content logs are maintained locally for one week, by defaultHow do you manage database failure
Logging is retried at regular intervals. Content logs maintained locally for a week, by default.
How do you manage connection failure between servers and log server
YES at no additional costDo you have fault tolerance
YESDo you provide servers request tracking
NODo you support administrative sessions time out
YESAre multiple concurrent administrators allowed
YESDo you provide backup procedures
YESDo you provide scalability
YES with Cobion Orange BOXDo you have releases compatibility
YES Do you provide event logging (user events,administrator events
and alerts)
YESDo you manage software/connections failures
YESDo you have multiple administration profiles
IBM Internet Security Systems
© 2008 IBM CorporationProventia® Network Mail Security System (MS3004)
YESAre users logged?
Access is loggedAre administrators logged in their work on the console?
YES with windows schedulerIs it possible to schedule reports?
YESAre PDF and HTML report supported?
YESAre Reports customizable?
YES ISS MI PD RMHave you any localization in italian?
YESAre e-mail auto-answers customizable?
YES the policy is applicable immediatlyAre modifications spread in real-time (no wait to implement a
policy)?
NO the console is a software component installed on a workstationIs console web enabled?
YESIs it remotely managed?
The products software version (Mailfilter) can profile administrative users, the appliance version (ProventiaM) is able to manage administrative users throught ISS SiteProtector.
Are administrators profiled to access console?
The products software version offers the same console for web and e-mail managementIs it possible to manage e-mail and web security with the same
console?
Central Management YES. The products software version doesn't profile administrative users, the appliance version (ProventiaM) is able to manage administrative users throught ISS SiteProtector.
Is it centrally managed and with administrative profiling?
Windows ISA Server Version: Windows 2000 Server, MS ISA Server - Windows Standalone Version: Windows 2000, Windows 2000 Server, or Windows Server System 2003
Does it run on Microsoft OS? Version?
YES Linux releases using the 2.6 kernel, including Suse 7.3 (with 2.4.x kernel), Suse 9 RedHat 7.3 (with 2.4.x kernel), RedHat 9
Does it run on Linux OS? Version?
AnswerQuestion
-���� ������� �� Web � Mail Filter
IBM Internet Security Systems
© 2008 IBM CorporationProventia® Network Mail Security System (MS3004)
NoIs it possible to trigger the deletion of specific log data?
Is potected by OS filesystem settingsAre system logs protected?
Account and password controlIs strong auth for administrators supported?
The authentication is performed by passwordHave you got secure authentication?
NOHave you any log authenticity feature?
YesDoes the filter/antispam works without the management server?
Yes Is log DB down permitted?
YesDoes it support fault-tolerance? HA or LB?
NODoes it have a time-out for administrative console?
YESAre multiple concurrent administrators allowed?
YESIs configuration/log backup permitted?
Over 30,000 usersWhich is the biggest installation you have? (number of users)
YES with Cobion Orange BOXAre different release/version of you product compatible?
YES the configuration changeAre alerts and configuration changes logged?
The product software dont'ave a possibility trigger, the appliance version ave a possibility monitoring throught ISS SiteProtector
Is it possible to trigger alarms in front of a down of the service?
-���� ������� �� Web � Mail Filter
IBM Internet Security Systems
© 2008 IBM CorporationProventia® Network Mail Security System (MS3004)
Which is the LIST license price, per user, of your complete solution
scaled for 10.000 users?
The appliance product version handled by SiteProtector DB maintenanceHow do you manage log retention for large quantities?
YES have the getting started whit step by step instruction guide for installation and initial testig.Hava you got a troubleshooting test list for installation and production?
YESAre log easily readable (query)?
Protected by OS file system controlsAre event logs protected even by external actions?
NoAre event logs protected even by administrator actions?
-���� ������� �� Web � Mail Filter
IBM Internet Security Systems
© 2008 IBM CorporationProventia® Network Mail Security System (MS3004)
1����������� � ���:SMTP Relay: ����#���'�� ����
CISC OSYSTEMS
IBM Internet Security Systems
© 2008 IBM CorporationProventia® Network Mail Security System (MS3004)
1����������� � ���:SMTP Relay: �����#���'�� ����
C ISCOSYSTEMS
IBM Internet Security Systems
© 2008 IBM CorporationProventia® Network Mail Security System (MS3004)
1�!���� �� ���!���������(
� �$�� �� ��$�� �������� 12�+3(�(/��
���� �������������� � �� ��������
#-*/-3-,- /�+�('+ ������� ���
� �� ������ ��������.
� -��� ������� ���������� 36000 ���������� ����� �� / 10 ���������� ����������
� ����������� ������ �������� ���"���
��� � � �� ������ �� �������!
� /��"�� ������������� ������� ��
DNS MX ������������������ ����� IP���� ������� ����������
IBM Internet Security Systems
© 2008 IBM CorporationProventia® Network Mail Security System (MS3004)
Central Message Store