Proventia® Network Mail Security System (MS3004) - IBM · PDF fileProventia® Network Mail Security System (MS3004) 25 2006 . IBM Internet Security Systems Proventia® Network Mail

IBM Global Services

© 2008 IBM Corporation

IBM Internet Security SystemsAhead of the threat.™

Mail Security Solution

Proventia® Network Mail Security System (MS3004)��

�� 25 ��2006 �.

IBM Internet Security Systems

© 2008 IBM CorporationProventia® Network Mail Security System (MS3004)

�� – ��

� ��

–��

–��

–��

� ��

–��

–��

– �!��

–��"� ��#



�� $$%

Proventia Network Mail

Proventia Network MFS (MX5010)

Target Market Enterprise SMBDescription Complete email security Antispam onlyNetwork Layer 7 3Protocol SMTP only SMTP, POP3Users 2,500 users and above Under 2,500 usersRated messages per hour 36,000 14,400Per-user configurable settings Y N

Allow / Blocklists Y NQuarantine List Y N

Rules / Policy Granular BasicLDAP/Active Directory Support Y NOutbound mail filtering Y YTraditional Anti-Virus Y YZero-day Virus Prevention Y YIPS engine Y YWeb filtering N YVPN Integration N YTotal Price (2,500 users) $20,300 $14,890Average Per-user Cost *** $8.12 $5.96



&�� "�� Proventia Network Mail

� ��

–�� Virus Prevention System

–��

�#�� IPS

–��! Proventia Filter Database�� 500 web �� 800 ��'� �� , ��('�#5.9 ��web ��)� �� – �� Google!

–��"��X-Force � C-Force, �� (��



&�� #� �� '��

� IBM Proventia Network Multi-Function Security

–��'�� • Firewall• Intrusion Prevention / PAM

–Web *��

–Email anti-spam

–��

• Virus Prevention System•��(Sophos)

� IBM Proventia Network Mail Security System

–��'�� • Intrusion Prevention / PAM

–Email anti-spam

–�� !�� "��

–��

• Virus Prevention System

•��(Sophos)

� #��$��

–IBM Proventia Network Mail Filter

–IBM Proventia Network Web Filter



+�� !��#

Anti-spam ��.

#�� %��

- ��#��.


© 2008 IBM CorporationProventia® Network Mail Security System (MS3004)7 PRO_ISS_Solutions 4/22/2008



, � �#�� '�'��:

��

�� , spyware � ��, � ��

�� SMTP, � �� zero-day � DoS�� "��!�� "��!��

�"�� !��

��

�� !��

�� "�$�� "��

�� URL �� !��



�� '�� (��:�� (10 ��)

�� "�� !�� (Mail Firewall)� ��!��, ��

Sophos�� IBM ISS: Virus Prevention System (VPS)

� �� (IPS) �� (PAM), �� Virtual Patch

� �� "�� (JPG, ANI, PPT, DOC � ��.) ShellCode Heuristics (SCH)

�� SiteProtector�� !�� SiteProtector��



&��*�� )��:

��WEB ��"�

��SiteProtector

��!�� LDAP

��!�� (�� &��

��"��)

�High Availability

��



��

� ��

� '�� C-Force

� (��!�� LDAP

� )��LMI �� SiteProtector



�� #�� WEB URL- �� C-Force

–Honey pot �� : 1.5 �� , 100,000 ��

–55 ��

–72 ��

–62 URL�� "�� !��–100,000 ��

URL � �� (� ��) ��

–150 �� ISS

–*�� ISS – 6 ��( �� Google: 8 �� )


© 2008 IBM CorporationProventia® Network Mail Security System (MS3004)13 PRO_ISS_Solutions 4/22/2008

Proventia® Network Mail�� '��



C-Force��#��

� +��

� (��

� ,�� – ��

� ��

sig://C3B90474A349823E sig://C3B90474A349823E sig://C3B90474A349823E



Analysis Modules for email Content

� 10+ ��

� Message Field Check

� Attachment Check

� Keyword Search

� Media Type

� URL Check

� Language Check

� User Sender Block/Allow List

� Sender Policy Framework

� Virus Check: VPS & Sophos Signatures

� Compound (Multiple modules with sources & thresholds)



Policy Responses & Actions

� Allow, Block (final)

� Continue within Policy (rule chain)

� Modify Header Fields

� Send To

� BCC

� Redirect

� To/From Rewrite (on roadmap)

� Add Attachment

� Log with extensive Macro support

� Add Disclaimer (HTML and/or text, top or bottom)

� Store (original, modified, with scheduled quarantine reports)

� Remove Attachment

� Set / Clear Condition


© 2008 IBM CorporationProventia® Network Mail Security System (MS3004)PRO_ISS_Solutions 4/22/2008

Proventia® Network Mail-� ��

� #�� (�� , �� – �� – �� –��), � >10 �� (�� , ��"��!��, ��)

� ��

� #��…–- �� , �� $��

�� *��)��

�� , ��, ��, � �� "��. ��"�� , ��

��.



��

1. Spam Fingerprint – �"�� ( 128 ��(��. .�� '��('�� #*��, �� '��('�� .

2. Spam Signature Database – �� 128 �� "� �� #�� (�� )�). .� �� (�� "� ��'��('�� , �� '��.

3. Spam Structure Check – �� HTML, ��"�� ( ��*�)�� .

4. Spam URL Check – �� 80% ��#�� "�� . �� ##�� URL� �� (�� #��#. ,�� #�"�� URL �� *�)�� .



��

5. Spam Heuristics – �� *� �� #�� -��, �� . +��)�� "�� , ��('�� "�� )�� '��, �� '�� #��. /�� **�)��!�� , � �� *�)�� .

6. Spam RBL check – IP �� #��!�� SMTP ��'�� #RBL ��#.

7. Spam Bayesian Classifier – �� )�� , �� "�� #�� . .�� "�� .



��

8. Spam Flow Check – �� "� ��. /�� "� ��(�� ##�� ) �� "� �� , � �� *�)�� .

9. Spam Keyword – �� *� �� (�� !�� (�� "��) �� #�� . 0��C-Force �� IBM ISS��('�� (�� !�� "��#�� )��#�� '�� .

10.Phishing Check – ��)�� #��**� �� '�� *�!��#��, � �(�� URL � �� .



.�� WEB ��"�

Proventia® Network Mail��

/�� –

� 0��

��

SiteProtector

� '��!�� / ��

–�� (��



��$��

MS3004 �� 10,000 ��

Proventia® Network Mail ��

#�� *

36,000 ��

* - #�� - Intrusion Prevention, Antivirus, Antispam



��*��

� MS3004 �� Intel 2400SR 2U� Linux-based Proventia OS with automatic updates

� LMI Web Administration, SiteProtector Integration, ssh-access� HTTPS end user inteface� IPS featuring Virtual Patch Technology

� 4 network interfaces - each protected by iptables firewall� Up to 10,000 users; supports clustered environment for larger deployments

� Performance raw mail: 750,000 emails/hour� Performance real-world-traffic: 36,000 emails/hour with full analysis and

quarantine

� Harddisks 4 x 80 GB + 2x250 GB (RAID1)� Redundant Hard disk, power supply, fans





-�� Mail Filter

YESDo you provide OCR function to recognize email spamming

based on images only

YESDo you support single e-mail fields analisys

YESDo you support customized message notification in case of

blocked mail

YESDo you have attachments identification and filter based on real

file type

YESDo you provide attachments identification and filter based on

file extension

YESDo you support all available encoding format(Unicode,Base64

..)

YESDo you provide multi spam identification methods (Bayesian's

filter...)

YESDo you have detailed white/black list management

YESDo you support italian/european content semantic analisys

YESDo you provide log saving in database or file

Not clear what this meansDo you provide environments log filtering

YESDo you have central management console with differente

administrative profiles

YESDo you manage configuration changes in real time

YESDo you provide a Management console

Windows ISA Server Version: Windows 2000 Server, MS ISA Server - Windows Standalone Version: Windows 2000, Windows 2000 Server, or Windows Server

System 2003

Does it run on Microsoft OS? Version?

No, for the software versionDoes it run on Linux OS? Version?



-�� Mail Filter

NO the console is a software component installed on a workstationDo you provide web management

YESDo you provide remote management

YESDo you provide manual lists management

(black/white/exclusions)

NODo policies behave in the same way even for web mail access

YES (internet)Do you have automatic web site updates

YESDo you provide statistics on logged data

YESDo you provide third parties spamming database compatibility

YESHave you got predefined antispamming categories

The available choices are McAfee ViruScan, Symantec CarrierScan, CA InoculateITand Sophos Anti-Virus.

Do you support multiple antivirus scanning engine

YESDo you have virus and malicious codes identification

YES, anonymous logging is possibleDo you provide username exclusion from data logging

YESDo you have a time stamp for every event logged

YESDo you have data logging with username correlation

YESDo you have centralized data Logging

YESDo you support customized logging

YES, for system eventsDo you provide event logging

YESDo you have scheduling and automatic report generation

YESDo you support different type report generations (at least HTML

and PDF)

YESDo you support customized report



-�� Mail Filter

Yes, automatic rotationDo you provide event log store functionalities

YES have the getting started whit step by step instruction guide for installation and initial testig.

Do you have troubleshooting List

YES, graphic displayDo you have event log visualization

Is potected by OS filesystem settingsDo you provide event log protection from unauthorized access

NODo you provide event log protection from administrative users

NoDo you have confidential information shredding

Not beyond basic storage controlsDo you provide enhanced log security

Username and passwordDo you provide strong authentication for administrative users

Username and passwordDo you provide strong authentication

Log access is account and password controlledDo you support data authenticity

Content logs are maintained locally for one week, by defaultHow do you manage database failure

Logging is retried at regular intervals. Content logs maintained locally for a week, by default.

How do you manage connection failure between servers and log server

YES at no additional costDo you have fault tolerance

YESDo you provide servers request tracking

NODo you support administrative sessions time out

YESAre multiple concurrent administrators allowed

YESDo you provide backup procedures

YESDo you provide scalability

YES with Cobion Orange BOXDo you have releases compatibility

YES Do you provide event logging (user events,administrator events

and alerts)

YESDo you manage software/connections failures

YESDo you have multiple administration profiles



YESAre users logged?

Access is loggedAre administrators logged in their work on the console?

YES with windows schedulerIs it possible to schedule reports?

YESAre PDF and HTML report supported?

YESAre Reports customizable?

YES ISS MI PD RMHave you any localization in italian?

YESAre e-mail auto-answers customizable?

YES the policy is applicable immediatlyAre modifications spread in real-time (no wait to implement a

policy)?

NO the console is a software component installed on a workstationIs console web enabled?

YESIs it remotely managed?

The products software version (Mailfilter) can profile administrative users, the appliance version (ProventiaM) is able to manage administrative users throught ISS SiteProtector.

Are administrators profiled to access console?

The products software version offers the same console for web and e-mail managementIs it possible to manage e-mail and web security with the same

console?

Central Management YES. The products software version doesn't profile administrative users, the appliance version (ProventiaM) is able to manage administrative users throught ISS SiteProtector.

Is it centrally managed and with administrative profiling?

Windows ISA Server Version: Windows 2000 Server, MS ISA Server - Windows Standalone Version: Windows 2000, Windows 2000 Server, or Windows Server System 2003

Does it run on Microsoft OS? Version?

YES Linux releases using the 2.6 kernel, including Suse 7.3 (with 2.4.x kernel), Suse 9 RedHat 7.3 (with 2.4.x kernel), RedHat 9

Does it run on Linux OS? Version?

AnswerQuestion

-�� Web � Mail Filter



NoIs it possible to trigger the deletion of specific log data?

Is potected by OS filesystem settingsAre system logs protected?

Account and password controlIs strong auth for administrators supported?

The authentication is performed by passwordHave you got secure authentication?

NOHave you any log authenticity feature?

YesDoes the filter/antispam works without the management server?

Yes Is log DB down permitted?

YesDoes it support fault-tolerance? HA or LB?

NODoes it have a time-out for administrative console?

YESAre multiple concurrent administrators allowed?

YESIs configuration/log backup permitted?

Over 30,000 usersWhich is the biggest installation you have? (number of users)

YES with Cobion Orange BOXAre different release/version of you product compatible?

YES the configuration changeAre alerts and configuration changes logged?

The product software dont'ave a possibility trigger, the appliance version ave a possibility monitoring throught ISS SiteProtector

Is it possible to trigger alarms in front of a down of the service?




Which is the LIST license price, per user, of your complete solution

scaled for 10.000 users?

The appliance product version handled by SiteProtector DB maintenanceHow do you manage log retention for large quantities?

YES have the getting started whit step by step instruction guide for installation and initial testig.Hava you got a troubleshooting test list for installation and production?

YESAre log easily readable (query)?

Protected by OS file system controlsAre event logs protected even by external actions?

NoAre event logs protected even by administrator actions?




1�� :SMTP Relay: ��#��'��

CISC OSYSTEMS



1�� :SMTP Relay: ��#��'��

C ISCOSYSTEMS



1�!�� !��(

� �$�� $�� 12�+3(�(/��

��

#-*/-3-,- /�+�('+ ��

� �� .

� -�� 36000 �� / 10 ��

� �� "��

�� !

� /��"��

DNS MX �� IP��



Central Message Store



,��'�� *�!��

Proventia® Network Mail Security System (MS3004) - IBM · PDF fileProventia® Network Mail Security System (MS3004) 25 2006 . IBM Internet Security Systems Proventia® Network Mail

Documents