Messaging Gateway Security
Competitors
ProofPoint, Postini, IronPort
ProofPoint Overview
• HQ in CA, 150 plus employees, 2004 sales $8.7, 2005 Sales $12m
(IDC), 2005 Market Share was 3.4% as compared to ours at 17.8%
• Main products are: ProofPoint Protection Server with application
modules; Anti-Spam, Anti-Virus, Regulatory Compliance, Digital Assets,
Secure Messaging (Voltage), and Network Content Sentry (web & ftp)
• Geography: Stronger presence in US and growing Internationally
• Market Segments: Primarily Compliance
• Aggressive sales; would drop price if we are competing
• Started Year Strong with Venture Capital of 20M, hired a large sales
team, by August terminated 30% of company
Beating ProofPoint
•
How we attack ProofPoint
• They do not have a True Reputation capability – They do not have a reputation
service like TrustedSource. Nor do they identify what was wrong with the message
which required it to be quarantined or blocked.
• Software Upgrades – Requires their Support to log onto the backend and perform
part or all of the upgrade. There are restrictions around business hours which are 7am
– 7pm PST. Additional fees are charged for upgrades outside business hours.
• Security Vulnerabilities – Subject to vulnerabilities of Spam Assassin, OS, and Open
Source MTA.
•
How ProofPoint attacks us & how we defend
• IronMail Lack Clustering Capability –Enterprise class solutions require dedicated
Central Quarantine and Central Management systems thus reducing the load on the
message processing appliances.
• Weak Content Compliance – IronMail has more functionality and flexibility in its
core content compliance with full Regulatory Compliance functionality for message
body, header and attachments.
• Complex UI - Our UI represents a very deep feature set of multiple functions.
Advanced features are separate from our basic feature set.
•
Neutralizing ProofPoint strength
• Lack of functionality in Base Product – OEM third party for Encryption, Lacks
Compliance in Base Product, PP does not support S/MIME and PGP Gateway to
Gateway encryption, Unable to edit weights in preconfigured Compliance dictionaries
• Reputation Service – PP lacks a True Reputation System.
Postini Overview
• HQ in San Carlos, CA, 300 employees, 2006
bookings: $65-75m (profitable since 2004)
• Main products are: Perimeter Mgr for Email, IM,
Archives, Encryption, and Web
• Geography: NA and EMEA
• Market Segments: mostly SMB (30,000) but creeping
into enterprise
• Sales Strategy: Managed services only
Beating Postini
•
How we attack Postini
•
•
TCO – over 3+ years, total cost of ownership is higher than on-prem solutions.
Content Filtering – only have keyword matching in message (no attachment analysis), no
dictionaries or lexicons, no advanced scanning at all.
• Encryption and Web offerings aren’t integrated – these are separate data centers run by
partners using different management consoles, differ UI and different reporting.
•
•
Market Share Isn’t There – IDC only gives managed services a 25% maximum market share so
most accounts aren’t available to them.
•
Compliance Shouldn’t be Managed Off-Prem – Most companies seriously concerned about
compliance won’t send messages off-net to be scanned.
•
Weak Indirect Channel – McAfee is their only partner of any size.
How Postini attacks us & how we defend
•
•
•
•
High Accuracy with Low False Positives –with TrustedSource, our accuracy rates are higher.
Evens out Spam Surges – With SecureEdge, we can negate spam surges.
Low Initial Cost - Great, unless you’re planning on doing email in a couple of years, then the cost
is dramatically higher.
Neutralizing Postini strengths
•
No Ability to Scan Outbound – Can’t help you with compliance AT ALL. Won’t scan outbound for
data leakage.
•
Margins – They charge flat fees to customers; spam surges increase their costs and erode profits.
IronPort Overview
•
•
•
•
•
HQ in San Bruno CA, 400 employees, 2005 sales $90-110m
Main products are: Email, web and management appliances
Geography: International
Market Segments: secure email, compliance
Sales Strategy: Acquired by Cisco so their sales strategy will
become channel focused
IronPort Overview – Cisco Acquisition Info
• Price: $830M (cash and stock)
• Timetable
•
•
•
Announced January 4
Target close: Q3
Motivation
•
•
•
Plugs email hole in “Self-Defending Networks” story
Extends Cisco’s reach in application space
High growth strategy for a low-growth portfolio
• Risks to Cisco
•
•
•
De-focused sales force and R&D
•
No “pull” from IronPort for larger infrastructure deals so reps may ignore
Failure to integrate in a timely manner
Sets them up for head-to-head competition with Microsoft in unified
messaging market
Beating IronPort
•
•
•
How we attack IronPort
•
Weak Content Control – only do pattern matching. They rely on Vontu partnership to do any
sophisticated scanning.
•
•
Email only – They do nothing with IM, FTP, P2P or webmail.
•
•
•
#2 player – In every analyst report and industry study, IronMail beats IronPort hands down.
•
Poor Quarantine/Message Management solution – their Centralized Quarantining and Searching
is very weak and requires additional hardware/software installation.
Reputation Service – SenderBase is nothing more than RDNS, RBL, and volume counter of
domains/IPs sending mail.
No ability to handle spam surges – they have nothing to compare with Edge.
Patched together solution – Almost all of their technology is acquired or partners; no real inhouse expertise.
How IronPort attacks us & how we defend
•
SenderBase Scale –TrustedSource was first, does more sophisticated analysis and catches more
spam, zombies and malware faster and more accurately.
•
Customer loyalty – Secure has a 99% renewal rate.
Neutralizing IronPort strengths
•
Cisco isn’t a Security company – ~ 2% of Cisco revenue comes from security. Their motivation is
to sell routers.
•
Defocused – Their eyes will be off the ball during the merger period.
Beating IronPort
CipherTrust/Secure Computing
Protocols
Protected
Outbound
Content
Global
Reputation
Service
3rd Party
Technology
Used
Spam Silver
Bullet
•
•
•
•
•
•
•
•
•
•
•
•
•
•
IronPort/Cisco
•
Email
Pre-defined lexicons for GLBA, HIPAA, SOX
Pattern matching
Fingerprinting
Adaptive Lexical Analysis
Clustering
Technologies developed in-house
•
•
•
Pre-defined lexicons for HIPAA & GLBA
Content Scanning
Relies on Vontu partnership
Started as 3rd generation sender behavior-based reputation system
Focuses on message senders as well as external sources (black lists,
etc.)
•
•
Started as basic volume and black list spam finder
Large network of senders and receivers of messages
•
•
•
•
•
Ranks IP address on a scale of -10 to + 10
Only rates senders
Catch rate of 80%
Added web scores Q1 ’06
All technologies acquired or done through
partnerships
•
•
•
•
•
•
•
Sophos AV
Brightmail
Open source MTA
Spam Assassin
Spam Cop
Symantec AV
Email
IM
Webmail
FTP
P2P
VoIP
•
06/06 query of Comcast.net: 537,134 senders
•
•
•
•
•
•
Ranks IP address on a scale of -255 to +255
Rates senders, messages & attachments
Catch rate of over 99%
Added web scores Q1 ’04
All technologies developed in-house by employee expertise
Examines over a hundred different features applies data classification
algorithms such as support vector machines and clustering in realtime
•
•
Authentium AV
McAfee AV
•
SecureEdge
•
06/06 query Comcast.net: 37,147 senders
No solution
Download

Jumpstart Training: Overview of Messaging Security