Symantec Messaging Gateway
Stéphane Jacobs
Pre-sales Consultant
Symantec Messaging Gateway Small Business Edition
• Purpose built appliance that
prevents spam, viruses, and
phishing attacks from reaching
email servers
• Small Business Edition
– Targets 250 users and below
– Same enterprise class protection
– Installation in minutes
– Small Business friendly perappliance pricing and licensing
2
Symantec Global Intelligence Network
Vulnerability
Database
Fraud: Spam
& Phishing
Honeypot Network
25,000+ vulnerabilities
in database
• 55,000+ technologies from
over 8000 vendors
2+ Million Probe Network
Accounts
• Statistics on 1+ Billion email
messages a day
• Geo-location capabilities on
servers and zombies
Virtual network of 8000+ IP
addresses
• Capturing previously unseen
threats and attack methods
> 10,000 Security Professionals
2B+ events logged daily
Managed devices in
70+ countries
Over 100,000 security
alerts generated annually
40,000+ Sensors in
200+ Countries
200,000 daily code
submissions
120 Million Threat/ Virus
Submission Systems
3
Symantec’s Approach to Messaging Security
Better Protection
Greater Control
• Best Antispam and
Antivirus
• Personalized
Protection
• Adaptive Reputation
Management
• Global Intelligence
Network
• Advanced Content
Filtering
• Content Encryption
• Data Loss Prevention
Integration
• Compliance
Easy
Management
• Unified Control and
Management
• Continuous Automatic
Spam and Virus
updates
• On-demand Reporting
• Virtual appliance
...From the Leader in Enterprise Security
4
Uncompromising Protection
20+ Layers of
Protection
• Spam
PROTECT
– 99% Effective
• Global Reputation
– <1 in 1 million false positives
• Local Reputation
– Anti-phishing
Inbound
Protection:
• Image spam
– Adaptive Reputation Mgmt stops
90% at connection
• PDF spam
• Zombie attacks
• BATV backscatter



Effective & Accurate
AV & AS
Adaptive Reputation
Management (Global
and Self-Learning
Local Reputation)
World’s Largest
Global Intelligence
Network
• Viruses
• Directory Harvest
• Language filters
– Leading AV engine
– Day Zero
• Content Filtering
– Offensive language
– Confidential information
Managed devices in
70+ countries
40,000+ Sensors in
200+ Countries
120 Million Threat/ Virus
Submission Systems
Best in Class Antispam Protection
Symantec Brightmail Antispam Engine
Bounce Attack Prev.
Reputation Filtering
• High Volume Spam
Sources
• Safe Sources
• Inputs from Global
Intelligence Network
• Tag Validation to Protect
against Bounce Attacks
• Configurable Group
Policies
• Flexible Remediation
Signatures
Heuristics
•
•
•
•
•
Header Analysis
Language Analysis
Content Analysis
Structural Analysis
Image Analysis
• Body Hash
• Body Fuzzy Signatures
• Attachment Signatures
Managed by Symantec
URL Filters
• Fraud URLs
• HTTP URLs
• Adult URLs
Allow and Block Lists
• Personal Allowed and
Blocked Lists
• Personal Language
Filters
• Admin-Defined Allowed
and Blocked Senders List
Managed by customers (optional)
• Greater than 99% effectiveness
• Accuracy of over 99.9999%
• Less than one false positive in every one million legitimate emails
6
Adaptive Reputation Management
Global reputation
Local reputation
• Leverages reputation service from Brightmail
BLOC and patented Probe Network
• Self-learning local reputation scoring
tracked by each scanner
• Tracks millions of known spam and safe
senders based on IP
• Used by connection classification to defer
connections of likely spam senders
• Effectively tracks mixed reputation and
distributed low volume senders
Connection Classification
• Assigns system resources differentially
based on connection class
• Guarantees higher quality of service to
senders with better reputations
• Filters out up to 90% of spam traffic
based on reputation
7
Best in Class Antivirus Protection
Symantec Antivirus Engine
•
•
•
•
•
•
Signature-based Virus
Definitions
Script-Blocking
Bloodhound™ Heuristic
Definitions
Day Zero Malware Protection
Mail/zip Bomb Protection
Decomposer and File Typer
for Attachment Scanning
•
•
•
•
•
•
•
Multi-threaded Scanning for
Performance
Mass-mailer Cleanup
Heuristic- and Behavior-based
IM Monitoring
LiveUpdate
Multi-threaded Scanning
Repair Engine
Flexible Workflow with
Multiple Dispositions
• Over 40 consecutive perfect scores (VB100 designation) from VirusBulletin, since
1999 – “excellent scanning speeds and the usual impeccable detection”
• Top performer in AV-Test benchmarks, with no false positives, fast scan speed, rootkit
detection, and malware cleaning
8
Outbound Control
CONTROL
• Email and attachments
– Compliance
– Intellectual Property
Outbound
Control:






Advanced Content
Filtering
Data Loss Prevention
Regulatory Compliance
Flexible Policy-based
Workflow and Rule sets
Pre-built Templates and
Dictionaries
Compliance Folders
– Sensitive Information
– Inappropriate
• Structured Data Matching
– Fingerprinting
– Exact data protection
– Related data matching
9
Advanced Content Filtering Framework
Symantec Brightmail Content Filtering Engine
Detection
Policy Management
• Centralized Management
• Pre-built Policies,
Patterns, and Templates
• Graphical Condition
Builder
•
•
•
•
•
Regular Expressions
Pre-built Dictionaries
Structured Data Matching
True File Typing
Text Extraction and
Attachment Scanning
Remediation
•
•
•
•
Incident Management
Notifications
Enforce TLS Encryption
Tag for Archiving
Header/Message
Modification
• Bounce Message
•
•
•
•
Compliance Folders
Access Controls
Multiple Verdicts
Hold-for-Review
Workflow
• Graphical Incident
Manager
Reporting
• Pre-built Reports with
Flexible Options
• Automated Report
Generation
• Illustrate Liability and
Risk Reduction
10
Choice in Email Encryption
Email
Server
Users
Policy
Configuration
Admin
Messaging Gateway
Customer Network
• Symantec Content Encryption, a hosted option leveraging Symantec.cloud
Unencrypted Communications
Unencrypted
Recipient
TLS
Encrypted Email
Based on Policies
Encryption
Encrypted Response
Encrypted
Recipient
Admin
Email
Server
Messaging
Gateway
Users
PGP GW
Email
Customer Network
• Symantec PGP Universal Gateway Email, for extensible on-premises encryption
Unencrypted Communications
Unencrypted
Recipient
Encrypted
Recipient
22
11
Powerful and Easy to Use Management
MANAGE
• Setup in minutes
– No tuning requirements
– Adapts to local environment
Management and
Administration





Unified Control and
Management
Frequent Automatic
Spam/Virus Updates
Comprehensive
Logging and Alerts
On-Demand
Reporting and
Intelligence
Virtual Appliance
• Minimize administrative effort
– Role based administration
– End user self service quarantine
– Dashboard and automated reporting
– Message tracking and auditing
• Benefit from virtualization
– Supports mixed physical / VMware
environments
– Save on hardware costs
– Simply backup and high availability
12
Virtual vs. Physical Appliance Option
Model
Platform
8340
1 Rack Unit
Single Processor
2x160GB
Hypervisor
Segment
Small and Medium Businesses
• Compatible with VMWare ESX 3.5
and ESXi 3.5 servers
• Dedicated Scanners or Dedicated Control
Center
• Same software license for virtual
and traditional appliance
• Combined Scanner/Control Center:
Suitable for smaller organizations
13
Out-Of-The-Box Reporting
Full set of reporting options
• Dashboard - quantifies all known
email threats
• Executive Summaries
• Over 50 preset reports
• Flexible reporting workflow
• Scheduled report generation and
export options
Benefits
• Gain insight into performance
• Identify Email and IM security
trends
• Track potential compliance issues
14
Simple Message Tracking
1
Filter with multiple criteria
•
•
•
•
2
Retrieve Message Status
•
•
•
•
•
•
3
Sender
Recipient
Subject
etc.
Time message processed
Sender
Recipient
Subject of the message
Disposition (spam, virus, blocked
sender, etc)
Actions Taken
Drill down for
detailed forensics
15
Flexible Compliance Administration
• Create additional administrator accounts
– Specify desired level of management
privileges
– Specify list of administrators who can use
Control Center
– Specify administrators who can access
compliance folders
• Customize administrator rights
– Full Administrator rights (View and Modify any
page in Control Center)
– Limited access to restrict access to certain
settings
– Differentiate between View and Modify access
16
Thank you!
Stéphane Jacobs
Stephane_jacobs@symantec.com
Copyright © 2011 Symantec Corporation. All rights reserved. Symantec and the Symantec Logo are trademarks or registered trademarks of Symantec Corporation or its affiliates in
the U.S. and other countries. Other names may be trademarks of their respective owners.
This document is provided for informational purposes only and is not intended as advertising. All warranties relating to the information in this document, either express or implied,
are disclaimed to the maximum extent allowed by law. The information in this document is subject to change without notice.
Key Benefits
Best of Breed Technologies
• Uncompromising Protection
• Unique Antispam – Effective on botnets and adapts to your local threat
conditions with greater than 99% effectiveness and 99.9999% false positive
rate
• Best Antivirus – Unparallel VB100 testing results
• Advanced Content Filtering – Protect confidential information
• Powerful and Easy-to-Use Management
• Out-of-box Installation – Less than 15 min setup time
• Zero Tuning – No administrative work is required to train the rulesets
• Continuous Automated Updates – From Symantec Global Intelligence Network
• Smart Investment, Today and Tomorrow
• Save on hardware by implementing the Virtual appliance on hardware of
choice, including ones currently owned
• Lower total cost of ownership with minimal ongoing administrative overhead
19
19
Competitive Comparison
• Compared to Barracuda, Symantec has
• Better protection – 8% more effective than Barracuda; and Barracuda had almost
9x more false positives than Symantec did1.
• Easier to manage – Zero ruleset maintenance, and no tuning required.
• Lower total cost of ownership – Lowest on-going costs; scalable appliance
• Compared to Cisco Virus and Spam Blocker, Symantec has
• Smarter appliance – Industry’ only global AND local IP reputation technology
• Better antivirus – Day zero antivirus protection included
• Compared to McAfee, Symantec has
• Better antispam – McAfee has substantial administrative burden to train rulesets
• Better antivirus - Symantec has more than 40 consecutive VB100 awards for the
last 10 years. McAfee has failed 11 times since 19992.
1 InfoWorld Technology of the Year Award, 2005-2008, winner for Best Anti-Spam/Mail Security Solution.
2 VirusBulletin100 Awards 1999 to 2009
20
Spam as a Percentage of Email Volume
Challenge #1: Spam Continues to Flood Servers and Employee
Inboxes
419 Spam
PDF Spam
Image Spam
Phishing
90%
HTML
ASCII
Simple Text
8%
2001
Source: Symantec State of Spam Report
2009
Severity/Complexity
21
21
Challenge #2: Sensitive Data is Leaving the Enterprise,
Risking Brand and Reputation
Customer, Employee,
Patient Data
Intellectual Property
Company Confidential
Regulatory Compliance
Competitive
Reputation
 HIPAA, GLBA, PCI,
State Data Privacy,
Caldicott, PIPEDA
 Source Code
 Press Release
 Engineering Specs
 Quarterly Earnings
 Strategy Documents
 M&A
 Pricing
 CEO Internal Email
 SSN, Credit Card
Numbers, Health Info
• 1:400 emails contain confidential information
• Over 90% of data loss caused by breakdowns in process
controls by good employees
22
22
Reducing False Positives with Structured Data Matching
• Matching to database extracts
– Protect the exact data you care about – not just a pattern that looks like a credit
card number, but your customers’ actual credit card numbers
– Protect data that is difficult to describe and only important if related - e.g.
Employee first name, last name and salary
• Once a fingerprint has been created from these data, the administrator can
specify what defines a violation
– E.g. fields required for a match
First Name
Last Name
Social Security
Hair Color
Kayla
Douglas
770-12-6909
Black
Karen
Whitcomb
149-60-0533
Blond
Brian
Hubert
227-01-2294
Brown
Clare
Mata
476-68-0222
Red
Ralph
Hansen
221-20-9165
Brown
Felipe
Fulmer
698-01-7121
Gray
23
Symantec Data Loss Prevention Integration
• Protect confidential data
across endpoint,
network, and storage
systems
• New integration:
– Simplifies deployment and
management
– Ensures high availability and
performance
24
Challenge #3: Messaging Infrastructure is Increasing in Cost and
8:15 AM
Complexity
8 AM
Targeted Attack Occurs
9 AM
Challenges
• Generating Management Reports
• Keeping Systems Current
10 AM
11 AM
Noon
• Responding to End User Requests
• Managing Policies Across Systems
10:30 AM
Install System Updates,
Manually Adjust Policies
11:45 AM
Generate Reports for
Executive Review
1 PM
• Managing Spiraling Energy Costs
1:30 PM
2 PM
Search Through Spam
Quarantine for Missing
Emails
3 PM
2:45 PM
Change Block Lists Based
on Message Audit Results
• IT Budgets and Headcount are Flat
• IT Responsibilities are Growing
9:00 AM
Help Desk is Bombarded All
Day
4 PM
Midnight
12:00 Midnight
Executive Calls: Can’t Find
My Email!
25
25
Streamlined System Management
• Automated filter downloads and statistics
• Antivirus LiveUpdate process
• Simple software updates
• Automated email alerts
• Granular backup and restore
• Configurable logging levels
• SNMP support
26
Upsell/Crosssell
Easy Up-sell/Cross-sell Opportunities
Add Messaging Gateway Small Business Edition to
provide comprehensive end-to-end protection, securing
both inbound and outbound email and instant message
traffic from phishing threats.
One affordable Messaging Gateway Small Business
Edition appliance at the messaging gateway can
drastically reduce spam volumes—relieving stress at the
mail server level.
Mail Servers
Customer Benefit
• Plug & Play Email and IM protection
• Lowe TCO and save costs on mail servers
Partner Opportunity
• Easy up-sell from Symantec portfolio
• Additional revenue
28
Competitive Displacements
Customer Benefit
•
•
•
•
Partner Opportunity
• Easy and centralized management
• Focus more on higher revenue consulting services than day-today administration
• Improve customer relationship
Better protection technologies
Much less administrative overhead
Hardware scalability and flexibility
Lower Total Cost of Ownership (TCO)
29
Summary
Symantec Brightmail Gateway
Product Recognition
“Symantec takes the prize with superior antispam and anti-malware capabilities, strong
enterprise-class features, excellent
management and reporting tools, and a very
polished and easy-to-use administrative
interface.”
-InfoWorld 2008 Technology of the Year Awards
4th Consecutive Year
- Best Messaging Security
Product Excellence
Award: Server Appliance
Leader, Forrester Wave
2009 Email Filtering
Leader, Magic Quadrant
2010 Secure E-Mail Gateways
Symantec … shows a level of
sophistication and ease of use that only
comes from being a class leader for a
long time, and having all the sharp
edges rounded off.
31
31
Customer Confidence In Symantec
We protect over 800M mailboxes at over 100,000
customers, including…
32
32
Global Support Presence
More than 2400 highly trained global
support professionals
• Experts with certifications from
more than 20 industry
associations and technology
providers including:
– Microsoft, Cisco, Sun, HP, IBM,
SNIA, and CISSP
• Rapid resolution of multi-vendor
cases provided through:
– Cooperative support agreements
with more than 200 vendors
– TSANet board membership
• Support delivered in 10 languages
• Awards:
– SSPA Star Award (Service and
Support Professionals Assoc.)
– Omega’s NorthFace
ScoreboardSM Award
– WebStar Award from
Supportgate.com
29 regional support centers
70 regional delivery partners
• Global programs to extend
support delivery through partners
33
What To Do Next
Try the product!
• 30-day evaluation www.symantec.com/trybrightmail
Compare effectiveness and accuracy
• Greater than 99% effectiveness, less than 1 in a
million false positives
Symantec and our partners can help assess,
plan and deploy successfully!
34
Backup
35
Messaging Gateway Architecture
Symantec Global Intelligence Network
• SMTP
• IM
Antispam
Antivirus
Advanced
Content
Filtering
Embedded MTA
Data Loss
Prevention
IM Proxy
Message processing and verdict analysis
Policy Engine
Encryption*
* Native TLS encryption, Integration with encryption partners
Reputation
Rules
Signatures
Heuristics
Definitions
Management Interface
• SMTP
• IM
Adaptive Reputation Mgmt.
•
•
•
•
•
36
36