2. Agenda The Marshal Story MailMarshal Inbound/Outbound Content Filtering WebMarshal Inbound/Outbound Internet Filtering Marshal Endpoint Security Control User Access Points Security Reporting Center
3. What Does Marshal Do? Marshal provides comprehensive security solutions that include: Email Security Web Security EndPoint Security Security Reporting
4. Who is Marshal? First MailMarshal Customer in 1997 40% of Fortune 500 Use Marshal Products Customers in 97 Countries 19,000+ Companies Utilizing Marshal World Wide with 8,500 in the US Offices in Atlanta (HQ), Houston (Support), UK (HQ), New Zealand (Development) WebMarshal finalist in the "Best Web Filtering Solution" category in the SC Magazine's 2007 and 2008 U.S Reader Trust Awards (at RSA) Gartner Email Security Boundary Magic Quadrant 2007 Key Product points – Easy to eval, install, deploy and use. High performance (fast), functionally, superior content engine with lexical analysis and very good price point.
5. Representative Customers GOVERNMENT EDUCATION HEALTHCARE BANKING / INSURANCE PROFESSIONAL SERVICES MANUFACTURING OTHERS
6. Internet Secure Email Gateway Where Does Marshal software run End User Workstations Secure Email Gateway Internal Email Server SMTP Server Email Gateway Firewall Internal Network DMZ Perimeter Security Zone Normal Email S/Mime Encryption
7. Common Policy Engine Components AV Scanners Spyware Scanners Urlcensor Textcensor & Textcensor Scripts File Un-packer File Type Identifier Policy Definition Wizard (Customized To Suit Product)
26. MailMarshal SMTP Gateway Solution: Secure-Protect-Comply Anti-Spam: Controls spam based on extensive array architecture Prevents Directory Harvesting Attack (DHA): Secures data to prevent DHA Prevents Denial of Service Attacks (DoS): Stops flood of spam from bringing email servers down Anti-Virus: Scans messages in real-time Anti-Spyware: Isolates suspicious email attachments at the gateway Manage Email Attachments: Strips attachments or blocks file types per user Deep Message Analysis: All layers of email dissected into basic components for comprehensive security Image Analyzer: Scans and sorts images to comply with acceptable use policies CHRISTINA NEUSTADT, Director of Customer Service, The Weather Channel
28. MailMarshal SMTP v6.4 SpamProfiler - Spam Signature Service, Deployed at the MMReceiver Marshal IP Reputation Service – Mixture Of White & Black Data Auto white-listing for Reputation/RBL lists based on number of successfully delivered email and % of Spam received Enhanced Email Routing Options Marshal Notification Service – RSS feeds from Marshal, 4 feeds: Product Updates & Notifications, TRACE Alerts, TRACE News and Offers & Promotions Image Analyzer Update – More Accurate, Faster Full Office 2007 File Support McAfee Engine Update Dead-letter updates – Expanded Support for Bulk E-mailers SQM Update Extending SpamCensor Scans Complete Message Body and Attachments
29. Anti-Spam Arsenal Reputation Lists - Automatic Adaptive Whitelisting SpamProfiler - Regularly updated list of intelligent profiles for Spam Messages, run at receiver SpamCensor - Heuristic detection engine with more than 1800 checks on Email header alone URLCensor - Looks for URL links inside email messages – Phishing Detection, de-obfuscates mined URL’s Custom – CountryCensor, Whitelists, etc.
30. SpamCensor Heuristic detection engine with more than 1800 checks on Email header alone – Most Configurable Works on a scoring system, by default over 60 pts is considered a Spam message Has series of Spam categories to identify Spam makeup Automatically updated weekly Framework for delivering Zero day Spam & Virus updates Can be used for many other functions in MailMarshal
31. URLCensor Looks for URL links inside email messages – Phishing Detection De-obviouscates mined URL’s Performs DNS check against external suRBL lists to see if URL is listed
32. DNS Blacklists One of the traditional methods of Spam detection Looks up IP addresses or Sender names in remote DNS lists Examples of DNS Blacklists are:- SpamHaus SpamCop
33. CountryCensor Identifies the IP address of the original sender Looks up this IP address against a database of the IP address ranges allocated to different countries Can allow, Block or just log in the instance of an Email coming in from a region or a particular country – Detects country of origin
34. TRACE Team Marshal TRACE: Threat Research and Content Engineering Global Spam Honeypots and Submitters Research by Security Experts Spam, Threat and Zero Day Updates TRACE Threat Research and Content Engineering MailMarshal Server Automatic Machine Learning Analysis Threat Database
35. TRACE Website Currently covering Email, Web and malware threats Full range of emerging threats and advice Detailed statistics and reports Blogs & RSS feeds Future is for greater automatic protection directly into products and correlation of threat data from customer base www.marshal.com/trace
36. 9/23/2008 Summary Marshal’s Defense-in-Depth Anti-Spam & Anti-Phishing engine is the most advanced available, with multiple facets and layers to cover the ever evolving Spam & Phishing threat Combination of technologies providing consistent results, Zero False Positives and a 99.5% detection rate Designed and tuned for speed without compromising performance Marshal’s Trace team of experts providing the vigilance and protection for your ease of mind Free 30 Day Trial Software at www.marshal.com
37. MailMarshal For Exchange Internet Monitor Internal Microsoft Exchange Email Addresses Acceptable Use Policy (AUP) of Inter-office Communications Pre-Configured Rule Sets Anti-Virus for Internal Email Same Attachment & Message Scanning Engine as MailMarshal Reporting Includes ALL Internal Email On average, 70% of corporate email, excluding spam, is internal, 30% external Exchange Server Firewall
38. Provides ‘the best of both worlds’ – appliance hardware and software Easy to deploy - hardened platform - low administration overhead Flexible – upgradeable - scalable – multi-function security ‘MailMarshal software solution in a box’ Full functionality of MailMarshal software – packaged in a box! Hardened Email Security Appliance Standard 1U 19” rack mountable chassis Unified solution for anti-virus, anti-spam and email security 9/23/2008 Marshal e10000 Security Appliance
40. The Wild, Wild Web “To date, most large enterprises already have some combination of network firewall, URL filter and proxy server to protect and manage Web traffic. However, most organizations do not effectively filter malware from Web traffic. Gartner estimates that fewer than 15% of enterprises scan Web traffic for viruses.” (Gartner March 2007) “Marshal’s TRACE Team last year predicted that social networking sites such as MySpace would be increasingly used as vehicles for spreading malware in 2008. Their popularity and rapid growth with Internet savvy users makes them an ideal vehicle for this kind of activity. People’s guards are lower and they are more accepting of familiar looking messages coming from seemingly trusted and frequently used websites.”
41. Web 2.0, Employee 2.0 Web 2.0 is the term that refers to a second generation of hosting and online communities, social-networking sites (personal and business), content sharing (videos and photos), wikis (user created content) that facilitates sharing, creativity and collaboration between users. The next generation Employee 2.0 has grown accustomed to these services and stopping all access could cause hiring issues and corporate culture stigmas. What are your choices?
42. What Are Your Choices? Stop all access to these websites, or… Create an Acceptable Use Policy and institute some simple, yet thorough protections against the malware and malicious content that grows each day on the web.
43. 9/23/2008 Market Future - Web The rise of Web 2.0 and lack of protection is causing a rapid rise in the attacks using Internet browsing. Organizations need to protect this widely used communication path in and out of their networks. Companies need to look for products delivering a Secure Web Gateway vision, moving beyond only URL Filtering to provide real ‘web access control’ for the content users are actually visiting Advanced multi-layered threat protection in real-time on the content being accessed and Data Leakage protection across this popular outbound path of data. Web Access Control Web Threat Protection Data Loss Prevention
44. Securing the Web Gateway “The Internet has become a major source of infection for PCs, and the massive adoption of Web applications, in addition to the popularity of blogs and social-networking sites, has made this vector much harder to control. The Internet and Internet applications will be the primary sources of malware infections in the enterprise in 2008 and beyond. Most companies have focused on the desktop or e-mail gateway to block malicious content. The enterprise Web gateway is another tier in need of additional protection from malicious code and inappropriate use.” (Gartner March 2007)
45. 9/23/2008 WebMarshal-Beyond URL Filtering WebMarshal 6.0 is a Secure Web Gateway It Goes Beyond URL Filtering Provides real-time content analysis of incoming and outgoing Web traffic Webmarshal Is Designed To Meet The Needs Of All Organizations – Large And Small Array Manager architecture allows management of distributed multi-server environments
46. Key Functionalities WebMarshal combines 3 key functions into one Secure Web Gateway: Web Access Control – management of employee Internet use Web Threat Security – protection against Web-based security threats Data Leakage Prevention – security of confidential or sensitive information Free 30 Day Trial Software at www.marshal.com
47. Common Policy Engine Components AV Scanners Spyware Scanners URLCensor TextCensor & TextCensor Scripts File Un-packer File type identifier Policy definition wizard (Customized to suit product)
48. Secure Web Gateway Appliance All in one combined Email & Web Security Appliance Unified Administration, Management & Reporting Suited for sub 2500 user companies that are looking for a single all in one appliance, a hardened solution for MailMarshal & WebMarshal products 9/23/2008
50. Where Does The Threat Originate? 74% of survey respondents said threats to corporate security are now coming from inside the organization. IBM Security Survey 2006 Up to 70% of identity theft starts with the deliberate removal of personal data from a company by an employee Professor Judith Collins, Michigan State University Human Error was responsible for nearly 60% of security breaches in 2005 4th Annual CompTIA Study on Information security and the Workforce 70% of threats come from inside the organization Analyst Firm
51. Marshal EndPoint Security Helps protect your data, both on and off the network: Prevention - Prevents the transfer of files to or from unauthorized portable devices Protection - Automatically encrypts data copied to approved devices Visibility - Provides complete visibility of device and file accesses on the network Flexibility - Provides granular control over who has access to what devices and for how long
53. Integration with new Marshal URL Filtering List New Device Support Microsoft ISA Security Logs in addition to current proxy support Borderware update to latest OS NetScreen update to latest OS Juniper update to latest OS Highlights: URL filtering list integration ISA Security log support Updated Borderware support Updated Netscreen support Updated Juniper support Security Reporting CenterFirewall Reporting WebMarshalInternet Browsing Content Security MailMarshalEmail Content Security Security Reporting Center v2.5
54. When Selecting a Security Partner… Consistent Policy Engine Does Spam Filtering Occur Inside the Firewall Zero Day Protection Allow Custom File Type Definitions Is There a 24-hour Protection Team Actively Scan all Web Content in Real Time