SurfControl E-mail Filter

(E-mail & Product Overview)

E-mail Basics

How Does E-mail Work?

Help?

MTA/Relay Hosts E-mail Protocols• SMTP• POP3• MAPI/RPC• IMAP

DNS MX Records MIME Type LDAP

Mail Transfer Agents (MTAs)

Sender’s Network Recipient’s Network

ExchangeServer

SurfControl E-mail Filter

RelayHost

Lotus/Domino Server

SurfControl E-mail Filter

E-mail delivery relies upon MTAs. There are two types of MTAs:

• E-mail servers • Relay Hosts

MTAs Continuted

The main difference between an e-mail server and a relay host is that e-mail servers have mailboxes and most relay hosts do not. However, an e-mail server can act as a relay host. There are two types of relay hosts, open and closed.

open: allows any and all mail into a network. An open relay host can compromise network security.

closed: only allows e-mail destined for, or originating from, the protected domain through the relay. A closed relay protects a network. SurfControl E-mail Filter is a closed relay.

Using a relay hosts allows you to have more control over routing within a domain.

Protocols

Exchange server

Exchange server

SendMail server

RPC

IMAP

RPC

POP3

SMTP

SMTP SMTP

POP3 or IMAP4

RPC

POP3IMAP4

MAPIWhat ARE you talking

about?!

Protocols

Protocols are just like language or accents even, that two people are loaded with so that they can communicate

For example, if somebody wants to speak in French to you, you have to be able to understand and speak French also

It’s the same with Computers. If machines want to exchange e-mail (or anything else for that matter) they need to do it in a language that they both understand

Just like people, one machine can speak more than one language, and so can communicate with many different machines

Imagine ordering a takeaway

Exchange server

Exchange server

SendMail server

RPC

IMAP

RPC

POP3

SMTP

SMTP SMTP

POP3 or IMAP4

English Chinese

Chinese

English

EnglishYou

Woof

Woof

Sit!

Beg

Two people in a house speaking in their own language, that they both understand

Protocols

Exchange server

Exchange server

SendMail server

RPC

IMAP

RPC

POP3

SMTP

SMTP SMTP

POP3 or IMAP4

English Chinese

Chinese

English

EnglishYou

Woof

Woof

“Sit!”Dog begs

Two people in a house speaking in their own language, that they both understand

Two dogs in another room talking their own language

Note that there is also a more basic language (protocol) being used between the people and the dogs

Protocols

Exchange server

Exchange server

SendMail server

RPC

IMAP

RPC

POP3

SMTP

SMTP SMTP

POP3 or IMAP4

SMTP is the standard (equivalent to the “common language”) for e-mail delivery over the web

SurfControl E-mail Filter is interested only in the SMTP protocol

Ports

SMTP HTTP

98.6 88.6 25 80

Each protocol has it’s own assigned port number, just like a radio station has an assigned frequency

Also, just like a Radio station, a protocol isn’t tied to one port/frequency – it can swap

And just like a radio frequency, a port needs to have a machine at the other end of the transmission that is able to listen to it

Ports

SurfControl PLCRiversideMountbatten WayCongletonCheshireCW12 1DY

Which employee it for?Who needs it?

Wasted time in getting it through

SurfControl PLCRiversideMountbatten WayCongletonCheshireCW12 1DY

Rob Smith

Andy Jones

Chris Bailey

Not Feasible

SurfControl PLCRiversideMountbatten WayCongletonCheshireCW12 1DY

Rob SmithSurfControl PLCRiversideMountbatten WayCongletonCheshireCW12 1DY

Add a reference

Add a name

Add a port number

The port number tells the receiving server which service/program the communication is for, without having to know what is in it

Individual connections/postmen?

Reply

.com?

DNS Records (Domain Name Server)

You type http://maps.yahoo.com into IE The local DNS Server manages queries to Root DNS, COM

DNS and Yahoo DNS and returns an IP address to your PC http://maps.yahoo.com appears in your browser

DNS DNS DNS DNS

RootLocal .com Yahoo

maps.yahoo.com

yahoo?

Reply

maps?

ReplyReply

MX (Mail eXchange) Records

You send an e-mail to training@surfcontrol.com

Your MTA queries the DNS Server for MX Records

The DNS Server returns the IP address of the e-mail server

The MTA delivers the e-mail

DNS

Q MX:surfcontrol.comR: MX

212.150.43.14

E-Mail Structure - MIME

Envelope: contains two SMTP commands (MAIL and RCPT). MAIL identifies the sender; RCPT identifies the recipient.

Header: contains additional information about the e-mail included by the email client (such as Date or Message-ID).

Body: contains the text of the e-mail and any attachments (MIME - Multi-Purpose Internet Mail Extensions) MIME allows files to be attached to e-mails, and tell the receiving server how to open them.

Just the same as a real mail/letters in construction!

Minimum Spec for E-mail Filter

Processor Intel Pentium III; 600 MHz or higher• How fast it can push things through

Memory 512 Mbytes RAM; 1024 Mbytes strongly recommended• For making the product more efficient – e.g. Rules storage

OS Windows 2000 Server (SP3) or Windows Advanced Server (SP3) or Windows Server 2003

• Why not XP? Lorry Vs Lamborghini – designed to manage larger loads

DNS Internal or external DNS configured• So it can send mail out

Disk space 5 Gbytes free• Storage on the machine for isolated mail and the product itself

So, How Does E-mail Work?SMTP

25

POP3 110

DNS

SMTP 25

SMTP 25

MXMTA

(Relay Host)

MTA(Relay Host)

SurfControl E-mail Filter

Recognizes and blocks inbound & outbound traffic Provides blended threat protection as a

continuously updated service Recognizes confidential and

restricted e-mail content Provides virus defense Set and enforce policy rules Flexible deployment options• Software or Appliance

SurfControl E-mail Filter

Why is Comprehensive E-mail Filtering the Right Solution?

An incomplete solution is a gap waiting to be exploited

Anti-spam focused point solutions don’t cover blended threats, outbound security threats, or confidential data protection

With today’s evolving risks a solution must be comprehensive to adapt to tomorrow’s threats

Dynamic filtering is the only real-world answer

How SurfControl SMTP E-mail Filter Works:

Inbound and Outbound protection/filtering

Services

In Work Out

Isolate Delay Discard MX or Relay Host

The Goal of E-mail Filtering

Security protection from:• spam• phishing attacks• malicious URL links in e-mails• spyware protectionBetter management of e-mail and network resources.Better enforcement of policiesBetter legal protection – compliance, harassment lawsuitsStronger business profitability

Blended Threat

Protection

- Adaptive Threat Intelligence- Network Connection Security

Adaptive Threat Intelligence

Dynamic Threat Databases• Anti-Virus Agent• Anti-Spam Agent

• Digital Fingerprints

• Heuristics• Lexi-Rules

Real-time Threat Technologies• Virtual Learning

Agent• Virtual Image AgentGlobal Threat Experts

ATI Delivers Security Layers to All Products

Powerful Spam & Phishing Protection

• Spam Digital Fingerprints– Categorized by content for precise threat protection

• Heuristics Engine- Thousands of e-mail rules to accurately detect phishing & spam attacks. Filters them according to the sensitivity you choose.

• LexiRules– Lexical scanning for blended threat attacks

Digital Fingerprints

Comprehensive pattern match analysis Regular expression lexical rules Extensive, thousands of rule parameters using Heuristics

engine

Heuristic Analysis

Web Threat & Spyware Protection

- Integrated Internet Threat Database- Unique protection from spyware, phishing, and malicious URL links- Unprecedented protection from harmful websites passed through e-mail

Only SurfControl brings customers the unique power of our industry leading Internet Threat database in e-mail filtering!!!

Means: Better protection coverage than any competitor

More Blended Threat Layers!

• Directory Harvest Attack ProtectionStops bandwidth consuming mail bomb attacks• Spoof DetectionDetects spammers masking their identity• HTML ParserRemoves hidden HTML code used by spammers to bypass detection• HTML StripperStrips out active HTML components - like scripts- and more

Anti-Virus Agent

Anti-virus scanning at the e-mail gateway

Total protection from the many e-mail risks.

Offers complete virus cleansing, scanning, blocking and all typical AV benefits.

Powered by McAfee

Why Our Threat Analysis is Unique

Most Internet Filtering Experience (c.1995)Worldwide Perspective (14 offices)International Cultural UnderstandingGlobal Threat Detection & Analysis (24/7)AI Technologies and Human Review Early Warning on Emerging Threats (“1sts”)Integration of all Internet protection processes in one experienced and united teamContinuous Integrated Adaptive

Customized

Content Filtering- Confidential Data Protection- Compliance Layer- Offensive/Harassing E-mail Mgmt- Customer Specific E-mail Filtering Needs

Pre Built Dictionaries & Language Packs

Provide the reference points for filtering.

160+ pre-populated category dictionaries of content: 10 languages & 16 categories.

Turnkey protection from key threat categories: Hate Speech, Offensive, Gambling, Finance, Healthcare, etc

Language Packs enable multi national organizations to deploy quick protection:

English, Dutch, French, German, Spanish, German, Italian, Japanese, Chinese Traditional, Chinese Simplified, Portuguese

LexiMatch Settings(Pluto) NEAR ($35 Million) OR (ABC, Inc) NEAR (Buyout Price) NOT (Jupiter) OR (Saturn) OR (Galaxy)

Precise Lexical Scanning with advanced Boolean

E-mail Filter’s LexiMatch

Category-specific words, with numerical weighting for each

Customizable weightings

Set Threshold sensitivity

Message statistics calculate categorization probability

Pluto 50

$35 million 25

ABC, Inc

Buyout Price

50

10

135Message Total

Threshold 100

+

+

+

Statistical Probabilities

Dictionary Thresholds

Virtual Learning Agent

Detects spam with pre-trained categories

Can learn your proprietary e-mails and protect confidential information from accidental or malicious leakage.

Protects against losses and lawsuits.

Virtual Image Agent

Filters explicit adult images from e-mail.

Uses intelligent scanning technology.

Classifies images based on customer standards.

Protects against harassment lawsuits.

How does Virtual Image Agent work?

Uses more than 22,000 different algorithms.

Differentiates between adult material and harmless photos.

Isolates suspect content for evaluation.

Enforces policy without affecting performance.

Customizable Policy

Administration, Monitoring,

Reporting

Easy-to-use Rules Administrator.

Customer can create and implement own rules.

Customer can set and reset rule criteria.

Rules can be applied to groups or individuals.

Policy Administration

Triggered Policy Options

SurfControl offers the choice – • No review with Automatic Queue Management• Admin review (at server or remotely)• Employee review (with End User Spam

Management)

For employee review, suggest only for SEF’s probability based features• ASA accuracy shouldn’t require employee

review• ASA is biggest net to catch the most attacks

Recommendations & Positioning

No review with Automatic Queue Management• Enables time for request to be made of missing e-mail;

otherwise, message is deleted after lapsed timeframe• No Admin or employee resource burden

Admin Review (at server or remotely)• Designated Manager or Admin can review isolate

folders with assigned privileges• Eliminates employee productivity loss, bandwidth

consumption, and potential legal liabilities posed by Adult spam

Employee review (at the desktop)• Allows employee to manage review of their own false

positives

Message Administrator

Review of isolated messages; automatically delete or release isolated e-mails for hands off administration

Remote Message Administrator and password protected isolate folders allows e-mail content review by designated managers

Analyze and take action on isolated e-mails from the desk or while on the road

Real-Time Monitor

Monitor activity and behavior, any time, from anywhere.

View e-mail usage trends and summaries.

Identify and correct network and server bottlenecks.

Color-coded for instant feedback.

Data in a format you can use.

Schedule reports to automatically run and be delivered to your In Box when you want them

Trail of evidence for persistent offenders.

Comprehensive Reporting

Remote Management & Delegated Administration

Administer multiple sites from one server

Secure access and administration

Password protected

Corporate Disclaimers

Protect your corporate liability by inserting disclaimers in email messages Include sales promotional details or press announcements to your corporate mail

Flexible Notification OptionsNotification options allow you to copy the Admin, sender, recipient, or an appropriate manager

Insert notification shortcuts related to the triggered email – example $S inserts the sender info

File Attachment Management

Strip or isolate attachments

Disallow non-businessapproved files

Eliminate the securitythreat from unauthorized file transmissions

Message Archiving

Archive Message operation enables you to copy a message to a specified folder.

Archiving messages can be useful particularly when you are monitoring possible problem behavior.

Keep a record of all messages sent or received or archive specific triggered policies.

Fail Over & Load Balancing

Ensures your systems are up and running and that mail is being processed

Multiple servers share message processing.

Better network management and reduced administration.

Encryption methods:TLS, SMTPS

E-mail Encryption

Encryption Methods

TLS• The more common administrator’s choice• A protocol that guarantees server-to-server

privacy• Uses port 25

SMTPS• The less common administrator’s choice• A protocol that guarantees server-to-server

privacy• Uses port 443

Internet

How Encryption Works

1. Site1 tells Site2 it wants to send an e-mail via TLS or SMTPS.

2. Site2 gives Site1 its public key.

3. Site1 uses Site2’s public key to encrypt the e-mail, and sends it to Site2.

4. Site2 uses its private key to decrypt the e-mail.

Site1

Site2

How Encryption Works

Keys & Certificates

To use TLS encryption, you must get a certificate. The certificate includes your keys.

Certificate types:• Certificate from third party such as Verisign

– Most “respected.”• Self-signed certificate

– Good for small environments that don’t already have a certificate

How Encryption Works

E-mail Filter’s Certificate Manager

Import an existing certificate (such as from Verisign) Export a certificate Create a self-signed certificate.

How Encryption Works

Anti-Spoof Technique: Sender Policy Framework

SPF: Stops spammers from forging the “from” fields in an e-mail.• In order to use SPF, the sending e-mail must

publish an SPF record in DNS records.• If sending e-mail doesn’t have a matching

registered SPF record in DNS, DNS does not forward the e-mail.

Questions

Is there a product that competes with this one?

What can be the main benefit for a company that uses this product?

What elements have to be considered to implement the solution?