企業(yè)電子郵件系統(tǒng)安全解決方案

1、企業(yè)電子郵件系統(tǒng)安全解決方案Symantec Messaging Gateway 10.5 Basic Threat Landscape1 in 414釣魚(yú)郵件1 in 291惡意代碼攻擊69%垃圾郵件23%包含惡意代碼URL*Source:- ISTR vol. 18 (Symantec, 2013) 2定向攻擊up 42% 3數(shù)據(jù)泄漏1:400 emails 包含敏感信息4Symantec Messaging Gateway防范垃圾郵件和惡意代碼屢獲殊榮的防垃圾和防病毒病毒技術(shù)IP&URL 信譽(yù)技術(shù)全球智能情報(bào)網(wǎng)絡(luò)抵御定向攻擊文檔保護(hù)下一代防垃圾郵件技術(shù)自定義規(guī)則抵御定向攻擊阻止數(shù)據(jù)泄漏D

2、LP 集成網(wǎng)絡(luò)和內(nèi)容加密高級(jí)內(nèi)容過(guò)濾5Overview Symantec Messaging Gateway郵件安全的第一次防御網(wǎng)絡(luò)和協(xié)議層的郵件安全網(wǎng)關(guān)閾值設(shè)定及垃圾郵件連接丟棄功能，降低內(nèi)部郵件服務(wù)器負(fù)載保護(hù)內(nèi)部郵件服務(wù)器抵御SMTP攻擊掃描郵件，消除病毒、垃圾郵件和高級(jí)攻擊威脅雙向過(guò)濾，確保合規(guī)公司郵件策略阻止敏感數(shù)據(jù)泄漏Symantec Messaging GatewayVendor maintained OSReduced maintenanceTransport Layer SecurityBlock threats at the network layerAntimalwareA

3、ntispamData Loss PreventionContent EncryptionContent Filtering6防范垃圾郵件和惡意代碼7Award winning Antivirus technologyContinuously updated virus signaturesDisarm Office and PDF documentsBloodhound heuristicsMacro scanningGlobal Intelligence NetworkVB100 awardsGartner Magic QuadrantForrester WaveLeader, Magic

4、 Quadrant2013 Secure E-Mail GatewaysDisarm can remove all potentially malicious content, while preserving the visual integrity of documents8Multiple layers of antivirus protectionSymantec Antivirus EngineVirusesMass-mailer wormsTrojan horsesSpywareBloodhound Heuristic DefinitionsScript-BlockingMail/

5、zip Bomb Protection Multi-threaded Scanning for PerformanceEngine RepairDecomposer and File Typer for Attachment ScanningScans within container files (zip, rar, etc.)Complete Message Content AnalysisVirus Signature ProtectionBlock executable file typesFilter based on attachments, subject lines, SMTP

6、 headers, etc.Predictive Content InspectionZero-day Malware ProtectionBloodhound Heuristic AnalysisIn-depth macro scanningHigh PerformanceMulti-threaded ScanningLiveUpdate enables definition updates without downtimeFlexible Workflow with Multiple DispositionsMail/Zip Bomb Protection9抵御定向攻擊10解除附件威脅威脅

7、: 攻擊利用帶有惡意威脅URL或代碼的附件進(jìn)行。主要用于釣魚(yú)攻擊以及高危持續(xù)性攻擊 Advanced Persistent Threat (APT)利用惡意代碼或利用漏洞注入代碼當(dāng)前的解決辦法: 對(duì)特定文檔類(lèi)型進(jìn)行掃描，但是只能解決已知的惡意文檔。最新的解決辦法：重構(gòu)文檔，去除威脅Symantec Research Labs analysis tested 113 Zero-Day Exploits from 2013 From Common Vulnerability and Exposure (CVE) databaseDisarm blocked 98% of exploits移除 Ja

8、vaScripts and “啟動(dòng)” 行為移除/替換 嵌入的objects或文件, 比如. Flash清除有害的 XML Forms Architecture (XFA) objects移除 macros移除/替換 嵌入的 objects, e.g. Flash重構(gòu)文檔, e.g. PDF, images, 移除 macros移除/替代 嵌入的 Flash, EXEs重構(gòu)文檔, e.g. PDF, OLE inside OLE, 2007/解除附件威脅 支持格式和方法防垃圾郵件技術(shù)Effective against targeted attacks!信譽(yù)過(guò)濾在網(wǎng)絡(luò)層阻止垃圾郵件回彈攻擊保護(hù)阻止

9、繞過(guò)反垃圾郵件技術(shù)啟發(fā)掃描檢測(cè)新的垃圾郵件特征簽名阻止與已知垃圾郵件樣本相似的郵件URL 過(guò)濾檢測(cè)欺騙或釣魚(yú)允許和阻止列表已知的好的或壞的發(fā)件人列表13全球信譽(yù)(Across all customers)本地信譽(yù)(Tailored to an individual customer)IP 信譽(yù)(Who sent the email)Global reputation: Symantec 發(fā)件人黑名單Local reputation: 連接類(lèi)別內(nèi)容(What does the email say)全球垃圾郵件規(guī)則用戶自定義規(guī)則下一代防垃圾郵件技術(shù)環(huán)境過(guò)濾技術(shù)14全球最大的智能情報(bào)網(wǎng)絡(luò)識(shí)別更多的威

10、脅，更快的響應(yīng)，阻斷攻擊影響Information ProtectionPreemptive Security AlertsThreat Triggered ActionsGlobal Scope and ScaleWorldwide Coverage24x7 Event LoggingRapid DetectionAttack Activity 240,000 傳感器 200+ 國(guó)家和地區(qū)Malware Intelligence 1.33億個(gè)終端端、服務(wù)器、網(wǎng)關(guān)覆蓋全球Vulnerabilities 35,000+ 漏洞 11,000 vendors 80,000 技術(shù)Spam/Phishi

11、ng 5M decoy accounts 8B+ email messages/day 1B+ web requests/dayAustin, TXMountain View, CACulver City, CASan Francisco, CATaipei, TaiwanTokyo, JapanDublin, IrelandCalgary, AlbertaChengdu, ChinaChennai, IndiaPune, India15全球信譽(yù)(Across all customers)本地信譽(yù)(Tailored to an individual customer)IP 信譽(yù)(Who sen

12、t the email)Global reputation: Symantec 發(fā)件人黑名單Local reputation: 連接類(lèi)別內(nèi)容(What does the email say)全球垃圾郵件規(guī)則用戶自定義規(guī)則下一代防垃圾郵件技術(shù)環(huán)境過(guò)濾技術(shù)16用戶自定義規(guī)則Enables administrators to improve defense against attacksAllows for unwanted emails to be treated as spam, even if the messages are technically “ham”Customer ACustom

13、er BSubmissionsCustomer-specific RulesSubmissionsCustomer-specific RulesGlobal Rules17阻止數(shù)據(jù)泄漏18Sensitive Data is Leaving the Enterprise, Risking Brand and Reputation客戶、員工醫(yī)患數(shù)據(jù)管理合規(guī)HIPAA, GLBA, PCI, State Data Privacy, Caldicott, PIPEDASSN, Credit Card Numbers, Health Info知識(shí)產(chǎn)權(quán)競(jìng)爭(zhēng)力源代碼工程設(shè)計(jì)戰(zhàn)略資料價(jià)格數(shù)據(jù)公司機(jī)密信譽(yù)財(cái)報(bào)收

14、入并購(gòu)計(jì)劃高管內(nèi)部郵件19內(nèi)建數(shù)據(jù)泄漏保護(hù)功能多種數(shù)據(jù)分類(lèi)詞典PCI, HIPPA, Personally Identifiable Information (PII)向?qū)揭?guī)則創(chuàng)建，簡(jiǎn)捷的策略強(qiáng)制20Seamless integration with Symantec DLP21公司內(nèi)部網(wǎng)絡(luò)郵件服務(wù)器Exchange/Domino發(fā)件人收件人ENFORCE PLATFORMBlockQuarantineModifyNETWORK PREVENTSymantecMessaging GatewayTLSNetwork and Content EncryptionEncrypted Communi

15、cationsTransport Layer Security (TLS)Symantec Content Encryption, a hosted option leveraging Symantec.cloudSymantec PGP Universal Gateway Email, for extensible on-premises encryptionCustomer NetworkUsersAdminEmail ServerMessaging GatewayPolicy ConfigurationUnencrypted RecipientEncrypted RecipientUne

16、ncrypted CommunicationsPGP GW EmailCustomer NetworkUsersAdminEmail ServerMessaging GatewayPolicy ConfigurationUnencrypted RecipientEncrypted RecipientUnencrypted Communications TLSEncryption Encrypted Email Based on Policies Encrypted Response22Advanced Content Filtering Actions根據(jù)郵件匹配特征啟用不同的流程歸檔郵件進(jìn)行

17、審計(jì)轉(zhuǎn)發(fā)郵件到管理員Many more options23Advanced Content Filtering Actions根據(jù)郵件匹配特征啟用不同的流程歸檔郵件進(jìn)行審計(jì)轉(zhuǎn)發(fā)郵件到管理員Many more optionsAllow multiple actions to trigger across multiple filtering policiesEvaluate remaining policies and perform non-conflicting actions, orBypass remaining policies and actions to improve perfo

18、rmance24系統(tǒng)管理25集中管理Control CenterDeploys software settingsManages encryption keysCentral quarantineDirectory Integration via LDAPControl Center authenticationRecipient validationAddress resolutionAdministrative Access & ControlQuarantine Access26Centralized ReportingLogs consolidated from all scanner

19、s to a single Control Center, enabling both granular and summary reports27Model83808340Platform2RU Dual Quad-Core Processors6x300GBRAID 101RUSingle Dual-Core Processor2x500GBRAID1SegmentEnterprise / Large Enterprise( 5000 users)SMB1000 User PackInstallation optionsAppliances can be deployed as:Dedicated ScannersDedicated Control CenterCombined Scanner/Control Center: Suitable for smaller organizations28Typical deployment29Why Symantec for Messaging Security?Brightmail Antisp