|
Spam Protection
ePrism uses a variety of techniques to analyze email traffic
and separate legitimate email from spam. Using multiple tests,
ePrism assures that accurate email disposition assures business
continuity and processes rather than jeopardizing them. Test
include:
- Specific Access Patterns
- Pattern-based Message Filtering
- Spam Dictionaries
- IP Reputation
- DNS Block List
|
- Bulk Analysis
- Token Analysis
- Sender Policy Framework (SPFTM)
- DomainKeysTM Authentication.
|
Once message are tested, you can define the action you want
taken including logging, modify subject header, add header,
redirection to reject email and BCC.
Content Filtering and Scanning
ePrism employs a number of technologies to scan and filter
email content and assure that your acceptable use and security
policies are being enforced:
Advanced Content Scanning - ePrism offers deep scanning
of email attachments to prevent private and confidential files
from leaving your company. This includes scanning attachments
such as PDFs, Word documents and hundreds of other file types.
Expanded Filtering Options - Several actions allow
you to create filter rules that encrypt, quarantine, BCC, notify,
redirect or discard messages.
Dictionaries - ePrism offers custom dictionary support
for content filtering allowing you to easily match simple words
and phrases against message and attachment content.
Policy Integration - Content filtering is integrated
with ePrism's policy engine allowing you to create different
sets of filter rules for different users, groups and domains.
Virus Protection
ePrism includes Kaspersky Labs Antivirus®, winner of the
coveted Best Anti Virus Solution award from SC Magazine. Automatic
hourly updates to this virus-scanning engine ensure that the
latest viruses are being identified and eradicated before they
reach your host.
Malformed Message Protection
Malformed messages can allow hackers to avoid detection,
crash your systems and lock up your mail servers. ePrism allows
only correctly formatted messages to reach their destination.
High Availability Load Optimization (HALO)
ePrism's fail-safe clustering architecture for high availability
(HALO) means your email is never lost due to individual system
failure. ePrism's HALO provides security, cluster management,
load balancing and "stateful failover" queue replication capabilities
that guarantee consistency during a crisis.
Spam Filtering:
In 2007, spam accounted for more than 90% of all
email. Whatever measures you use to analyze this number,
it all adds up to unimaginable volumes of server-clogging,
productivity-wasting headaches for your IT personnel,
networks and employees.
What may be even worse than the amount of spam being
sent across corporate gateways, is the nature of the
spam itself. The purveyors of spam are becoming more
sophisticated even as businesses deploy more solutions
to try and stop them. As older spam attacks are blocked,
new threats and annoyances seem to crop up daily:
- Botnets - This refers to a collection of compromised
computers called zombies that are running programs
designed by hackers to do damage or to gain financially.
The programs, in the form of worms, trojan horses
and backdoors are often transmitted via email, and
usually send yet more spam. So a botnet, having
control over zombie computers can spew millions
of spam messages before it is detected and stopped.
- PDF spam -- Often used in "pump-and-dump" stock
schemes this form of spam includes its content in
a .PDF file rather than an image file. Since many
spam blockers solved the image spam problem of 2007,
attackers are using PDFs to gain entrance to inboxes.
- MP3 spam -- Also used in many stock schemes,
these are audio files that escape traditional spam
detection. These files often use a female voice
encouraging the recipient to purchase the stock
in question.
- E-card spam - Another insidious trend where
bogus electronic greeting cards are sent to unsuspecting
recipients. These cards use Internet Explorer to
hijack computers and install trojans that can steal
sensitive data. In some cases, clicking on links
within the card will release viruses that take over
computers and use them to launch spam attacks.
ePrism Solves the Spam Crises
ePrism's powerful spam fighting filters give you
total control over how you manage spam and other unwanted
email:
- A Blended Solution
ePrism employs multiple filtering technologies to
deliver a powerful blended solution that catches
close to 98% of spam while delivering the lowest
false positive rate in the industry. Both objective
and subjective techniques are used to ensure maximum
anti-spam performance.
- Quarantine and Trusted Sender Lists
Your employees will welcome as they realize that
they have the ability to control their email through
building trusted sender lists. They can easily add
senders to their list or quarantine others so that
important email is never missed nor mistaken for
spam.
- Testing With Cutting-Edge Technologies
ePrism applies multiple tests to email traffic to
determine whether or not it is spam. With the lowest
false positive rate in the industry, ePrism stops
spam while ensuring that legitimate business mail
gets delivered.
Customer Data Protection:
The vulnerability of customer data to theft or misuse
is an increasing concern for global companies and government
agencies alike. The catastrophic effects of lost customer
data can be read in the headlines as well as the bottom
lines of organizations worldwide. With huge volumes
of customer data being stored electronically, the fact
that it is exposed to access and distribution via email,
whether intentional or accidental, cannot be ignored.
This exposure and loss of personal customer data is
costing organizations and individuals billions in unrecoverable
funds. Adding to the dilemma, the customer data you
keep is subject to over 22 state data privacy and notification
laws such as Sarbanes Oxley, HIPAA, PIPEDA, The Patriot
Act, HSPD-12, and FISMA.
ePrism offers the perimeter protection and advanced
content and attachment filtering required to safeguard
your valuable customer data and help you comply with
stringent state regulatory codes. When you subject customer
data to exposure via email, you risk not only your company's
financial assets, but its reputation as well. You need
to assure your customers that their valuable data is
safe and secure. By deploying ePrism with advanced content
and attachment filtering, you ensure the protection
of customer data such as:
- Contact information
- Social security numbers
- Account numbers
- Credit card numbers
- Medical records
Intellectual Property Protection
In the past proprietary, sensitive intellectual property
was kept in written form and corporations were able
to lock such documents away safely and even have them
guarded. Today's global communications demand that even
the most sensitive information be kept in electronic
form. As such, it is accessible to a wide variety of
employees and often, dissemination is easily achieved.
The threat of losing such critical assets can range
from exposure that might hurt an organization's reputation
to losses that could result in losing your competitive
advantage. Such events can be malicious in nature or
accidental, but the result is the same, serious damage
to your organization.
ePrism's advanced content and attachment scanning,
of both inbound and outbound email, can protect you
from intellectual property loss whether malicious or
negligent. With ePrism's centralized policy tools you
can consistently enforce your organization's policies
with content filters that search message headers, bodies
and, attachments based on the configuration that best
suits your requirements. Deploying ePrism's powerful
technology can protect you from losses that might include:
- Trade secrets
- Source code
- Design documents
- Classified information
- Internal memos
- Pricing information
- Executive memos
- Financial results
- Merger and acquisition plans
|
- Matters of National Security
- Network topology diagrams
- Reduction-in-force plans
- Marketing plans
- Pipeline reports
- Product photographs
- Contracts
- Legal correspondence
|
Malware - Malicious Software:
The most common way for malicious software, or malware,
to enter your networks is through email messages. These
malformed messages can allow viruses to avoid detection,
crash your systems and lock up your mail servers.
ePrism with Kaspersky Labs Anti-Virus, stops debilitating
malware at the perimeter, before it has a chance to
infect your networked machines.
Network Worms
Worms use various systems to enter your network -
IM and P2P for instance, but a common way is through
email. Their primary aims are to penetrate your remote
computers, launch copies of themselves and start spreading
throughout your network.
There are number of methods worms employ to make
sure their malicious code is executed and can spread.
In the case of emails, it is often social engineering
aspects that make them vulnerable. For instance, emails
that encourage recipients to open attachments are often
all that's needed.
The current trend toward blended threats includes
worms with Trojan features not easily stopped once they
reach a workstation. That's why protecting your email
with ePrism ensures that worms never makes it past your
perimeter.
Classic Viruses
Viruses are a group of malicious programs that replicate
themselves throughout a machine using the resources
of the machine, or some action of the user to continue
spreading. Viruses don't have to use network resources
to spread to other machines, unlike worms, but spread
only if an infected object is accessed and the malicious
code gets executed. A common way for this to happen
is if a virus infects a users machine via email and
then sends a copy of itself to everyone in the users
address book. Subsequent recipients machines can become
infected and the virus then sends itself to more addresses.
Other insidious viruses are mass mailed to a large
number of recipients with the purpose of destroying
data or otherwise damaging victim machines without spreading
further.
In any case, stopping virus-infected emails at the
perimeter ensures that neither scenario comes to pass.
Trojan Programs
Trojan programs comprise a category of malicious
code that perform actions covertly - without the victim's
consent or knowledge. Trojans are often used to collect
personal data on the victim which is then used for criminal
financial gain. Other Trojans are designed to destroy
data or alter it for malicious purposes. Some criminals
use Trojans to hijack computers and use them to send
spam.
Another type of Trojan are those designed to take
over remote machines without damaging the original infected
computer. In this way, criminals can launch DoS attacks
against designated websites without implicating themselves.
Hacker Utilities and other malicious programs
This is a diverse group of malware that falls into
the following categories:
- Constructors and other utilities that are used
to create Trojans worms and viruses
- Program libraries specifically designed to be
used in creating malware
- Utilities created by hackers to encrypt infected
files thus hiding them from antivirus software
- Jokes that interfere with normal computer function
- Programs that deliberately misinform users about
their actions in the system
- Other programs that are designed to directly
or indirectly damage local or networked machines
High Availability Load Optimization (HALO):
ePrism provides your organization with a fail-safe
clustering architecture for high availability. HALO
ensures e-mail is never lost due to individual system
failure through its unique security, cluster management,
load balancing and optimization, and "stateful failover"
queue replication capabilities.
All systems can be clustered together to increase
additional capacity, throughput, or provide load balancing
and optional high availability.
- This feature allows administrators to manage ePrism
clusters and to synchronize configuration settings across
all systems in the cluster. Combined reports and e-mail
database searches may be derived from clustered systems.
Specific features include: Configuration Replication,
Cluster Synchronization and Cluster Reporting.
- You can have an automated or semi-automated mechanism
for switching the mail stream between available systems
in the cluster, depending on their individual availability
or health. In addition, with DNS round-robin techniques
or dedicated load balancing hardware, e-mail can be
directed to ePrism systems in a cluster depending on
their availability and current load.
- Never lose an e-mail message during a system failure.
ePrism has created a unique solution with "stateful
failover" queue replication technology that replicates
queues and intelligently synchronizes messages to a
defined mirror system within a cluster.
Network Diagrams:
ePrism Email Filter Deployment
On the Internal Network
You can deploy ePrism on the Internal Network. Most
businesses choose to use this configuration, although
it is considered less secure.
ePrism in Parallel with the Firewall
This is the preferred deployment option for ePrism.
ePrism's built-in firewall security architecture eliminates
the risks associated with deploying an appliance on
the perimeter of your network. Deploying the ePrism
in parallel with the firewall reduces the overall load
on the firewall by eliminating any mail traffic there.
ePrism on the DMZ
Deploying ePrism on the DMZ is an excellent option to
be secure. This type of deployment prevents any direct
connection from the Internet to the internal servers,
but does not ease the existing load on the firewall.
Clustering (with Stateful Failover)
In the event that the primary owner of an email queue
is unavailable (e.g. due to system failure), the mirror
system can take ownership of the mirrored email queue
for delivery.
Without queue replication (stateful failover), a
system with undelivered messages may lose email in process
if it suddenly fails. In large environments, this could
translate into hundreds or thousands of messages lost
forever.
Queue replication actively copies any queued email
to the mirror system, ensuring that if one system should
fail or be taken offline, the mirror system can take
ownership of the queued emails and deliver them. If
the source system successfully delivers the message,
the copy of the message on the mirror server is automatically
removed.
|
ePrism
Email Filter Features
