cisco spam & virus blocker€¦ · blkr-svb-50u-1y cisco spam & virus blocker - 50 user - 1...
TRANSCRIPT
© 2009 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialCisco Spam & Virus Blocker 1
Cisco Spam & Virus Blocker
Tan Teck Beng
Channel SE
© 2009 Cisco Systems, Inc. All rights reserved. Cisco Confidential 2Cisco Spam & Virus Blocker 2
“Spam, viruses, spyware,
and phishing all have one
thing in common—they
make profitable
businesses. And these
profits create incentive
for innovation on the part
of the perpetrators.”
Business Challenge
– Peter B. Danzig, Ph.D.
University of Southern California
http://www.messagingnews.com/magazine/2006/01/cover_story/changing_face_of_network_security.html
© 2009 Cisco Systems, Inc. All rights reserved. Cisco Confidential 3Cisco Spam & Virus Blocker 3
Spam Trends Through September 2008
Avera
ge D
aily
Volu
me –
bill
ions
Month
© 2009 Cisco Systems, Inc. All rights reserved. Cisco Confidential 4Cisco Spam & Virus Blocker 4
Opportunity: High Growth Market
� FY09 Total Available Market (TAM): $350M*
� +20% growth
� Year 2005, spam was predominantly text based
� New techniques emerge : PDF, Excel and MP3 spam
High Growth Market
* Source: IDC
© 2009 Cisco Systems, Inc. All rights reserved. Cisco Confidential 5Cisco Spam & Virus Blocker 5
Evolution of SpamSpammers Testing New Techniques
Text Spam
Image Spam
PDF Spam
Excel Spam
MP3 Spam
“2007 has seen a proliferation of different attachment types… Spammers are using these different attachments in
order to try and get past email security gateways that are unable to look into complicated file types.”
- 2008 Internet Security Trends Report Published By Cisco and IronPort
2nd Qtr
3rd Qtr
4th Qtr
2005 2006 2007 2008 2009
© 2009 Cisco Systems, Inc. All rights reserved. Cisco Confidential 6Cisco Spam & Virus Blocker 6
. . . and it’s more
complex and
tougher than ever
to catch
© 2009 Cisco Systems, Inc. All rights reserved. Cisco Confidential 7Cisco Spam & Virus Blocker 7
© 2009 Cisco Systems, Inc. All rights reserved. Cisco Confidential 8Cisco Spam & Virus Blocker 8
Image-Link Stock Spam OutbreakLate April - May 2007
• URL link references image spam
• 4% of total spam volumes in May
• Very difficult to detect:
- Legitimate domains are used – domain blacklisting not adequate
• Web Reputation is essential
• Cisco IronPort maintains ~98% catch
rate against Image-Link spam
after link is clicked
85.00%
88.00%
91.00%
94.00%
97.00%
100.00%
21-Apr 28-Apr 5-May 12-May
Ima
ge
-Lin
k S
pa
m C
atc
h R
ate
%
IronPort protects against outbreak in real-time;
no drop in catch-rate
© 2009 Cisco Systems, Inc. All rights reserved. Cisco Confidential 9Cisco Spam & Virus Blocker 9
PDF Spam OutbreakJune 20th, 2007
The “PDF Spam Outbreak” is a “pump & dump” scheme designed to inflate the price of a penny stock. The outbreak caused shares of German-based Talktech Telemedia to jump 20%.
Volume: the outbreak represented 9% of all email traffic, or over 5B messages, making it one of the 10 largest outbreaks of 2007. The outbreak was distributed by over 75K zombie PCs; the top 3 locations of these zombies were the U.S, Spain and Germany. Recipients of the attack were heavily focused in Europe.
Obfuscation Techniques: the outbreak was the first major instance of a spammer using a PDF file to advertise a stock. The use of a new file type made the spam less likely to be caught by first generation anti-spam filters. The professional looking document was designed to look exactly like an investment newsletter, making recipients more likely to believe its authenticity.
OUTBREAK DESCRIPTION
80%
85%
90%
95%
100%
4:30 10:30 16:30 22:30 4:30
Time
Sp
am
Catc
h R
ate
%
IronPort Major Anti-Spam Provider
IronPort quickly adapts to
outbreak. Competing major anti-
spam provider takes 24 hours to
respond.
CISCO IRONPORT PROTECTION
OUTBREAK EXAMPLE
© 2009 Cisco Systems, Inc. All rights reserved. Cisco Confidential 10Cisco Spam & Virus Blocker 10
Excel Spam Outbreak July 21st, 2007
• Spam sent as text inside excel file
• First appeared July 21st, 2007
• Within hours, represented 17% of total spam volumes
• Proves the high level of spammer sophistication
OUTBREAK DESCRIPTION
CISCO IRONPORT PROTECTION
EXCEL SPAM EXAMPLE
0%
10%
20%
30%
1-Jun 15-Jun 29-Jun 13-Jul
% o
f T
ota
l S
pam
image PDF excel
SPAM VOLUMES BY TYPE
� Stopped Excel spam within minutes through combination of several technologies
� Reputation Filters: proactively blocked majority of Excel spam by identifying bots sending spam
� Cisco IronPort Anti-Spam:
- SenderBase sees 25% of email traffic; IronPort saw outbreak within minutes.
- Automated technologies and humans analyze traffic on 200 parameters; IronPort able to quickly and accurately write rules to protect against outbreak
© 2009 Cisco Systems, Inc. All rights reserved. Cisco Confidential 11Cisco Spam & Virus Blocker 11
MP3 Spam OutbreakOctober 17th, 2007
• Spam sent as MP3 audio files
• files named after popular songs / musicians to fool recipients
• files randomized by changing audio speed and content
• represented 1% of spam volumes on day of outbreak
Outbreak Description
Cisco IronPort Protection
MP3 Spam Example
Volume & Catch Rate
� Stopped MP3 spam within minutes through combination of several technologies
� Reputation Filters: proactively blocked majority of MP3 spam by identifying bots sending spam
� Cisco IronPort Anti-Spam: issued rules based on file type, file content, message size and other information to catch remaining spam
0
5
10
15
20
25
30
21:00 2:00 7:00 12:00 17:00 22:00
Time (GMT)
80%
85%
90%
95%
100%
Volume (thousands) IronPort Catch Rate
© 2009 Cisco Systems, Inc. All rights reserved. Cisco Confidential 12Cisco Spam & Virus Blocker 12
Source: Messaging Media, Nov, 2006
World Class Catch Rate
© 2009 Cisco Systems, Inc. All rights reserved. Cisco Confidential 13Cisco Spam & Virus Blocker 13
Source: Messaging Media, Nov, 2006
Lowest False Positive Rate
© 2009 Cisco Systems, Inc. All rights reserved. Cisco Confidential 14Cisco Spam & Virus Blocker 14
Cisco IronPort Anti-SpamPress Reviews
2007 Technology of the Year: Best Anti-Spam
January 2007
Competitors tested: Symantec, Microsoft, Mirapoint, Proofpoint
“easy setup”
“excellent spam filtering”
“no tuning necessary”
“the fewest false positives of
any solution tested”
Anti-Spam Bake-Off Winner
December 2006
Competitors tested: Secure Computing, BorderWare,
Sophos, SonicWALL
“The superiority of IronPort . . .
seems abundantly clear”
“We did not have to rescue a
single legitimate message”
“(IronPort) is the absolute must
from this test”
© 2009 Cisco Systems, Inc. All rights reserved. Cisco Confidential 15Cisco Spam & Virus Blocker 15
A
STOP MORE spam – with Multilayer Spam Defense
Block 80-90% of Spam
>97% Catch Rate
< 1 in 1 milFalse Positives
Blocker Anti-Spam
Multi-Layer Spam Defense
CASEScore
How?
Where?
Who?
What?
Senderbase Reputation Filtering
Data Modeling Reputation
A
© 2009 Cisco Systems, Inc. All rights reserved. Cisco Confidential 16Cisco Spam & Virus Blocker 16
The Cisco IronPort SenderBase®
NetworkGlobal Reach Yields Benchmark Accuracy
• 30B+ queries daily
• 150+ Email and Web parameters
• 25% of the World’s Traffic
• Cisco Network Devices
Cisco Blocker Cisco IronPort WEB
Security Appliances
Cisco IronPortSenderBase
Combines Email & Web Traffic Analysis
� View into both email & Web traffic dramatically improves detection
� 80% of spam contains URLs
� Email is a key distribution vector for Web-based malware
� Malware is a key distribution vector for Spam zombie infections
© 2009 Cisco Systems, Inc. All rights reserved. Cisco Confidential 17Cisco Spam & Virus Blocker 17
http://www.senderbase.org
A
© 2009 Cisco Systems, Inc. All rights reserved. Cisco Confidential 18Cisco Spam & Virus Blocker 18
Product Overview
The Cisco Spam & Virus Blocker is a dedicated email securityappliance for small business with up to 250 email users.
It provides powerful protection against spam, viruses and other email threats to secure your network and business data while improving productivity.
© 2009 Cisco Systems, Inc. All rights reserved. Cisco Confidential 19Cisco Spam & Virus Blocker 19
� Virtually eliminates spam, viruses, and other email threats
� Accurate protection right out of the box after initial setup
� Block non-business email
� Retains accuracy with continuous and automatic updates
� Stop spam and viruses and save productivity
Accurate
© 2009 Cisco Systems, Inc. All rights reserved. Cisco Confidential 20Cisco Spam & Virus Blocker 20
Always Protected
� Continuous automatic security updates without admin intervention
� Automatic connection to and threat updates from the SenderBase® network
� Additional support from Threat Operation Center security experts
� Immediate response to new, emerging and evolving threats
� “Set it and forget it” approach eases administration
© 2009 Cisco Systems, Inc. All rights reserved. Cisco Confidential 21Cisco Spam & Virus Blocker 21
� Quick and easy installation into most networks within minutes
� Provides immediate protection out of the box once installed in network
� Automatic threat updates to the appliance with no intervention required
� Simple browser-based wizards support management and reporting
� Reduce operational costs of administration
Easy Installation and Use
Email Internet Firewall
Cisco Spam
& Virus
Blocker
Groupware
(Exchange, Notes,
Groupware)Clients
© 2009 Cisco Systems, Inc. All rights reserved. Cisco Confidential 22Cisco Spam & Virus Blocker 22
� Appliance hardware
� Preinstalled appliance software
� Email user license
� Cisco Software and Support Subscription (yearly)
- Includes automatic spam, virus, and threat updates
- Software upgrades and new releases
- Next business day hardware replacement
- Technical support from Cisco Small Business Support Center
Everything Included
© 2009 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialCisco Spam & Virus Blocker 23
Product Name Product Description List (USD)
Point of Sale
BLKR-SVB-50U-1Y Cisco Spam & Virus Blocker - 50 User - 1 year $ 2,599
BLKR-SVB-100U-1Y Cisco Spam & Virus Blocker - 100 User - 1 year $ 2,999
BLKR-SVB-250U-1Y Cisco Spam & Virus Blocker - 250 User - 1 year $ 4,399
BLKR-SVB-50U-3Y Cisco Spam & Virus Blocker - 50 User - 3 year $ 3,599
BLKR-SVB-100U-3Y Cisco Spam & Virus Blocker - 100 User - 3 year $ 3,999
BLKR-SVB-250U-3Y Cisco Spam & Virus Blocker - 250 User - 3 year $ 5,399
Renewal
CON-BLK-BLKR50U SW and Supp Subscr NBD Blocker 50 User (annual) $ 499
CON-BLK-BLKR100U SW and Supp Subscr NBD Blocker 100 User (annual) $ 599
CON-BLK-BLKR250U SW and Supp Subscr NBD Blocker 250 User (annual) $ 899
� Bundles include everything (hardware, software, support) to simplify ordering to just one SKU.
� Available only through distribution and competitively priced.
Benefit Highlight: Simplified Single SKU Ordering
© 2009 Cisco Systems, Inc. All rights reserved. Cisco Confidential 24Cisco Spam & Virus Blocker 24
� Address common spam problem that impacts business.
� Provide instant and noticeable relief to problem of spam.
� Deliver advanced capabilities in a simple “Set it. Forget it. It just works.”appliance.
� Provide a built-for-small-business product with outstanding performance and technology all backed by Cisco.
� Transaction selling with easy to pitch value proposition and single all inclusive SKU ordering.
� Acquire new customers and mine existing ones with an easy value proposition.
� Solidify role as strategic adviser to customer.
� Receive recurring revenue on software and support subscription renewals.
Why Sell Blocker?
© 2009 Cisco Systems, Inc. All rights reserved. Cisco Confidential 25Cisco Spam & Virus Blocker 25
Target Customers
� Small businesses with up to250 email users.
� Any small business thatrelies on email.
� Has their own mail server.
� Has no current solution or isusing a hosted or software-based anti-spam solutionthat lacks accuracy and/orrequires significantadministration.
© 2009 Cisco Systems, Inc. All rights reserved. Cisco Confidential 26Cisco Spam & Virus Blocker 26
Initiating a Sale
The following questions can help initiate a sale:
� How much of your email traffic is spam?
� What percentage of the email that reaches your business is carrying viruses, malware, or other attacks?
� How much work time do you think your employees lose each year dealing with spam and email threats?
� How would your business be affected if your email servers went down as a result of a spam attack or an email virus?
� If you have a current anti-spam solution, how effective is it?
© 2009 Cisco Systems, Inc. All rights reserved. Cisco Confidential 27Cisco Spam & Virus Blocker 27
� Product Datasheet
� Video Datasheet
� Customer Success Stories & Video
� “At-a-Glance”
� Online product demo
� Smart Design
� Solution Profile
� Product Reference Poster
� Campaign Builder Assets
� Partner Kit
Supporting Tools
© 2009 Cisco Systems, Inc. All rights reserved. Cisco Confidential 29Cisco Spam & Virus Blocker 29
More Information
� Cisco Small Business Web Site: www.cisco.com/smallbusiness
� Cisco Partner Central – Security: www.cisco.com/go/smbpartner/security
� Cisco Spam & Virus Blocker: www.cisco.com/go/blocker
© 2009 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialCisco Spam & Virus Blocker 30