White Paper: Is Your Email Really Safe? Firewall and Anti-Virus Software May Not Protect You as Well as You Think...


Introduction

Protecting a network from internet attacks has become a full time job. Today, most networks receive a fixed Internet Protocol address (IP) and companies also purchase personal e-mail domains. This combination makes networks an easy target for hackers, intruders, viruses, worms and Trojan horses. Email is the most common way to attack a network and is typically done through spamming, DoS (Denial of Service) or mail bombing.

Most organizations have integrated conventional anti-virus software on their mail servers and workstations and believe that this is sufficient for protecting against the growing threat of viruses and malicious codes. While anti-virus software offers some protection, it is not enough to stop multiple level threats. Today's new viruses and worms have the capability to bypass the antivirus protection installed on either the workstation or the servers themselves. In many cases such as newly discovered viruses, the network's anti-virus software must constantly be updated, to be effective.

In today's network, the only proven protection is a layered approach by combining many different technologies into a comprehensive filtering system. By combining multiple anti-virus and anti-spam filters you zero in on specific threats and can target both known and unknown threats through pattern recognitions and existing threat databases.

Firewalls are not enough!

Firewalls provide excellent protection against hackers and provide protective service control and access. They do not however perform content or mail filtering and cannot protect against viruses, worms, Trojan horses and spam.



Firewalls Are Not Enough

Mail-SeCure is a leading security appliance that protects all sized organization from both targeted and non-targeted threats. Mail-SeCure scans all email traffic and protects the internal network from known and unknown threats such as Viruses, worms Trojan horses, Backscatter and Spam. Mail-SeCure's three Anti-Virus layer and ten Anti-Spam engines provide a full security protection suite. Furthermore, the system provides administrators with tools to enforce advanced local policy and provides users with a mechanism to control and manage their mail flow.


PineApp Features:

  1. Anti-Virus
  2. Anti-Spam
  3. Content Filtering
  4. Advanced Policy Management
  5. High Availability and Load Balancing
  6. Mail Server (optional)

Anti-Virus

Viruses, worms and Trojan horses have always been a threat to networks. It is vital that organizations are protected since today's viruses are highly contagious and rampant.

It is estimated that the economic impact from virus attacks and malicious code is immense and costs organizations world-wide, approximately 55 billion dollars a year. It is predicted that this figure will rise in 2006.

Protecting an organization from viruses at all times and throughout all stages of the virus's life (from conception to contamination) is vital.

PineApp Mail-SeCure provides a solution for the known inability of anti-virus software to fight newly created viruses and worms. The system is able to detect and block all suspicious mail to prevent possible infection.

PineApp Mail-SeCure combines three major engines:

    1. F-Secure® Anti-Virus engine - this award-winning engine is a combination of three independent engines: F-Secure®, Kaspersky Labs (AVP engine) and Orion (Heuristic engine).
    2. Commtouch's Zero-Hour™ engine This unique engine will identify and block new virus outbreaks. This engine will identify the outbreak's pattern and will quarantine suspicious mail.
    3. PineApp's Heuristic engine - detects and blocks all known and unknown vandals and malicious code and detects suspicious mail behavior. It also detects suspicious code lines and quarantines all such mail.

Mail-SeCure can be configured to check for updates every half hour, the combination of heuristic and traditional anti-virus engines guarantees full protection at any given time.



PineApp's Anti Virus Flow Chart

Anti-Spam

Spam is becoming the number one problem in mail systems and it is estimated that over 75% of today's business email is spam. The war against spammers is not a simple one and requires spam fighters to be dynamic, sophisticated and creative.



Mail-SeCure's ten-layer anti-spam technology rapidly responds to and blocks at least 98% of all incoming spam. When Mail-SeCure's advanced anti-spam module is activated with the Commtouch RPD™ engine, all incoming mail undergoes statistical and pattern detection analysis. Mail is then blocked or tagged as spam. A network's system administrator controls all spam threshold settings, so that an email received from a defined legitimate sender is not tagged as spam. In addition, other layers such as the zombie detection module automatically prevent mass spam.


PineApp's Ten-Layer Anti-Spam Technology

  1. RBL* (Real-time Blackhole List): Checks sender's IP and hops against Black-lists.
  2. Zombie Detection System**: Real-time verification of remote IP against PineApp's unique Zombie database.
  3. Verification of sender's domain.
  4. NextGen Greylisting** with Real-Time White-List (RWL): The majority of Zombies do not retry when failing to send mail. Using PineApp's unique NextGen Greylisting with RWL, most of the spam is filtered before a single byte of the message is ever transferred.
  5. Backscatter protection: Detect and block Bounce-back messages for mail not originating from you. A new method by spammers is to use bounce-backs to send spam. By sending the spam to a non-existent address with your sender-address, spam will return to you as a Bounce back and bypass some of the known anti-spam solutions.
  6. Commtouch RPD™ (Recurrent Pattern Detection) ***: Detects and blocks outbreaks of spam in real-time; detects and blocks mail sent from Zombies (language independent!).
  7. SURBL: Spam URI Real-time Blacklists.
  8. SPF: Sender Policy Framework.
  9. Heuristic tests+ (around 2,500 tests).
  10. Bayesian engine++ (auto learning).


* Effective on the TCP connection only when the box is used as the MX of the domain (directly connected to internet).
Additional tests are done at the message inspection level.

** Effective only when the box is used as the MX of the domain and directly connected to the internet.

*** Efficiency is affected when the box is not used as the MX of the domain.

+ Fine tune the threshold to detect more spam (may cause more FPs; if the box is connected directly to the internet, define a score no lower than 6.0).

++ Detection of spam improves once it has learned enough mail.


Anti Spam Technology

PineApp's advanced anti-spam module blocks more than 98% of spam with false positive close to zero. PineApp contains enhanced spam quarantine management and spam tagging features. The management interface easily allows you to retrieve wanted mail and add domains and addresses to the white lists.

The advanced anti-spam module can also be activated with the Transparent POP3 proxy feature. This will prevent spam from entering through external POP3 accounts.


Policy Management

PineApp Mail-SeCure provides a three tier (global/group/user) policy management tool. This tool allows customizing the policy of incoming and outgoing Email with attachments. Mail-SeCure can smoothly interconnect with existing directory services using the LDAP protocol.

  • Per user/group/global policy management.
  • Separate policy for local, incoming and outgoing mail.
  • Separate Spam score sensitivity.
  • Ability to block, delete, strip and park messages.
  • File type blocking and stripping (regular, renamed, embedded in an Office document, archived and encrypted).
  • HTML code filters.
  • Unlimited quarantine and parking areas.
  • Delayed and periodic parking for all directions.
  • Configure file types and file groups.
  • Notification templates.

Quarantine can be managed by Administrators, domain managers or users. When configured, daily quarantine reports can be sent to users. From within the daily report, users can view all of their mail traffic, manage their quarantine and control their own black and white lists.


Load Balancing

Load balancing, fault tolerance, and high availability are features that are embedded in all Mail-SeCure systems. Businesses can grow and optimize their scanning power by stacking two or more Mail-SeCure appliances, adding additional systems rather than replacing existing ones. The load balancing configuration should be carried out from within the GUI management console.

Load Balancing - By using a virtual IP (VIP) as the primary IP, mail can be divided between 2 or more Mail-SeCure systems.
Fault Tolerance - If a unit faults, the system will automatically stop diverting mail through that system. When the system identifies that the unit is functional again, it will continue sending mail through that unit.
High Availability - If the director that holds the VIP faults, the system will detect it and another system will claim the VIP.


Backscatter prevention system

Backscattered mail is non-delivery notices received from people whom you haven't sent mail to or from an unknown source. Backscattered mail is caused by viruses that infect computers outside of your network. The viruses forge (fraud) the "From" line of an email message by randomly selecting addresses from an infected machine's address book. Backscattered mail is also caused by spammers who put your email address as the return address of their spam. This can cause hundreds and even thousands of emails to be sent to your mail server.

This unique feature, found only in Mail-SeCure, targets backscattered mail. Mail-SeCure prevents backscattered mail and any unwanted bounce-back messages from entering the network.

Mail-SeCure will significantly reduce the amount of Backscatter.


Statistics and Logs

Mail-SeCure provides real-time statistics as well as graphical reports of all the incoming and outgoing mail traffic. The traffic logs and errors are easy to understand and are useful for troubleshooting problems.

Mail-SeCure provides the following statistics:

  • 1. Accurate reports of all incoming and outgoing mail.
  • 2. Division of the statistics by Clean, Virus, Policy, Spam and Backscatter.
  • 3. Statistics per domain or per user.

The system provides the capability to analyze statistics by date and/or by users (that are defined in the system). The statistics can be exported easily as txt or CSV files.


Mail Server

All PineApp models come with an optional Mail Server feature.

The Mail Server feature enables mailbox setup for users in the organization. Each mailbox is fully manageable including easily defined passwords, quotas, forwards and Out of Office notifications. Aliases and groupings are easy to configure and provide an important tool for email management. In addition, all mailboxes can be backed up and restored easily.

Each mailbox can be accessed from anywhere in the world, using Web-Access (configurable). The Mail Server supports POP3 and IMAP4.


Send us your question and we will be happy to reply:

RADirect, Inc.© 2012 All Rights Reserved.