Cisco
Spam & Virus Blocker
Tan Teck Beng
Channel SE
Cisco Spam & Virus Blocker
© 2009 Cisco Systems, Inc. All rights reserved.
Cisco Confidential
1
Business Challenge
“Spam, viruses, spyware,
and phishing all have one
thing in common—they
make profitable
businesses. And these
profits create incentive
for innovation on the part
of the perpetrators.”
– Peter B. Danzig, Ph.D.
University of Southern California
http://www.messagingnews.com/magazine/2006/01/cover_story/changing_face_of_network_security.html
Cisco Spam & Virus Blocker
© 2009 Cisco Systems, Inc. All rights reserved.
Cisco Confidential
2
Average Daily Volume – billions
Spam Trends
Through September 2008
Month
Cisco Spam & Virus Blocker
© 2009 Cisco Systems, Inc. All rights reserved.
Cisco Confidential
3
Opportunity: High Growth Market
High Growth Market
FY09 Total Available Market (TAM):
$350M*
+20% growth
Year 2005, spam was predominantly text
based
New techniques emerge : PDF, Excel
and MP3 spam
* Source: IDC
Cisco Spam & Virus Blocker
© 2009 Cisco Systems, Inc. All rights reserved.
Cisco Confidential
4
Evolution of Spam
Spammers Testing New Techniques
MP3 Spam
PDF Spam
Text Spam
2nd Qtr
2005
2006
2007
4th Qtr
2008
2009
3rd Qtr
Image Spam
Excel Spam
“2007 has seen a proliferation of different attachment types… Spammers are using these different attachments in
order to try and get past email security gateways that are unable to look into complicated file types.”
- 2008 Internet Security Trends Report Published By Cisco and IronPort
Cisco Spam & Virus Blocker
© 2009 Cisco Systems, Inc. All rights reserved.
Cisco Confidential
5
. . . and it’s more
complex and
tougher than ever
to catch
Cisco Spam & Virus Blocker
© 2009 Cisco Systems, Inc. All rights reserved.
Cisco Confidential
6
Cisco Spam & Virus Blocker
© 2009 Cisco Systems, Inc. All rights reserved.
Cisco Confidential
7
Image-Link Stock Spam Outbreak
Late April - May 2007
• URL link references image spam
• 4% of total spam volumes in May
• Very difficult to detect:
- Legitimate domains are used – domain
blacklisting not adequate
• Web Reputation is essential
• Cisco IronPort maintains ~98% catch
rate against Image-Link spam
after link is clicked
Image-Link Spam Catch Rate %
IronPort protects against outbreak in real-time;
no drop in catch-rate
Cisco Spam & Virus Blocker
© 2009 Cisco Systems, Inc. All rights reserved.
Cisco Confidential
100.00%
97.00%
94.00%
91.00%
88.00%
85.00%
21-Apr
28-Apr
5-May
12-May
8
PDF Spam Outbreak
June 20th, 2007
OUTBREAK DESCRIPTION
Volume: the outbreak represented 9% of all email traffic,
or over 5B messages, making it one of the 10 largest
outbreaks of 2007. The outbreak was distributed by over 75K
zombie PCs; the top 3 locations of these zombies were the
U.S, Spain and Germany. Recipients of the attack were heavily
focused in Europe.
Obfuscation Techniques: the outbreak was the first major
instance of a spammer using a PDF file to advertise a
stock. The use of a new file type made the spam less likely to
be caught by first generation anti-spam filters.
The
professional looking document was designed to look exactly
like an investment newsletter, making recipients more
likely to believe its authenticity.
CISCO IRONPORT PROTECTION
100%
Spam Catch Rate %
The “PDF Spam Outbreak” is a “pump & dump” scheme
designed to inflate the price of a penny stock. The outbreak
caused shares of German-based Talktech Telemedia to jump
20%.
95%
90%
IronPort quickly adapts to
outbreak. Competing major antispam provider takes 24 hours to
respond.
85%
OUTBREAK EXAMPLE
80%
4:30
10:30
16:30
22:30
4:30
Time
IronPort
Cisco Spam & Virus Blocker
© 2009 Cisco Systems, Inc. All rights reserved.
Cisco Confidential
Major Anti-Spam Provider
9
Excel Spam Outbreak
July 21st, 2007
OUTBREAK DESCRIPTION
EXCEL SPAM EXAMPLE
• Spam sent as text inside excel file
• First appeared July 21st, 2007
• Within hours, represented 17% of total
spam volumes
• Proves the high level of spammer
sophistication
SPAM VOLUMES BY TYPE
% of Total Spam
30%
CISCO IRONPORT PROTECTION
Stopped Excel spam within minutes through combination of
several technologies
Reputation Filters: proactively blocked majority of Excel
spam by identifying bots sending spam
20%
Cisco IronPort Anti-Spam:
- SenderBase sees 25% of email traffic; IronPort saw outbreak
within minutes.
10%
0%
1-Jun
Cisco Spam & Virus Blocker
- Automated technologies and humans analyze traffic on 200
parameters; IronPort able to quickly and accurately write rules to
protect against outbreak
15-Jun
29-Jun
PDF
© 2009 Cisco image
Systems, Inc. All rights
reserved.
13-Jul
excelCisco Confidential
10
MP3 Spam Outbreak
October 17th, 2007
MP3 Spam Example
Outbreak Description
• Spam sent as MP3 audio files
• files named after popular songs /
musicians to fool recipients
• files randomized by changing audio speed
and content
• represented 1% of spam volumes on day
of outbreak
Cisco IronPort Protection
Volume & Catch Rate
30
100%
25
95%
20
90%
15
10
85%
5
0
21:00
Cisco Spam & Virus Blocker
Stopped MP3 spam within minutes through combination of
several technologies
Reputation Filters: proactively blocked majority of MP3
spam by identifying bots sending spam
Cisco IronPort Anti-Spam: issued rules based on file type,
file content, message size and other information to catch
remaining spam
80%
2:00
7:00
12:00 17:00
Time (GMT)
Volume (thousands)
22:00
IronPort Catch Rate
© 2009 Cisco Systems, Inc. All rights reserved.
Cisco Confidential
11
World Class Catch Rate
Source: Messaging Media, Nov, 2006
Cisco Spam & Virus Blocker
© 2009 Cisco Systems, Inc. All rights reserved.
Cisco Confidential
12
Lowest False Positive Rate
Source: Messaging Media, Nov, 2006
Cisco Spam & Virus Blocker
© 2009 Cisco Systems, Inc. All rights reserved.
Cisco Confidential
13
Cisco IronPort Anti-Spam
Press Reviews
2007 Technology of the Year:
Best Anti-Spam
January 2007
Competitors tested:
Symantec, Microsoft, Mirapoint, Proofpoint
“easy setup”
“excellent spam filtering”
“no tuning necessary”
“the fewest false positives of
any solution tested”
Cisco Spam & Virus Blocker
© 2009 Cisco Systems, Inc. All rights reserved.
Cisco Confidential
Anti-Spam
Bake-Off Winner
December 2006
Competitors tested:
Secure Computing, BorderWare,
Sophos, SonicWALL
“The superiority of IronPort . . .
seems abundantly clear”
“We did not have to rescue a
single legitimate message”
“(IronPort) is the absolute must
from this test”
14
STOP MORE spam – with Multilayer
Spam Defense
Multi-Layer Spam Defense
Senderbase Reputation
Filtering
AA
Blocker Anti-Spam
Who?
Score
CASE
What?
Data
Modeling
© 2009 Cisco Systems, Inc. All rights reserved.
Where?
Reputation
Block 80-90%
of Spam
Cisco Spam & Virus Blocker
How?
Cisco Confidential
>97% Catch Rate
< 1 in 1 mil
False Positives
15
The Cisco IronPort SenderBase
Network
®
Global Reach Yields Benchmark Accuracy
•
•
•
•
30B+ queries daily
150+ Email and Web parameters
25% of the World’s Traffic
Cisco Network Devices
Combines Email & Web Traffic Analysis
View into both email & Web
traffic dramatically improves
detection
Cisco IronPort
SenderBase
80% of spam contains URLs
Email is a key distribution
vector for Web-based malware
Malware is a key distribution
vector for Spam zombie
infections
Cisco Spam & Virus Blocker
© 2009 Cisco Systems, Inc. All rights reserved.
Cisco Blocker
Cisco
IronPort WEB
Security
Appliances
Cisco Confidential
16
http://www.senderbase.org
A
Cisco Spam & Virus Blocker
© 2009 Cisco Systems, Inc. All rights reserved.
Cisco Confidential
17
Product Overview
The Cisco Spam & Virus Blocker is a dedicated email security
appliance for small business with up to 250 email users.
It provides powerful protection against spam, viruses and other email
threats to secure your network and business data while
improving productivity.
Cisco Spam & Virus Blocker
© 2009 Cisco Systems, Inc. All rights reserved.
Cisco Confidential
18
Accurate
Virtually eliminates spam, viruses, and other email threats
Accurate protection right out of the box after initial setup
Block non-business email
Retains accuracy with continuous and automatic updates
Stop spam and viruses and save productivity
Cisco Spam & Virus Blocker
© 2009 Cisco Systems, Inc. All rights reserved.
Cisco Confidential
19
Always Protected
Continuous automatic security updates without admin
intervention
Automatic connection to and threat updates from the
SenderBase® network
Additional support from Threat Operation Center security experts
Immediate response to new, emerging and evolving threats
“Set it and forget it” approach eases administration
Cisco Spam & Virus Blocker
© 2009 Cisco Systems, Inc. All rights reserved.
Cisco Confidential
20
Easy Installation and Use
Quick and easy installation into most networks within minutes
Provides immediate protection out of the box once installed
in network
Automatic threat updates to the appliance with no
intervention required
Simple browser-based wizards support management and reporting
Reduce operational costs of administration
Email
Cisco Spam & Virus Blocker
Internet
© 2009 Cisco Systems, Inc. All rights reserved.
Firewall
Cisco Confidential
Cisco Spam
& Virus
Blocker
Groupware
(Exchange, Notes,
Groupware)
Clients
21
Everything Included
Appliance hardware
Preinstalled appliance software
Email user license
Cisco Software and Support
Subscription (yearly)
- Includes automatic spam, virus,
and threat updates
- Software upgrades and new
releases
- Next business day hardware
replacement
- Technical support from Cisco
Small Business Support Center
Cisco Spam & Virus Blocker
© 2009 Cisco Systems, Inc. All rights reserved.
Cisco Confidential
22
Benefit Highlight:
Simplified Single SKU Ordering
Bundles include everything (hardware, software, support) to
simplify ordering to just one SKU.
Available only through distribution and competitively priced.
Product Name
Product Description
List (USD)
Point of Sale
BLKR-SVB-50U-1Y
Cisco Spam & Virus Blocker - 50 User - 1 year
$
2,599
BLKR-SVB-100U-1Y
Cisco Spam & Virus Blocker - 100 User - 1 year
$
2,999
BLKR-SVB-250U-1Y
Cisco Spam & Virus Blocker - 250 User - 1 year
$
4,399
BLKR-SVB-50U-3Y
Cisco Spam & Virus Blocker - 50 User - 3 year
$
3,599
BLKR-SVB-100U-3Y
Cisco Spam & Virus Blocker - 100 User - 3 year
$
3,999
BLKR-SVB-250U-3Y
Cisco Spam & Virus Blocker - 250 User - 3 year
$
5,399
CON-BLK-BLKR50U
SW and Supp Subscr NBD Blocker 50 User (annual)
$
499
CON-BLK-BLKR100U
SW and Supp Subscr NBD Blocker 100 User (annual)
$
599
CON-BLK-BLKR250U
SW and Supp Subscr NBD Blocker 250 User (annual)
$
899
Renewal
Cisco Spam & Virus Blocker
© 2009 Cisco Systems, Inc. All rights reserved.
Cisco Confidential
23
Why Sell Blocker?
Address common spam problem that impacts business.
Provide instant and noticeable relief to problem of spam.
Deliver advanced capabilities in a simple “Set it. Forget it. It just works.”
appliance.
Provide a built-for-small-business product with outstanding performance
and technology all backed by Cisco.
Transaction selling with easy to pitch value proposition and single all
inclusive SKU ordering.
Acquire new customers and mine existing ones with an easy
value proposition.
Solidify role as strategic adviser to customer.
Receive recurring revenue on software and support subscription renewals.
Cisco Spam & Virus Blocker
© 2009 Cisco Systems, Inc. All rights reserved.
Cisco Confidential
24
Target Customers
Small businesses with up to
250 email users.
Any small business that
relies on email.
Has their own mail server.
Has no current solution or is
using a hosted or softwarebased anti-spam solution
that lacks accuracy and/or
requires significant
administration.
Cisco Spam & Virus Blocker
© 2009 Cisco Systems, Inc. All rights reserved.
Cisco Confidential
25
Initiating a Sale
The following questions can help initiate a sale:
How much of your email traffic is spam?
What percentage of the email that reaches your business is carrying
viruses, malware, or other attacks?
How much work time do you think your employees lose each year
dealing with spam and email threats?
How would your business be affected if your email servers went down
as a result of a spam attack or an email virus?
If you have a current anti-spam solution, how effective is it?
Cisco Spam & Virus Blocker
© 2009 Cisco Systems, Inc. All rights reserved.
Cisco Confidential
26
Supporting Tools
Product Datasheet
Video Datasheet
Customer Success Stories & Video
“At-a-Glance”
Online product demo
Smart Design
Solution Profile
Product Reference Poster
Campaign Builder Assets
Partner Kit
Cisco Spam & Virus Blocker
© 2009 Cisco Systems, Inc. All rights reserved.
Cisco Confidential
27
More Information
Cisco Small Business Web Site: www.cisco.com/smallbusiness
Cisco Partner Central – Security: www.cisco.com/go/smbpartner/security
Cisco Spam & Virus Blocker: www.cisco.com/go/blocker
Cisco Spam & Virus Blocker
© 2009 Cisco Systems, Inc. All rights reserved.
Cisco Confidential
29
Cisco Spam & Virus Blocker
© 2009 Cisco Systems, Inc. All rights reserved.
Cisco Confidential
30