May 19-20 l Washington, DC l Omni Shoreham

The ROI of Messaging Security

JF Sullivan

VP Marketing, Cloudmark, Inc.

Parallels Summit 20082 © 2

00

1-2

00

6 C

lou

dm

ark

In

c.

| C

ON

FID

EN

TIA

L

2

About Cloudmark

• Market Leader in Carrier-Grade Messaging

Security

• Anti-Spam, Anti-Phishing, Anti-Virus Solutions

• Protecting 600 Million Mailboxes in 190+ countries

• Customers: Leading ISPs and Web Hosting

Providers

Cloudmark & Parallels• Partnership under development

• Integrated with Plesk solution

Parallels Summit 20084 © 2

00

1-2

00

6 C

lou

dm

ark

In

c.

| C

ON

FID

EN

TIA

L

4

The Direction of Spam

What do Spammers and Legitimate Sender(s) have in Common?

Both send email in order to Make $$$

Parallels Summit 20085 © 2

00

1-2

00

6 C

lou

dm

ark

In

c.

| C

ON

FID

EN

TIA

L

5

The Direction of Spam

Spammers challenged by advances in anti-abuse

technologies.

Parallels Summit 20086

6

The Direction of Spam

Spammers have responded.

Parallels Summit 20087

7

More Sophisticated Attacks Blended Threats Indistinguishable Phishing Attacks

Parallels Summit 20088

Higher Margin Spam

Pump and Dump Image Spam

Parallels Summit 20089

Broader Distribution

Bots

Dynamic Server Mapping

Target

Attacker

Servers

Botnets for Spam Distribution

Parallels Summit 200810

Spam as % of Worldwide Email Volume

0%

10%

20%

30%

40%

50%

60%

70%

80%

90%

100%

02 03 04 05 06 07

Greater Volume of Spam

25%

95%

11

Impact on Web Hosting Companies

Infrastructure

Operations/Administration

Customer Satisfaction

Parallels Summit 2008

© 2

00

1-2

00

6 C

lou

dm

ark

In

c.

| C

ON

FID

EN

TIA

L

12

What We’ve Learned

Specific approaches and attacks can’t be predicted

Flexible architecture is required for rapid integration of new anti-abuse schemes

Analysis must be language and content-type agnostic

Fast distribution of threat intelligence is key

Parallels Summit 2008

13

Evolution of Email Spam

2002

Threats

Solutions

• Whitelist• IP Blacklist• Content rules

• Attach Scan• Policies• More rules• Desktop security

• URL Scan• OCR• More rules• More policies• Heuristics

• Laws• Regulations• Indictments

•Fingerprinting and collective network intelligence

• Mass Mailing • Viruses• Malicious HTML

• Phishing• Image Spam• Spyware

• Botnets• Stock Scams

• Blended threats• Hacked URLs• Mutating attacks

25%

Mid-2006

85%

2006

90%

2007

95% spam

2004

35%

13 Parallels Summit 2008

© 2

00

1-2

00

6 C

lou

dm

ark

In

c.

| C

ON

FID

EN

TIA

L

14

How Fingerprinting Works

Spam

Legit.

User

Fingerprint Cache Reject

Algorithms Fingerprints Local Lookup/ Verdict

© 2

00

1-2

00

6 C

lou

dm

ark

In

c.

| C

ON

FID

EN

TIA

L

15

Collective Network Intelligence: Cloudmark Example

GLOBAL THREAT NETWORKSERVICE

TRUST EVALUATIONSYSTEM

CLOUDMARK RESEARCH

ADVANCED MESSAGE FINGERPRINTINGTM

ALGORITHMS

Threats

15 Parallels Summit 2008

© 2

00

1-2

00

6 C

lou

dm

ark

In

c.

| C

ON

FID

EN

TIA

L

Fingerprinting Advantages

Identifies mutations in real time

Language, content agnostic

Significantly less CPU intensive

Higher Accuracy and Performance

Updates every minute

16 Parallels Summit 2008

© 2

00

1-2

00

6 C

lou

dm

ark

In

c.

| C

ON

FID

EN

TIA

L

17

Impact of Better Messaging Security

Performance

Filtering Accuracy

Filtering servers Rack space

Storage Support Churn

Improved Management Admin

17 Parallels Summit 2008

© 2

00

1-2

00

6 C

lou

dm

ark

In

c.

| C

ON

FID

EN

TIA

L

18

Web Hosting Typical Results

SpamAssassin deployed

Filtering accuracy at 75-80%

Administering rules and lists became unmanageable

Storage and mail servers getting overwhelmed

Filtering 0.5 messages/sec

Customer complaints about spam (approx. $6 customer complaint per spam message)

Challenges

Plug-in with fingerprinting

Accuracy jumped to 98% (23% improvement)

20-25 man-hours week saved in administration

700GB storage saved (2 yrs)

Filtering 10 messages/sec

80-90% reduction in filtering servers (from 10 → 2)

Near zero customer complaints related to spam

Results

18 Parallels Summit 2008

© 2

00

1-2

00

6 C

lou

dm

ark

In

c.

| C

ON

FID

EN

TIA

L

19

Economic Impact of Better Messaging Security

Performance

Filtering Accuracy

Filtering servers

Rack space

Storage

Support

Churn+20%

$6K - $30K

$80K - $900K

$20K- $100K

$6K - $54K

$30K - $150K

Improved Management

First Year Savings

Admin $42K - $52K

$180K -$1.3M

10X Faster

19 Parallels Summit 2008

Parallels Summit 200820

Thank you