Pragati Simlote

E-mail security product company Iron Port Systems is now looking at India for growth. The company set up its India operations about seven months back and claims to have 10-12 per cent of India's mailboxes already.

Pragati Simlote of CyberMedia News met up with Iron Port Systems Inc. security applications product management senior director Ambika Gadre to know more about the company's products, technology and growth plans.

What is IronPort Systems all about?

IronPort Systems is the leading e-mail and Web security products provider for organizations ranging from small businesses to the Global 2000. We have full family of products with X1000 (5,000+ users) at the high end to C600 (5,000+ users), C300 (1,000-5,000 users) and C10 (<1,000 users). Depending on the size and their price performance needs, a company can buy our products that suit them.

Today from an e-mail security viewpoint, we are recognized as the leaders in the market and are tracking 25 per cent of the e-mail traffic worldwide. Worldwide today eight of the top 10 ISPs are our customers. We also have about 20 per cent penetration in the Fortune 500 companies like Dell, Juniper, etc. We have built the brand at the high end of the market and are now able to take that brand and push it to the mid and lower end market.

Apart from ISPs and Fortune 500 we are also present in the US Navy, US Air Force, etc. These government organizations are very sensitive to security and have adopted our solution after a lot of evaluation and this is further testament to the kind of product that we build. We entered India around six-seven months back and are present directly in around 18-19 countries and through our partners in 35 countries.

How do you differentiate yourself from other security products providers?

As we built up our product, we have stayed very focused on what is happening, what are the needs of our customers and trying to solve those problems. In doing so, we came up with the concept of virtual gateways. So on one appliance, companies can have different IP addresses for different mails they are sending out be it production/business mails or marketing mails. If there were a problem in one type of mail, it would not affect the other.

We also have different queues for every destination in our product. If I am sending an e-mail to Yahoo! and if there is a problem with Yahoo! receiving server, it would not block up the mails I am sending to other destinations because each destination has its own queue.

Bounces are also a very big problem as people have started using bounces for distributed denial of service attacks. We have put a lot of intelligence into our technology to deal with issues like this. That's on the operating systems side.

Can you elaborate on your data network that monitors e-mail traffic - SenderBase?

The other thing we did very early was that we started building a data network that monitors e-mail traffic. SenderBase is the world's first and largest e-mail traffic monitoring service and collects data from more than 100,000 ISPs, universities, and corporations around the world. It measures more than 110 different parameters for any e-mail server on the Internet. IronPort's enterprise e-mail security customers harness the power of SenderBase through IronPort Reputation Filters and the SenderBase Reputation Score (SBRS), which boils down SenderBase data into a single score indicating the threat level for each incoming message.

IronPort Reputation Filters provide the outer layer of spam protection for companies' e-mail infrastructure. As the first line of defense on the IronPort e-mail security appliances, Reputation Filters dispose of up to 80 per cent of incoming spam at the connection level - saving bandwidth, conserving system resources and yielding the highest levels of security for critical messaging systems.

For E.g., Dell on a daily basis receives 26 million messages, out of which only 1.5 m are legitimate. Using reputation scorecard we get rid of 70 per cent of spam. The remaining gets filtered with the anti-spam solution. It saves in the number of server deployed by Dell.

Reputation scorecard is the outer layer, while the inner layer is spam filtering. Spammers have become very good. The recent introduction being image based spam. We look at the full content – what is in the message, how the message was constructed, who is sending the message and also look at where is this sending you to i.e. the URL. Because 80 per cent of spam has a URL – buy something, download something, etc. By taking this whole view of this, our systems can paint an extremely accurate picture – whether this message is a spam or not. So between reputation filters and anti-spam technology, we have the industry-leading defense for spam.

How have e-mail threats changed overtime?

We are seeing some interesting trends. Threats have become much more sophisticated. What is scary is the way people are mixing their different protocols to get the threat in. The key thing is that the kind of people who are behind these threats today are in a real business. It's a multi billion-dollar industry and people are using a significant part of what they are making to hire more people who are very very talented to write these threats. Given the kind of threats, it's hard to block them entirely.

What kind of future product releases are you looking at?

Ninety per cent of home user PCs and 75-80 per cent of corporate PCs are infected with spyware today and people don't know. IronPort has this strong vision of solving the communication problem at the gateway. So we are now about desktops and intend to be the one stop shop for companies to fall back upon.

We have a product for e-mail security and are in the process of releasing a product in the web security area. Down the road, we would address instant messaging and VOIP. We are going to use one common threat database – SenderBase across all of them. Also from a management standpoint, we have a product called M Series, which would allow us to control, configure, report and manage all the different appliances through a single interface, which is hierarchical. We are using AsyncOS across different product, optimizing it for the particular protocol that we need to use.

Which is the greatest threat today –spam, viruses...?

It's all getting mixed up. Earlier viruses had this specific characteristic, spam had specific characteristic. Now people are using a little bit of everything. Attacks have become more planned. It is hard to distinguish where one kind of threat ends and where one begins. The most contagious ones are malware, which combines computer viruses, worms, Trojan horses, spyware and adware..

In 2004, IDC survey spam was not even on top 10 threats of CIOs. Recently, it was No 3 with viruses and malware already occupying the top 2 slots. The reason is that while people have started solving the problem, now spam threats have started becoming sophisticated again. Spam volume has also increased 40 per cent in the past three months. As it is more targeted and also uses image-based spam, it is getting through. Spam continues to be a productivity risk and a big source help desk complaint and viruses and spyware are a massive security risk. Now threats are also coming in with executables in Word documents.

What kind of solutions are you looking in the web security space?

The solution would be very similar to what we have done in e-mail security. It will have a very high performance robust platform with anti malware filtering on top of it, defense in-depth and an outer and inner layer of filtering. And all this would be provided in one box. In e-mail if I introduce two seconds delay, you are not going to notice. But if you are browsing a website and there is a delay you know. That's where a very high performance platform becomes even important when you have to do a lot of filtering. This solution is running at some systems in IronPort and would be generally available in the next few months.

© CyberMedia News