Pragati Simlote
E-mail security product company Iron Port Systems is now looking at India for
growth. The company set up its India operations about seven months back and
claims to have 10-12 per cent of India's mailboxes already.
Pragati Simlote of CyberMedia News met up with Iron Port Systems Inc.
security applications product management senior director Ambika Gadre to know
more about the company's products, technology and growth plans.
What is IronPort Systems all about?
IronPort Systems is the leading e-mail and Web security products provider for
organizations ranging from small businesses to the Global 2000. We have full
family of products with X1000 (5,000+ users) at the high end to C600 (5,000+
users), C300 (1,000-5,000 users) and C10 (<1,000 users). Depending on the size
and their price performance needs, a company can buy our products that suit
them.
Today from an e-mail security viewpoint, we are recognized as the leaders in
the market and are tracking 25 per cent of the e-mail traffic worldwide.
Worldwide today eight of the top 10 ISPs are our customers. We also have about
20 per cent penetration in the Fortune 500 companies like Dell, Juniper, etc. We
have built the brand at the high end of the market and are now able to take that
brand and push it to the mid and lower end market.
Apart from ISPs and Fortune 500 we are also present in the US Navy, US Air
Force, etc. These government organizations are very sensitive to security and
have adopted our solution after a lot of evaluation and this is further
testament to the kind of product that we build. We entered India around
six-seven months back and are present directly in around 18-19 countries and
through our partners in 35 countries.
How do you differentiate yourself from other security products
providers?
As we built up our product, we have stayed very focused on what is happening,
what are the needs of our customers and trying to solve those problems. In doing
so, we came up with the concept of virtual gateways. So on one appliance,
companies can have different IP addresses for different mails they are sending
out be it production/business mails or marketing mails. If there were a problem
in one type of mail, it would not affect the other.
We also have different queues for every destination in our product. If I am
sending an e-mail to Yahoo! and if there is a problem with Yahoo! receiving
server, it would not block up the mails I am sending to other destinations
because each destination has its own queue.
Bounces are also a very big problem as people have started using bounces for
distributed denial of service attacks. We have put a lot of intelligence into
our technology to deal with issues like this. That's on the operating systems
side.
Can you elaborate on your data network that monitors e-mail traffic -
SenderBase?
The other thing we did very early was that we started building a data network
that monitors e-mail traffic. SenderBase is the world's first and largest e-mail
traffic monitoring service and collects data from more than 100,000 ISPs,
universities, and corporations around the world. It measures more than 110
different parameters for any e-mail server on the Internet. IronPort's
enterprise e-mail security customers harness the power of SenderBase through
IronPort Reputation Filters and the SenderBase Reputation Score (SBRS), which
boils down SenderBase data into a single score indicating the threat level for
each incoming message.
IronPort Reputation Filters provide the outer layer of spam protection for
companies' e-mail infrastructure. As the first line of defense on the IronPort
e-mail security appliances, Reputation Filters dispose of up to 80 per cent of
incoming spam at the connection level - saving bandwidth, conserving system
resources and yielding the highest levels of security for critical messaging
systems.
For E.g., Dell on a daily basis receives 26 million messages, out of which
only 1.5 m are legitimate. Using reputation scorecard we get rid of 70 per cent
of spam. The remaining gets filtered with the anti-spam solution. It saves in
the number of server deployed by Dell.
Reputation scorecard is the outer layer, while the inner layer is spam
filtering. Spammers have become very good. The recent introduction being image
based spam. We look at the full content — what is in the message, how the
message was constructed, who is sending the message and also look at where is
this sending you to i.e. the URL. Because 80 per cent of spam has a URL — buy
something, download something, etc. By taking this whole view of this, our
systems can paint an extremely accurate picture — whether this message is a spam
or not. So between reputation filters and anti-spam technology, we have the
industry-leading defense for spam.
How have e-mail threats changed overtime?
We are seeing some interesting trends. Threats have become much more
sophisticated. What is scary is the way people are mixing their different
protocols to get the threat in. The key thing is that the kind of people who are
behind these threats today are in a real business. It's a multi billion-dollar
industry and people are using a significant part of what they are making to hire
more people who are very very talented to write these threats. Given the kind of
threats, it's hard to block them entirely.
What kind of future product releases are you looking at?
Ninety per cent of home user PCs and 75-80 per cent of corporate PCs are
infected with spyware today and people don't know. IronPort has this strong
vision of solving the communication problem at the gateway. So we are now about
desktops and intend to be the one stop shop for companies to fall back upon.
We have a product for e-mail security and are in the process of releasing a
product in the web security area. Down the road, we would address instant
messaging and VOIP. We are going to use one common threat database — SenderBase
across all of them. Also from a management standpoint, we have a product called
M Series, which would allow us to control, configure, report and manage all the
different appliances through a single interface, which is hierarchical. We are
using AsyncOS across different product, optimizing it for the particular
protocol that we need to use.
Which is the greatest threat today —spam, viruses...?
It's all getting mixed up. Earlier viruses had this specific characteristic,
spam had specific characteristic. Now people are using a little bit of
everything. Attacks have become more planned. It is hard to distinguish where
one kind of threat ends and where one begins. The most contagious ones are
malware, which combines computer viruses, worms, Trojan horses, spyware and
adware..
In 2004, IDC survey spam was not even on top 10 threats of CIOs. Recently, it
was No 3 with viruses and malware already occupying the top 2 slots. The reason
is that while people have started solving the problem, now spam threats have
started becoming sophisticated again. Spam volume has also increased 40 per cent
in the past three months. As it is more targeted and also uses image-based spam,
it is getting through. Spam continues to be a productivity risk and a big source
help desk complaint and viruses and spyware are a massive security risk. Now
threats are also coming in with executables in Word documents.
What kind of solutions are you looking in the web security space?
The solution would be very similar to what we have done in e-mail security.
It will have a very high performance robust platform with anti malware filtering
on top of it, defense in-depth and an outer and inner layer of filtering. And
all this would be provided in one box. In e-mail if I introduce two seconds
delay, you are not going to notice. But if you are browsing a website and there
is a delay you know. That's where a very high performance platform becomes even
important when you have to do a lot of filtering. This solution is running at
some systems in IronPort and would be generally available in the next few
months.
© CyberMedia News