INSIDE. Overview of Intelligent Message Filter Integration. Symantec Enterprise Security

Similar documents
Evaluation Program for Symantec Mail Security Appliances

INSIDE. Symantec AntiVirus for Microsoft Internet Security and Acceleration (ISA) Server. Enhanced virus protection for Web and SMTP traffic

Symantec Client Security. Integrated protection for network and remote clients.

Data Sheet: Endpoint Security Symantec Multi-tier Protection Trusted protection for endpoints and messaging environments

Data Sheet: Endpoint Security Symantec Network Access Control Starter Edition Simplified endpoint enforcement

Symantec Network Access Control Starter Edition

Symantec Network Access Control Starter Edition

Symantec Network Access Control Starter Edition

Administration of Symantec Messaging Gateway 10.5 Study Guide

WHITE PAPER: SYMANTEC SECURITY RESPONSE. The Symantec Mail Security 8160 Appliance A Technical White Paper on Antispam Defenses at the TCP/IP Level

Veritas Enterprise Vault 6.0 What s New

Symantec Security.cloud

INSIDE. Integrated Security: Creating the Secure Enterprise. Symantec Enterprise Security

W H I T E P A P E R : T E C H N I C A L. Enterprise Vault 8.0 Security Model for Microsoft SharePoint Archiving

Remote Expert Installation Service for Symantec Mail Security 8300

Symantec Security Monitoring Services

Symantec Multi-tier Protection

SYMANTEC ENTERPRISE SECURITY. Symantec Internet Security Threat Report September 2005 Power and Energy Industry Data Sheet

Data Sheet: Storage Management Veritas Storage Foundation by Symantec Heterogeneous online storage management

Symantec Network Security 7100 Series

Veritas Provisioning Manager

SYMANTEC: SECURITY ADVISORY SERVICES. Symantec Security Advisory Services The World Leader in Information Security

Deployment of security devices can result in significant financial savings from reduction or redirection of IT staff resources needed to deploy,

Symantec Endpoint Protection

Symantec Protection Suite Add-On for Hosted Security

WHITE PAPER: ENTERPRISE SOLUTIONS. Disk-Based Data Protection Achieving Faster Backups and Restores and Reducing Backup Windows

Veritas NetBackup 6.5 Clients and Agents

Symantec Enterprise Vault

Veritas Volume Replicator Option by Symantec

Symantec Enterprise Support Services Manage IT Risk. Maximize IT Performance.

WHITE PAPER: BEST PRACTICES. Sizing and Scalability Recommendations for Symantec Endpoint Protection. Symantec Enterprise Security Solutions Group

Symantec Multi-tier Protection

Three Steps to Protect Your Virtual Systems

Symantec Business Continuity Solutions for Operational Risk Management

Veritas NetBackup and Veritas Enterprise Vault Integration. Now from Symantec

Choosing the Right Solution for Strategic Deployment of Encryption

Getting Started 2 Logging into the system 2 Your Home Page 2. Manage your Account 3 Account Settings 3 Change your password 3

Best Practices for Using Symantec Online Storage for Backup Exec

Mail Services SPAM Filtering

Symantec Discovery. Track hardware/software assets and monitor license compliance throughout a multiplatform IT infrastructure

Veritas CommandCentral Supporting the Virtual Enterprise. April 2009

Symantec Endpoint Protection 14

Exam : Title : symantec small Business security. Version : DEMO

WHITE PAPER: ENTERPRISE AVAILABILITY. Introduction to Adaptive Instrumentation with Symantec Indepth for J2EE Application Performance Management

Securing Your Business Against the Diversifying Targeted Attacks Leonard Sim

FortiGuard Antispam. Frequently Asked Questions. High Performance Multi-Threat Security Solutions

Symantec Hosted Mail Security Console and Spam Quarantine User s Guide

FRISK Software International F-Prot AVES Managed Security Service

Archiving, Backup, and Recovery for Complete the Promise of Virtualisation Unified information management for enterprise Windows environments

Data Sheet: Archiving Altiris Server Management Suite 7.0 Essential server management: Discover, provision, manage, and monitor

VisNetic MailPermit. Enterprise Anti-spam Software. VisNetic MailPermit

Symantec Data Center Migration Service

Symantec ST Symantec Messaging Gateway Download Full Version :

Enterprise Protection for the Administrator

Prevent and Detect Malware with Symantec Advanced Threat Protection: Network

Data Insight Feature Briefing Box Cloud Storage Support

Symantec Endpoint Protection

Symantec NetBackup 7 for VMware

Administration of Symantec Cyber Security Services (July 2015) Sample Exam

Red Condor had. during. testing. Vx Technology high availability. AntiSpam,

WHITE PAPER: ENTERPRISE SOLUTIONS

WHITE PAPER: ENTERPRISE SOLUTIONS. Veritas Storage Foundation for Windows Dynamic Multi-pathing Option. Competitive Comparisons

SOLUTION MANAGEMENT GROUP

How Enterprise Vault Supports Exchange 2007 High Availability Options

Plug-in for VMware vcenter

Overview: Compliance and Security Management PCI-DSS Control Compliance Suite Overview

ProofPoint Protection Perimeter Security Daily Digest and Configuration Guide. Faculty/Staff Guide

Sender Reputation Filtering

Use and Abuse of Anti-Spam White/Black Lists

Symantec Small Business Solutions

Symantec Data Center Transformation

What's new in Europa?

Symantec Enterprise Solution Product Guide

Written by Sue Clarke, May Security and Policy Management. TECHNOLOGY AUDIT Symantec KEY FINDINGS

IT Certification Exams Provider! Weofferfreeupdateserviceforoneyear! h ps://

Server Management Delivering business value from complex application and server environments

Enterprise Vault Best Practices

PineApp Mail Secure SOLUTION OVERVIEW. David Feldman, CEO

SYMANTEC SECURITY UPDATE JUNE 2005

NetBackup for vcloud Director

QUICK START: SYMANTEC ENDPOINT PROTECTION FOR AMAZON EC2

QUICK START: VERITAS STORAGE FOUNDATION BASIC FOR AMAZON EC2

Panda Security. Protection. User s Manual. Protection. Version PM & Business Development Team

Administration of Symantec Data Loss Prevention 10.5 Study Guide

Symantec ST0-250 Exam

Comprehensive Database Security

How to Test Outbreak Commander

Enterprise Vault 8.0 Security Model for Lotus Domino Archiving. Rob Forgione Technical Field Enablement March 2009

Block Threats Before They Reach Your Network Make Downtime a Thing of the Past. Comprehensive and reliable protection

Symantec Backup Exec System Recovery Granular Restore Option User's Guide

Secure Messaging Buyer s Guide

Outbreak Filters. Overview of Outbreak Filters. This chapter contains the following sections:

Deployment Options for Exchange March 2006

How does the Excalibur Technology SPAM & Virus Protection System work?

Block Threats Before They Reach Your Network Make Downtime a Thing of the Past. Comprehensive and reliable protection

Symantec Backup Exec 2012

SASI for iq.suite Wall

Administration of Symantec Enterprise Vault 9.0 for Exchange Study Guide

Veritas Storage Foundation for Windows by Symantec

Overview. Your Postini Username and Password. Recovering Your Postini Password

Transcription:

Symantec Enterprise Security WHITE PAPER Overview of Intelligent Message Filter Integration by David Scott Sr. Product Manager Symantec Mail Security Symantec Corporation INSIDE Overview of the IMF Increasing effectiveness through integration Symantec Mail Security for MicrosoftExchange Conclusion

Contents Introduction...................................................................................3 Overview of the IMF.............................................................................3 Increasing effectiveness through integration.....................................................3 Symantec Mail Security for Microsoft Exchange-Integration with IMF..............................4 Handling different SCL values...............................................................4 Score-based spam handling................................................................5 Conclusion.....................................................................................5

Introduction Microsoft recently released the Intelligent Message Filter (IMF), a new heuristics-based antispam engine for Exchange 2003. This engine is available to all Exchange 2003 customers and is a free download from Microsoft s Web site. The IMF is an effective antispam engine that minimizes the amount of spam received by an organization. It is not intended as a comprehensive spam prevention solution but rather another tool in the fight against spam. The IMF is most effective when tightly integrated into a multi-layered spam solution. Overview of the IMF The IMF performs heuristics-based analysis of messages to determine whether an email is legitimate mail or spam. Similar to Symantec s Mail Security antispam engine, the IMF leverages the new Spam Confidence Level (SCL) ratings in Exchange 2003 to add a rating between 0 (not spam) and 9 (almost definitely spam) to each message. Typically, the IMF is installed on an Exchange server setup as a gateway at the perimeter of the network or on a bridgehead server. Once scanned by the IMF, messages are either rejected (spam), passed to the end user s junk folder (probably spam), or delivered to the end user s inbox (not spam). Increasing effectiveness through integration The IMF can add value to a broader spam solution by providing an additional layer of spam analysis. For example, a message scanned by the IMF can be reevaluated by another spam engine prior to entering the end user s mailbox. The SCL value assigned to the message by each engine can be compared and if both agree, the message can be rejected. If the engines assign different values, an integrated solution should provide a method for the administrator to choose which SCL value to use. Administrators that choose to be aggressive against spam should be able to use the higher SCL value regardless of engine. Administrators can choose the lower SCL value if they want to minimize false positives. The IMF is also limited in how it classifies and disposes of spam. It has just three ways of classifying a message spam, not spam and junk mail. A more comprehensive solution provides granular options to handle messages based on the likelihood that it is in fact, spam. Disposition options, based on value, should include: Reject the message Prevent delivery to the intended recipient Send to an alternate recipient or quarantine Add an X-Header to the message Append the subject line with text to indicate spam (i.e. "Add "Spam:") Log only By making each option dependent on the SCL value of the message, there is less chance of false positives because there are more options to deal with questionable messages. 3

Symantec Mail Security for Microsoft Exchange-Integration with IMF Symantec Mail Security 4.5 for Exchange is tightly integrated with the IMF to maximize the effectiveness of both solutions. The IMF adds value to Mail Security for Microsoft Exchange by providing additional heuristic analysis of each message. Mail Security s heuristic engine is Neural Net based while the IMF uses Support Vector Analysis to determine spam content. Combining these two technologies increases confidence when rejecting a message as spam. The IMF scans a message first and assigns an SCL value before the message reaches Symantec Mail Security s antispam engine. Symantec s engine then rescans the message and assigns an SCL value. If both the IMF and Symantec s spam engines rate the message above a specified SCL value, the message is rejected (See Figure 1). Figure 1 Screen shot of IMF integration to reject a message when both engines exceed threshold. This combined method results in fewer false positives and allows administrators to use a lower blocking threshold. HANDLING DIFFERENT SCL VALUES If the two engines assign different SCL values, Symantec Mail Security integrates further to allow the administrator to choose the method for arriving at the final SCL value. Options for handling different SCL values include: Use the higher value regardless of vendor (if you want to be aggressive against spam) Use the lower of the two (if you want to minimize false positives) Use an average of both spam engines Always use the IMF s rating when the engines don t agree Use Symantec s antispam engine rating when the engines don t agree The final SCL value will be used to determine if a message should be routed to the end user s Junk Folder and/or if it should be handled using one of the six different score-based spam-handling options within Symantec Mail Security. 4

SCORE-BASED SPAM HANDLING Symantec s Mail Security provides the administrator with granular options to deal with spam based on the SCL value. Mail Security s score-based spam handling dispositions include: Reject the message Add an X-header to the message Append the subject line to indicate spam (i.e. add SPAM: to the beginning of the subject line) Prevent delivery to the original recipient Send to an alternate recipient Log the message and deliver These options take effect depending on the SCL value of a message. Multiple options can apply to a single message (i.e. you can prevent delivery to the original recipient and send to an alternate recipient). Figure 2 Score-based spam handling 5

Conclusion The IMF is an effective antispam engine that provides incremental value when used with the multi-layered spam prevention already available in Symantec Mail Security 4.5 for Microsoft Exchange. Symantec Mail Security for Microsoft Exchange integrates with the IMF to leverage this additional spam prevention layer. Exchange 2003 administrators should strongly consider the IMF as a part of their overall spam solution. 6

7

SYMANTEC, THE WORLD LEADER IN INTERNET SECURITY TECHNOLOGY, PROVIDES A BROAD RANGE OF CONTENT AND NETWORK SECURITY SOFTWARE AND APPLIANCE SOLUTIONS TO INDIVIDUALS, ENTERPRISES AND SERVICE PROVIDERS. THE COMPANY IS A LEADING PROVIDER OF CLIENT, GATEWAY AND SERVER SECURITY SOLUTIONS FOR VIRUS PROTECTION, FIREWALL AND VIRTUAL PRIVATE NETWORK, VULNERABILITY MANAGEMENT, INTRUSION DETECTION, INTERNET CONTENT AND EMAIL FILTERING, AND REMOTE MANAGEMENT TECHNOLOGIES AND SECURITY SERVICES TO ENTERPRISES AND SERVICE PROVIDERS AROUND THE WORLD. SYMANTEC'S NORTON BRAND OF CONSUMER SECURITY PRODUCTS IS A LEADER IN WORLDWIDE RETAIL SALES AND INDUSTRY AWARDS. HEADQUARTERED IN CUPERTINO, CALIF., SYMANTEC HAS WORLDWIDE OPERATIONS IN 35 COUNTRIES. FOR MORE INFORMATION, PLEASE VISIT WWW.SYMANTEC.COM WORLD HEADQUARTERS 20330 Stevens Creek Blvd. Cupertino, CA 95014 U.S.A. 408 517 8000 800 721 3934 For Product Information In the U.S., call toll-free 800 745 6054 Symantec, the Symantec logo are trademarks of Symantec Corporation. All other brands and products are trademarks of their respective holder/s. 2004 Symantec Corporation. All product information is subject to change without notice. All rights reserved. Printed in the U.S.A. 07/04 10288959 www.symantec.com Symantec has worldwide operations in 35 countries. For specific country offices and contact numbers, please visit our Web site.

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback