Presentation by Commtouch at WorldHostingDays 2010 describing how hosting providers utilizing open source solutions can save money, increase revenues and improve antispam detection.
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
Taking your open source email security to the next level
1. Taking your open source email security
to the next level
Gabriel M. Mizrahi
VP Technologies
March 18, 2010
2. About Me
12 years of email security experience
Over 15 years in the open source
community
Founded an Internet security company
in 2001
Married with 2 kids
A big Barcelona FC fan!
3. Hosting Provider Quiz
Today’s Issues with open source security
Agenda Taking open source email security
to the next level
Case Studies
4. The Hosting Provider Quiz
1) We use open source because…
a) we started with it and grew
b) it’s low cost
c) we’re comfortable with it
d) all of the above
5. The Hosting Provider Quiz
2) We would love to be able to…
a) reduce the cost of handling email
b) enhance detection rates & lower FPs
c) improve customer satisfaction &
increase our business
d) all of the above
6. The Hosting Provider Quiz
3) But… to adopt a new solution
a) we won’t throw out our existing investment
b) it would have to easily integrate with
current infrastructure
c) it must provide a differentiator
d) all of the above
7. The Hosting Provider Quiz
4) How much does it cost to handle spam
with your current solution?
a) I know exactly all my costs
b) I have a rough estimate
c) Not sure
8. Something We Can Agree On
Email is a low margin service with high costs
(Capex/Opex)
You‟re using open source security because it
offers flexibility
Any changes you would make need to be
justified
• Financially
• With regards to level of service
9. One Last Question
4) Will open source alone be able to take
you to where you need to go?
?
10. Why Open Source Email Security is an Issue
Security
Spam, phishing Costs
and viruses trends
Infrastructure
11. Spam & Phishing Trends
Security
Increasing Spam Levels
• 2002 – 25%
• 2010 – over 90%
Spammers improving their techniques
• Blended threats
• Free Webmail accounts compromised and sending spam
attacks
• Use of popular sites – CNN, Adobe, others to trick users
to malware sites
• Other social engineering techniques
12. Virus Trends
Security
Distributed faster/more frequently than
AV Signatures are created
Vulnerability in first hours
Multiple variants in the same attack
Life of a variant can be as little as several
hours
13. Outbound Spam – The Latest Concern
Security
Compromised accounts
You are at risk of being BLACKLISTED because
of outbound spam/viruses – “Shared
reputation”
• RBLs that block entire “C” classes
• Virtual servers on a single physical server
Deal with abuse complaints
14. Existing Infrastructure Issues
Infrastructure
A short list of open source email
security tools:
SpamAssassin
Bayesian Filters (e.g. Bogofilter, DSPAM)
Signature based anti-virus (e.g. ClamAV)
Collaborative filters (e.g. Pyzor, Razor, DCC)
Lexical filters (e.g. Block subjects with the word „viagra‟)
Greylisting (e.g. Postgrey, Greymilter)
SPF/Domain Keys
SMTP „HELO‟ checks
SMTP „MAIL FROM‟ checks
SMTP early talker detection
Local IP whitelists and blacklists
Domain based RBLs (e.g. SURBL, URIBL, DBL)
IP based RBLs (e.g. SBL, XBL, APEWS)
15. Common Administrative Issues
Infrastructure
Time consuming
• To achieve better coverage – must
use/maintain/tune many tools
Admin staff
• Someone needs to manage and maintain long list of open
source tools
Staff expertise
• Need to analyze each missed spam
and identify unique parameters
• Language dependant
• By nature opens possibility for FPs/FNs
16. Rising Email Security Costs Costs
Spam Cycle Additional Costs
Spam Customer dissatisfaction
increases
Helpdesk resources for
increased complaints
More Servers to cope
More
Never More with rising spam levels
FNs ending FPs
cycle IT Resources to
write rules
Helpdesk resources for
increased complaints
More
rules More Bandwidth
17. Hosting Analysis Exercise
Number of
mail subscribers
100,000
Average legitimate
messages/day/subscriber
7
Average messages/ 150
day/subscriber (95% are spam)
Total messages/day 15,000,000
Average message size 25Kb
Total message traffic/day 358GB
19. Peak Bandwidth
Bandwidth Comparison Sustained
100 Commercial IP Reputation solution
Bandwidth usage (Mb)
can reduce traffic up to 85%*
More Predictable
Reduced bandwidth costs
135.7 Fewer mails to analyze
Mbps
50
67.8
Mbps
Pay for
5.1 3.1 only this
20.5M 20.3
Mbps Mbps 95% of peak
bps Mbps
No IP Filtering IP Based RBL Commercial IP Reputation
Bandwidth Consumption
* Data supplied by Commtouch partners
20. Hardware Comparison
36 18
20 Servers Servers
18,000,000 msgs/day
15,000,000 msgs/day
Messages (Millions)
Only 4 servers ( + 20% spare)
15
required*
10
Server Capacity
5 500,000 msgs/day
1,100,000 msgs/day
5,000,000 msgs/day
SpamAssassin SpamAssassin Commercial Servers
+ IP Based RBL Email Security
* Data supplied by Commtouch partners
22. What if you could…
Increase detection with your existing
infrastructure
Reduce inbound bandwidth
Not only block outbound spam but catch the
spammers
• Put an end to your IP ranges being blacklisted
and…
Reduce costs
23. Essentials for Solution
A global view of email traffic
• Higher detection rate
• Lower FPs
Scalable, transparent processing power
Unattended operation
Easy integration with your existing
open source security solutions
24. Furthermore…
Reduces Capex/Opex
• Enables scalable growth
• Decreases IT/Admin involvement
• Reduces support calls
• Creates excess processing power that can be repurposed
Provides new opportunities and differentiators
• Configure the services you want/need
• Offer new premium services
• Increases your business
27. Hosting provider
Founded in 2000
Offers services for resellers
and end customers
One of top 10 hosting
companies in Switzerland
750 servers in network
> 10,000 SMB customers
100,000 email accounts
60,000 domains
29. Problem/Pain
Low detection/high FPs
Rising costs
High support/maintenance
costs
Many helpdesk calls
Additional system load due to
server-side scanning
31. Results
30% 25-30%
Spam False Per Server Support Help Desk
Detection Positives Performance Costs Calls
10%
0 25%
32. What Metanet had to say
"With a highly skilled team and its rock-solid
performance, Commtouch delivered
superior detection and service from the
implementation phase through production. After
evaluating other commercial anti-spam technologies,
we found that Commtouch‟s cloud-based
architecture has unmatched spam
filtering accuracy. It perfectly complements our
long-established anti-spam strategy.“
Mirco Schnarwiler
AG, Co-founder &Technical Director
METANET
33. Hosting Provider
100,000+ provisioned domains
Average of 330 million message
transactions/day
(10 billion messages/month)
34. Problem/Pain
Spam load impacting ability to
deliver timely mail
Help desk spending too much
time with FPs & customer virus
issues
Customers blacklisted by bots
that compromised email accounts
& sending spam
Costs for managing email
infrastructure unpredictable and
difficult to manage
36. Result
Incoming Hardware Per user Email Help
Mail Usage Bandwidth Desk Calls
significant
80%
~95% 85%
37. What mail2world had to say
“As part of our multi layer protection strategy,
our operations team relies on Commtouch to
scale automatically to quickly
absorb and eliminate new spam
outbreaks. Commtouch‟s technology further
enables us to reduce our bandwidth
costs and ensure that our
customers do not know when spam
storms hit.”
Kamil Asfour
Director of Operations
Mail2World
38. What Others Have to Say
“We saw an immediate 10-15% drop in
the infrastructure required to run our
messaging system.”
Hosting Product Manager
Large Web Hosting Provider
“…80% of the messages are eliminated
with Commtouch’s GlobalView IP reputation.
Therefore, 1 server is doing the previous
work of 5 servers doing just content-based
anti-spam scanning.”
Director, Business Development
MTA Appliance vendor
40. Easy Integration With Open Source cont…
Sendmail Milter
Seamless integration with:
• IP Reputation
• Anti-Spam
• Virus Outbreak Detection
Patch to integrate
• GlobalView IP Reputation
Qmail-Scanner Plug-in for
• Anti-Spam
• Virus Outbreak Detection
QpSMTPd Plug-in
Plug-in for
• Anti-Spam
• Virus Outbreak Detection
41. Easy Integration With Open Source cont…
Generic Plug-in enables to
disable SpamAssassin and to
integrate:
• Anti-Spam
• Virus Outbreak Detection
Patch to integrate:
• Anti-Spam
• Virus Outbreak Detection
RBL Interface for
Other • GlobalView IP Reputation
42. Not Only Open Source but “Pluggable”
Connector for Exchange 2007/2010
• GlobalView IP Reputation
• Anti-Spam
• Virus Outbreak Detection
43. Taking Your Open Source Email
Security to the Next Level
Lower your costs
Reduce mail entering your network
Reduce number of processors needed
Lower Help Desk calls & IT/Admin time
Integrate with your open source
Protect your current investment
Minimal technical requirements
Improve detection rates
Improve customer satisfaction
Low FPs/FNs
Eliminate Outbound spam