WHITE PAPER. FortiMail Solution Guide Comprehensive Security for Enterprises and Service Providers - PDF

Please download to get full document.

View again

of 15
All materials on our website are shared by users. If you have any questions about copyright issues, please report us to resolve them. We are always happy to assist you.
Information Report
Category:

Instruction manuals

Published:

Views: 5 | Pages: 15

Extension: PDF | Download: 0

Share
Related documents
Description
WHITE PAPER FortiMail Solution Guide Comprehensive Security for Enterprises and Service Providers FORTINET FortiMail Solution Guide - Comprehensive Security for Enterprises and Service Providers
Transcript
WHITE PAPER FortiMail Solution Guide Comprehensive Security for Enterprises and Service Providers FORTINET FortiMail Solution Guide - Comprehensive Security for Enterprises and Service Providers PAGE 2 Contents Executive Summary... 3 Introduction to FortiMail... 4 Inbound Threats... 4 Outbound Threats... 4 Compromised Safety and Costs... 4 FortiMail Enterprise-Class Security... 5 Comprehensive, Certified Protection... 5 FortiMail Features and Benefits... 5 Common Deployment Scenarios Small/Mid Enterprise Deployment - FortiMail 200D / 400C Large Enterprise Deployment FortiMail 2000B / 3000D Managed Security Service Cloud Deployment FortiMail 3000D / 5002B (Chassis) ISP/Mobile Provider IP Reputation Protection - FortiMail 3000D / 5002B (Chassis) Case Studies Case Study One: Medium Enterprise Case Study Two: Healthcare Clinic/Hospital Case Three: Global Mobile Provider / ISP Conclusion... 15 FORTINET FortiMail Solution Guide - Comprehensive Security for Enterprises and Service Providers PAGE 3 Executive Summary has evolved into one of the most important methods of communication for any organization with an estimated 144 billion s sent every day; 61% of which are business related 1. With this, comes problems and organizations of all sizes are facing the same challenges - today is critical to any business, volumes are increasing year-by-year and all the while -bourne threats such as spam, denial of service (DoS), phishing (fraud) and malware are evolving. Industry regulators have noted the double edged sword that is the importance of in the enterprise whilst at the same time it being an inherently insecure medium and have issued -specific regulations regarding data privacy, intellectual property protection, and archiving. Fortinet s FortiMail security appliances are dedicated enterprise-grade security platforms for organizations of any size, protecting against inbound and outbound threats and aiding in regulatory compliance. Available in physical appliance and virtual appliance formats for deployment on-premises or in the cloud, in transparent, gateways and full mail server modes, this document discusses the various security options offered by Fortinet and provides insights into choosing the solution that best fits your organization s business needs. 1 Radicati Group - Statistics Report, FORTINET FortiMail Solution Guide - Comprehensive Security for Enterprises and Service Providers PAGE 4 Introduction to FortiMail is critical for any business or organization to be competitive and function effectively. It forms the backbone of most organizations day-to-day activities. Over 144 billion s are sent each day, the majority of which are business related 1 and without , most businesses would grind to a halt. However, despite its criticality, was never designed with security in mind and is transmitted over the internet in plaintext with few users realizing how easily s can be spoofed (appear to have been sent by a different user). This inherent lack of security creates abundant opportunities for misuse and fraud. Over the years, has become a primary target for criminals seeking to take advantage of lax security policies and users unaware of the risk that can pose. Today s threats are far more dangerous than any time previously due to the volume and complexity of the threats. Inbound Threats Inbound threats are those that originate from outside your corporate or personal network and are primarily in the form of spam or unsolicited s. The volume of spam has reduced significantly since 2011 due to work done to take down key spam focused botnets such as Bredolab, Pushdo/Cutwail, Rustock 2, but still an estimated 14.5 billion spam s are sent per day 3. Despite this reduction in volume of spam however the risk remains. Whilst not the greatest volume of spam s, the greatest threats from today s spam are those targeted at the theft of data and credentials aka phishing. Phishing attacks include: Attempts to lure business or commercial users into divulging account access credentials Attempts to lure users into installing malware The installation of malware will often be to compromise the system with botnet software, the controller of which will often use to capture customer account login information, exfiltrate corporate data and forward it back to the cybercriminals command and control server or to distribute more spam and further propagate the network. Outbound Threats Outbound threats are those that originate from inside the organizations network. is a key egress point for data loss within organizations, as employees, contractors and other insiders have increased access to confidential, regulated, or proprietary information that is easily compromised through s. This access, coupled with the transient nature of many in the workforce, such as contractors and consultants, increases the risk of data loss. Compromised accounts are also being used to send outgoing spam, which not only eats up the network bandwidth and server resource, but causes legitimate user accounts being blocked from sending mail, and thus results in bad publicity. This is a particular risk in an ISP environment where large volumes of spam originating from a user IP can result in whole networks being blacklisted. Compromised Safety and Costs An IDC survey 4 showed that despite a high level of concern about threats and the high frequency of attack, more than 60 percent of responding organizations report of using sub-optimal security solutions with spam detection rates of 95 percent or less. Although nearly 80 percent of the responding organizations were extremely or very concerned about information leakage, only 28 percent had implemented any data loss prevention (DLP) technology. 2 FortiGuard IDC Securing Against Today s Threats: A Wake-Up Call on the Benefits of Comprehensive Messaging Security, IDC document number , Oct. 2008 FORTINET FortiMail Solution Guide - Comprehensive Security for Enterprises and Service Providers PAGE 5 The costs to business created by spam are substantial. Radicati Research Group Inc. reported that spam costs businesses $20.5 billion annually, calculated in decreased productivity, labor expense, wasted storage, reduced network bandwidth, and so forth. FortiMail Enterprise-Class Security Comprehensive, Certified Protection Fortinet s FortiMail is a complete enterprise-grade security platform for organizations of any size, from small businesses to Universities, government departments, large enterprises, carriers, and service providers. Purpose-built for the most demanding networks, FortiMail provides a fast, accurate, multi-layered approach to blocking spam, malware and preventing data loss, providing additional values-added functions such as data leakage prevention, identity based encryption (IBE), message archival and antiblacklisting, in a single holistic solution. FortiMail prevents your systems from becoming a threat delivery system. FortiMail s inbound filtering engine blocks spam and malware before the spam clogs your network and affect users. Its customizable, predefined dictionaries detect the accidental or intentional loss of confidential and regulated data. Its outbound inspection technology prevents outbound spam or malware from causing other antispam gateways to blacklist your users. The FortiMail dynamic and static user blocking gives you identity-based granular control over all of your policies and users. FortiMail has also demonstrated its ability to meet rigorous third-party testing criteria. In April 2013 FortiMail received its 23 rd consecutive Virus Bulletin Anti-Spam Award based on high performance and aggressive catch rate. In addition, FortiMail has earned FIPS validation and Common Criteria EAL 2+ certification. FortiMail Features and Benefits FortiMail delivers a wide range of features and benefits to organizations of all sizes. Here some of the reasons why you should consider adding FortiMail to your security infrastructure: Unparalleled performance The unique architecture of FortiMail provides real time inspection and blocking to stop threats with as little resource impact as possible, often at the connection level. The architecture also removes the need for mail queuing if the destination mail server is available, which enables significant performance improvement over competing solutions. FortiMail has been proven to meet the requirements many of the world s largest carriers and is the highest performing security solution in the industry, delivering message protection for over 28 million messages per hour in a single appliance making it perfectly suited for high-volume environments, such as Telcos and service providers. Coupled with FortiGuard Lab s industry leading real-time antispam, antivirus, antispyware, & antimalware protection, FortiMail provides you with extremely fast and accurate messaging security that will not become a network bottleneck. Antispam Efficiency FortiMail s integrated multi-threat detection engine consistently achieves over 99% accuracy on spam detection (99.86% as recorded by VBSpam 5 ) with a very low false positive ratio (0.01% in the same test 5 ) without compromising on performance. This is possible by utilizing a layered threat detection system which identifies threats as early as possible in the process. At the connection level, features such as the FortiGuard Sender IP Reputation Database, a real-time updated threat database managed by the FortiGuard Threat Research team, are used to identify and quickly neutralize known spam and botnet sources. Local threat mitigation techniques are employed to identify attack sources 5 FORTINET FortiMail Solution Guide - Comprehensive Security for Enterprises and Service Providers PAGE 6 including Dynamic Sender Reputation, Denial of Service detection and Connection rate limiting. IP addresses found to be attempting to abuse the system will be rate limited and ultimately blocked. At the envelope level, post IP connection but before the message body is transmitted, additional checks are employed to ensure the is valid. Recipient validation ensures that the user exists on the backend system before accepting further payload and multiple failed attempts can trigger the Directory Harvesting protection. Several checks are employed to ensure that the sender is who they are claiming to be including HELO and reverse path verification. RFC Compliancy validates the mail is being sent in a valid format and SMTP Error Rate control monitors for unusual activity at the SMTP level. Sender Policy Framework can also be enabled to validate that sending system is who it claims to be through DNS based validation. Additional advanced techniques such as Greylisting 6 can be performed at this stage to temporarily reject mail from unrecognized senders to block the activity of botnets and mass tools used by spammers which commonly do not queue and reattempt mail delivery as is normal for a regular Mail Transport Agent. At the content level, these methods are the most resource intensive as they require the transfer of the full message body. To avoid this overhead, FortiMail attempts to detect 90%+ of spam in the previous two levels. Content level inspection methods include FortiGuard spam object fuzzy checksums which identify known spam content and spamvertized URL detection (URLs which are commonly referenced in spam s). FortiGuard Anti- Malware is employed at this stage to detect and block malware-laden payloads from reaching their target. FortiGuard dynamic heuristics is a frequently updated system to detect known spam like behavior from previously unseen spam content and sources. Other methods which can be employed to further increase the catch rate at this level (above the already 99%+ level already commonly achievable) include Newsletter misuse detection, Bayesian filtering, FortiGuard URL filtering which supports 79 URL categories and DomainKeys Identified Mails (DKIM) support. Deployment Flexibility FortiMail can be deployed in the cloud or on premises, in gateway, transparent inline and server modes in a range of appliance or virtual machine form factors. This unparalleled flexibility makes FortiMail the ideal solution for any security requirement. Transparent mode allows for seamless, drop-in installation requiring no changes to the existing mail server network configuration. Both Transparent and Gateway modes offer the same spam and malware detection capabilities. Inline Transparent Onsite deployment along side mail server 6 FORTINET FortiMail Solution Guide - Comprehensive Security for Enterprises and Service Providers PAGE 7 Gateway mode delivers high performance MTA services and requires a simple modification to DNS and Mail Exchanger (MX) records to redirect s to the FortiMail system. FortiMail performs spam and antivirus scanning and forwards clean, non-spam and non-infected messages to the corporate server. Outbound mail proxy can also be used to further secure outbound mail Gateway Deploy on-site or in the cloud Server mode provides all the security benefits of GW and TP modes and allows FortiMail to function as a full-featured SMTP mail and groupware server. Server mode supports secure POP3, IMAP and WebMail clients to make installation and support for every mail client easy. Server mode is ideal for companies that want to replace aging mail servers, combine functions into one device, and for offering secure services to remote offices. Server mode also supports simple mailbox migration to painlessly migrate from other vendor solutions. Server Full mailserver and groupware functionality in addition to AS IP Reputation Protection FortiMail inspection technology throttles and blocks both inbound and outbound SPAM and malware on a single appliance, ensuring your domain mail server is not compromised or blacklisted. Whether it s protecting against a rogue SMTP sender inside the organization, or an out of control virus with a spamming component, FortiMail can protect the Enterprise s infrastructure and reputation so the lines of communication remain efficient and clean flowing. Content Aware Data Leakage Prevention One of the major outbound threats to organizations is the loss of confidential or regulated data, especially via outgoing . FortiMail includes customizable, predefined dictionaries that detect the accidental or intentional loss of data, aiding in PCI DSS, GLBA, SOX and HIPAA compliance. You can choose to block, reroute, encrypt and/or archive messages containing data matching a range of regular expression patterns, including credit card numbers, US social security number and Canadian social insurance numbers, bank routing numbers, CUSIP strings, and more. In addition, customers are able to create or upload their own custom dictionaries into the FortiMail appliance for more targeted business-specific compliance and protection. Customers of any size, especially those in highly regulated industries, will greatly benefit from the Data Leakage Prevention capabilities in the FortiMail solution. Secure Delivery - Identity based Encryption FORTINET FortiMail Solution Guide - Comprehensive Security for Enterprises and Service Providers PAGE 8 FortiMail provides three different ways to encrypt messages, including the ability to send securely to someone without any pre-existing relationship, PKI, key exchange, or client software. Literally, anyone with a web browser and an account can receive encrypted from a FortiMail. This is called Identity Based Encryption (IBE), and alongside our support for TLS and S/MIME, allows us to provide a robust encryption solution that meets all customer requirements. FortiMail Identity-Based Encryption (IBE) uses public key cryptography in which the public key is generated using the unique information about the identity of a user. You can enable automatic encryption of messages based on the attributes you choose, such as subject content, message body, or recipient domain. Thus, IBE allows secure delivery of confidential or regulated content without user provisioning, pre-enrollment for recipients. In addition, FortiMail is one of the very few products on market that offer IBE in both push and pull delivery options -- delivering encrypted s directly to your users, or storing them on the FortiMail for retrieval, or a combination of the two options. 1 Notification of encrypted Sender Recipient 2 User authenticates 3 User views decrypted High availability (HA) and scalability FortiMail supports a high availability configuration that offers full synchronization of configuration and mail data between two FortiMail systems to ensure maximum availability of services. It also allows high-volume organizations (e.g., Service Providers, higher education, etc.) to cluster up to 25 FortiMail boxes with linear scaling with clusters of up to 25 devices for the most testing environments. Management overhead is minimized with centralized management and quarantine, logging and reporting. On-box or off-box policy-based message archiving FortiMail includes policy-based archive functionality for inbound or outbound , which is required by many organizations for compliance purposes. Archiving can be combined with other features such as DLP or IBE to meet government and regulatory compliance for standards such as Sarbanes Oxley by archiving communications which have been deemed sensitive e.g. due to their content, for review at a later date by an archive administrator or auditor. As well as use for compliance purposes, the archive system can be used for archival of all user messages e.g. for disaster recovery purposes. The FortiMail systems offer local as well as external archiving options. Even when using external storage for long term archival, archived messages are fully indexed and retrievable from FortiMail s central management interface. Advanced Messaging Tracking When handling such a large volume of traffic, the ability to quickly and accurately determine the disposition of a message is critical. Being able to easily drill down to a specific user's , which will be the proverbial needle in the haystack, is an essential function for any administrator. FortiMail provides an easy to use browser based search facility which enables the administrator to search for messages based on the sender, recipient, subject, time FORTINET FortiMail Solution Guide - Comprehensive Security for Enterprises and Service Providers PAGE 9 etc., see what happened to it (was it rejected, forwarded, blocked, archived) and view the disposition of that mail (why was a decision made e.g. to reject due to a particular spam or virus trigger). Safety and Savings You Can Have It All With Fortinet s FortiMail security messaging solution, you don t have to sacrifice security for cost savings. FortiMail delivers everything you're looking for in an enterprise security solution at the right price point: High-performance: FortiMail s custom-built hardware and software processes and filters messages in realtime, and will not affect your users or delay their legitimate communications. Maximum deployment flexibility: FortiMail can be deployed in the cloud or on premises in virtual machine or hardware appliance and is the only solution on the market with Gateway, Transparent and Server Modes making it suitable for all your requirements. Reduced TCO: Device-based licensing eliminates the need to change license as your network grows, and reduces your TCO. The single user interface reduces management burden. No 3rd party software - No additional licensing fees; common add-on licenses for other vendors such as HA, IBE and Archiving are included in the base FortiMail cost. - Operational efficiency: one vendor to work with, no finger pointing and lower administration costs - Less risk to the business, increased quality and speed in delivery FORTINET FortiMail Solution Guide - Comprehensive Security for Enterprises and Servi
Recommended
View more...
We Need Your Support
Thank you for visiting our website and your interest in our free products and services. We are nonprofit website to share and download documents. To the running of this website, we need your help to support us.

Thanks to everyone for your continued support.

No, Thanks
SAVE OUR EARTH

We need your sign to support Project to invent "SMART AND CONTROLLABLE REFLECTIVE BALLOONS" to cover the Sun and Save Our Earth.

More details...

Sign Now!

We are very appreciated for your Prompt Action!

x