eSafe – Secure Web Gateway Shimon Gruper, CISSP – VP Security Technologies

a l a d d i n. c o m Safe Harbor Statement Except for statements of historical fact, the information presented herein constitutes forward-looking statements within the meaning of and subject to the safe harbor created by the Private Securities Litigation Reform Act of In some cases, you can identify forward-looking statements by terminology such as "expect," "estimate," "anticipate," "intend," "predict," "believe," and similar expressions and variations thereof. Such forward-looking statements include statements regarding the intent, belief, current expectations or projections about future events of Aladdin Knowledge Systems Ltd. Readers are cautioned that these forward looking statements are not guarantees of future performance and involve known and unknown risks, uncertainties and other factors which may cause the actual results, performance or achievements of Aladdin Knowledge Systems Ltd. to be materially different from any future results, performance or achievements expressed or implied by such forward-looking statements. Such factors include without limitation, general economic and business conditions, the loss of market share, changes in the competitive landscape, failure to keep up with technological advances and other factors over which Aladdin Knowledge Systems Ltd. has little or no control. Aladdin Knowledge Systems Ltd. undertakes no obligation to revise or update these forward-looking statements to reflect events or circumstances after the date hereof.

a l a d d i n. c o m Agenda About AladdinAbout Aladdin Content Security ChallengesContent Security Challenges Introduction to eSafeIntroduction to eSafe Delivery optionsDelivery options Implementation optionsImplementation options Support & UpdatesSupport & Updates

a l a d d i n. c o m Aladdin Knowledge Systems (NASDAQ: ALDN) is a global provider of software protection and network security solutions since With a distribution network of more than 50 partners in over five continents, Aladdin provides unmatched service and support to its customers.

a l a d d i n. c o m Headquarters: Tel Aviv, Israel Global Presence: Strong Financial Momentum: Founded: 1985, publicly traded since 1993 Employees Worldwide: 465 Q4/07 revenues: $29.1M Q4/07 profits: $4.8M (Non-GAAP) 2007 revenues: $105.9M 2007 profits: $17.6M (Non-GAAP) Consistent growth in revenues and profits World Renowned Products: Global leader in Software DRM (Digital Rights Management), fast growth, innovative Enterprise Security products USA, UK, Germany, France, The Netherlands, India, Spain, Italy, Japan and China Aladdin Snapshot

a l a d d i n. c o m Aladdin: Securing the Global Village Our Mission To create value by enabling the secure use and distribution of digital content Our Vision To be the leading provider of innovative security solutions to protect digital assets and enable secure business

a l a d d i n. c o m Aladdin Product Lines Software Rights Management – copy protection, IP protection and secure licensing solution for software vendors Software Publishers and System Vendors Solutions for authentication and password/digital identity management Enterprise Education Banking Pharmacy Government TARGET MARKET Web gateway content security and proactive security Enterprise and ISP’s DRM ENTERPRISE SECURITY

a l a d d i n. c o m Aladdin – Strong in Europe North America: 18% Europe: 61% ROW: 21% Business Segments: Geographical Segments: 41% 59%

a l a d d i n. c o m Web Content Security Challenges

a l a d d i n. c o m The shift in Content Security Threats From amateur virus writers to organized money making professionals ! Virus TrojanWorm Internet Trojan PhishingSpywareSpam Mobile Threats 2007 Web Threats

a l a d d i n. c o m 2007 Was A Very Bad Year Over 1,000,000 unique malware in 2007 Some estimate there are over 5.5 million In-The-Wild malware (AV-Test.org) Thousands of new malware a day 1,000,000

a l a d d i n. c o m Source: AV-TEST Lab, Germany

a l a d d i n. c o m It’s all about money…

a l a d d i n. c o m

“ Last year was the first year that proceeds from cybercrime were greater than proceeds from the sale of illegal drugs… law enforcement cannot catch up with it." Valerie McNiven, US Treasury Cybercrime 'more lucrative' than drugs

a l a d d i n. c o m BotNets

BotNet Controllers

a l a d d i n. c o m “Of the 600 million computers currently on the internet, between 100 and 150 million are already part of botnets” Davos, January 2007 Dr. Vinton Cerf

a l a d d i n. c o m Why do threats increase?

a l a d d i n. c o m Security is not transparent! I should probably click ‘Yes’…

a l a d d i n. c o m Today’s Internet Threats

a l a d d i n. c o m The Web 2.0 Dilemma MySpace Face- book Google Apps Gray BadGood

a l a d d i n. c o m Malware 2.0 Inspection HTML AJAX Scripts Good Gray

a l a d d i n. c o m Anti-virus ? We’re trying our best to stay on top, but unfortunately I must confess that the detection level is slowly going down. We develop new technology to stop them and they develop new technology to bypass. We still have the highest detection rate, but we cannot stop some malicious code. This makes us scared if we will be able to stop them in the future. There was a time when we thought that antivirus technology was enough, but that time has gone. It’s not enough, obviously. Natalya & Eugene Kaspersky

a l a d d i n. c o m URL Filter? No time for updates! Months Days Weeks Avg. exploit in days. Vulnerabilities Exploited Faster Hours Seconds Minutes % of the hosts within 10-minutes. Threats Propagating Faster

a l a d d i n. c o m Essential Solution Ingredients Desktop Antivirus URL Filter Antivirus

a l a d d i n. c o m Essential Solution Ingredients Web security Desktop Antivirus URL Filter Antivirus Less than 20% of organizations have Web Security in place !

a l a d d i n. c o m “The market is demanding a secure-Web gateway (SWG) solution that provides not only traditional URL-filtering but also malicious software (malware) filtering, as well as application control for Web applications such as instant messaging (IM).” Peter Firstbrook Introducing the Secure Web Gateway

a l a d d i n. c o m Recommendations IT organizations should recognize the increasing threat that Web traffic represents and the limitations of existing solutions at addressing this rising threat. Use URL filtering renewals and budget money to upgrade to a secure Web gateway solution that is capable of detecting and filtering malicious Web traffic. The Growing Web Threat

a l a d d i n. c o m The Ultimate Network Security Solution

a l a d d i n. c o m Introduction to eSafe

a l a d d i n. c o m Firewall VPN IDS/IPS Network Security Spyware, Malware Inappropriate content Confidential data loss Unauthorized applications (IM, P2P, tunneling, etc.) Web Surfing Network policies Business policies Content Security Enterprise Network Internet eSafe Web

a l a d d i n. c o m Security Golden Triangle The balance is crucial for a proper web security gateway

a l a d d i n. c o m What is the ultimate Web Security? eSafe 4 Security Layers

a l a d d i n. c o m Content Access Good Sites – Bad Sites Good ActiveX – Bad ActiveX – Preinstalled only Dynamic Web Threats File Analysis The Only 4 Layer Web Content Security Application Filtering

a l a d d i n. c o m URL Filtering & IP Reputation CRAWLING Data Center Security 500+ Crawlers worldwide 3.8 Billion Indexed Webpages / Images 120 Million Pages per Month 800 Spam Collectors Smart Search Engine ANALYZING Content Analyzing Technology OCR Full Text Classification Object Detection Logo Detection Face Recognition Porn Detection Digital Fingerprints PROCESSING Data Center Hardware > 1,000 Servers 45 Mbit / Sec Internet Access 20 Terabyte Cache 12 Worldwide Remote Servers Processing Four Million Webpages / s per Day 60 million URLs 8 Updates per Day 98% Sites Known 60 Categories 150,000 URL Updated per Day

a l a d d i n. c o m Content Access Dynamic Web Threats The Only 4 Layer Web Content Security Zero-day exploits Malicious scripts Pop-installers - In “Grey” sites - In Hacked sites Application Filtering File Analysis

a l a d d i n. c o m Real-time Deep Web 2.0 Content Analysis Real-time packet by packet analysis of all web content Inspects all HTML pages and all code in them (scripts, AJAX, etc.) for “Web. 2.0” threats. Detects the following in all HTML and script code: –Known vulnerabilities (exploit attempts) –Known malicious code and variations –Suspicious code. Inspects HTTP on any port and HTTPS on SSL port 443

a l a d d i n. c o m Transparent Real-time Content Modification eSafe removes only suspicious elements form web pages containing suspicious code The rest of the content remains intact Avoid over-blocking of legitimate hacked sites, “grey” unknown sites, etc. Web page content inspection, including HTML, and media files, is done in real-time Performance of over 50Mbps / 3000 connections per machine (scalable to ISP level)

a l a d d i n. c o m Download Dynamic Web Threats Signatures Communications blocking The Only 4 Layer Web Content Security Simple Known family (heuristic) Polymorphic, stealth Suspicious Spyware / Trojan / Worm

a l a d d i n. c o m Proactive eSafe AV engine

a l a d d i n. c o m eSafe CSRT - More Security 42

a l a d d i n. c o m Aladdin Blocks Sophisticated Web Attack

a l a d d i n. c o m Content Access Dynamic Web Threats File Analysis Application Filtering The Only 4 Layer Web Content Security Worms Browser Hijack Spyware / Adware Spyware protocols Outbound Trojan Selective IM (chat / file) Tunneling Remote PC P2P

a l a d d i n. c o m Unauthorized Applications Traffic P2P applications Spyware Instant Messengers TCP Worms Remote Control Tunneling …and more

a l a d d i n. c o m Application Filtering and Control eSafe’s AppliFilter™ helps protect and control: Over 500 Internet application protocols 20 application families 4 application family categories: –Malicious applications: Spyware, Trojans, Worms, Key-loggers –Unwanted applications: Adware and add-supported software, anonymizing tools –Exploits and vulnerabilities: TCP Exploits, drive-by attacks, browser hijackers –Controlled applications: Instant Messengers, IP Phone, P2P, streaming, tunnelling

a l a d d i n. c o m Anonymous Surfing

a l a d d i n. c o m Anonymous Proxies Protection Content Security products offer “list-based” approach against Anonymous proxies AppliFilter’s unique “Anonymous Web Proxy” filter catches requests for anonymous proxies on the fly, providing organizations zero-day protection against circumvention and anonymity techniques.

a l a d d i n. c o m Delivery Options

a l a d d i n. c o m Delivery Options Reduced complexity: Instant installation on any PC Hardened, secure & updatable OS Built-in web-based configuration GUI HG-200 HG-400 HG-300

a l a d d i n. c o m Flexible Integration options Active Directory integration –Microsoft AD –Novel ISA Server integration ArcSight integration Installation modes: –Bridge –Router –ICAP –Forwarding Proxy –Native Proxy –Load-balancing / High-Availability Cluster

a l a d d i n. c o m eSafe Web SSL –Enforces policy also on SSL encrypted anonymizer sites –Proactively identify and block unknown anonymizers –Blocks self-signed SSL sites (home-brew anonymizers) –Validates certificate policies, issuers, revocations, etc.

a l a d d i n. c o m eSafe Reporter Includes 34 canned reports Specifically geared for Enterprise Customers Works with MS-SQL Generate scheduled reports and them to predefined group of people

a l a d d i n. c o m Implementation Options

a l a d d i n. c o m eSafe Branch office Regional Office HQ Central Monitoring Central Configuration Central Reporting Central Logging Local Configuration Real Enterprise Solutions

a l a d d i n. c o m Real time monitoring

a l a d d i n. c o m Real-time monitoring

a l a d d i n. c o m Support & Customer Care

a l a d d i n. c o m Support services – Deluxe Support Security services –24x7 threats research (CSRT – Content Security Research Team) –Timely updates –Proactive security rules (XploitStopper™) – / SMS notifications –Emergency telephone support Technical Support Services –24x7 web / telephone support –Immediate escalation to R&D –Continuous case status update –Personal case supervision by Customer Care Director –On site visits (fee charged after 90 days warranty)

a l a d d i n. c o m Case Studies

a l a d d i n. c o m Large Enterprise Case Study: Large Enterprise Case Study: US Defense Contractor Distributed operation 70,000+ users Challenge: no affect on user browsing experience & minimal admin overhead Evaluated proxy solution but selected eSafe for speed and security Result: –High security –Increased productivity –No performance impact

a l a d d i n. c o m Case Study: Case Study: US School District 10,000 students, teachers and administrators in 30 separate schools Struggling with spyware control IT resources stretched thin by ongoing remediation Result: –Virtually eliminated spyware infections –Time spent on desktops remediation dropped by 95%

a l a d d i n. c o m Case Study – Managed Services “We monitor all traffic patterns throughout our network, we proactively defend you from all malicious or accidental attack, delivering 'clean pipes' to all our customers' corporate networks.” LSE: CW Leading international communications company Trading with eSafe (as Energies) since 2003 Joint Services: Managed Content Security Services (MSSP model), and Clean Pipe services Customers Include: Large enterprises, Carriers, Public Sector and local Service providers

a l a d d i n. c o m Case Study - ISP NASDAQ: IGLD Leading Israeli communications service provider Services: Internet, International telephony and IT Integration Services In January 2007, completed the acquisition of 012 Golden Lines Ltd. Jointly owns MSN-Israel with Microsoft No. of subscribers estimated by 1M Service name: Safety Net Target: Home, Small business Launch: February, 2006 Successful Marketing Campaign leads to a high acceptance rate: over 50% Over 1,500 subscribers per week Withdrawals: Marginal (less than 0.5%)

a l a d d i n. c o m

Web Threat Analyzer Reveals security and productivity threats Offers a realistic view of current, and real web threat status Provides a full and comprehensive Web-threat Audit report!

a l a d d i n. c o m Summary

The only proven proactive threat protection –Consistently blocks over 96% of previously unknown threats –Eliminates over 99% of common and driveby spyware –Prevents zero-day vulnerabilities and exploits Transparent deep web-content inspection –Wire-speed inspection of web pages including all HTML –Zero-latency with no impact on user experience –Complements firewalls, IPS, and desktop antivirus Starting at 5 million processed web pages per hour –Scalable for hundreds to millions of users –ISP-grade content security performance –Trusted by fortune 500 corporations eSafe Advantages

a l a d d i n. c o m Technology leader - Innovation is our key focus eSafe MCSG – Mobile security gateway 1997 eSafe Protect – Sandbox anti-vandal solution eSafe Gateway – Anti-virus gateway NitroInspection™ – Non-proxy HTTP gateway AppliFilter™ – Application filtering 2005 Spyware Neutralizer – Clientless scanner 2002 XploitStopper™ – Gateway exploits blocker st % Protection of Anonymizer Services 1 st

a l a d d i n. c o m Gartner Secure Web Gateway - Magic Quadrant Aladdin is an early visionary entrant into the SWG market. Aladdin gets very high marks for malware detection across all ports and protocols. The company was an early antivirus vendor and continues to utilize its own malware signatures in addition to several real-time malware detection techniques. The product has an extensive list (more than 1,000) of pre-developed application filter policies. The eSafe SWG is an in-line filter and supports an extensive list of deployment options that provide for scalability for more than 20,000 seats.

a l a d d i n. c o m Frost & Sullivan – WW Anti-virus Report “Aladdin Knowledge Systems content security business unit’s growth has been outperforming the average market growth rate… Aladdin’s recent product innovations in the integrated security area have proved the company’s ability to react fast to changing market demands.”

a l a d d i n. c o m More than 4,000 eSafe customers worldwide

a l a d d i n. c o m … more customers

a l a d d i n. c o m SOME EUROPEAN CUSTOMERS

a l a d d i n. c o m Thank you ! For more info:

a l a d d i n. c o m NitroInspection™ technology HTTPContentrecognitionfilter HTTPContentmixer 15% HTML inspection 5% Binaries inspection 10% Trusted content HTTP content European Patent EP % JPG inspection

a l a d d i n. c o m Improved user experience No time-outs No slowdowns Completely transparent Fast and efficient eSafe NIC TCP/IP stack eSafe PCA Content Inspector Content Inspector 80% of packets are released After inspection, the remaining 20% is released When the entire file is received, it is inspected NitroInspection™ technology