Maintaining a Secure Messaging Environment Across , IM, Web and Other Protocols Jim Jessup Regional Manager, Information Risk Management Specialist Symantec, Federal Sales

Optional Footer Information HereSymantec Vision Agenda Emergence of Information Risk1 Messaging Threat Landscape2 Symantec Messaging Solutions3

Optional Footer Information HereSymantec Vision Nature of Information Risk Management Information is Distributed, High-Volume and Real-Time –Messaging and collaboration accelerate information risks and costs Information Risks Cross System Boundaries –Risks follow information, not systems Databases File Servers Servers Portal Servers IM Servers Data Loss Discovery & Audit Archiving & Retention External Threats

Optional Footer Information HereSymantec Vision Retain Things Only As Long As Necessary3 Find Things Easily When Needed4 1 Keep The Bad Things Out Web Servers File Servers Servers IM Servers Requirements for Information Risk Management Keep The Important Things In2 External Threat Protection Data Loss Prevention Archiving / Retention Electronic Discovery

Messaging Threat Landscape

Optional Footer Information HereSymantec Vision Current Spam Trends Spam is 90% of traffic Spam attack duration shortening: from hours/days to minutes/hours Increased frequency of rotating through URLs in spam attacks Image spam with multiple obfuscation tactics is the latest tactic Increased use of zombies to send spam (e.g. ~80% of image spam) Adult content - reverted to plain text from HTML with adult images 6

Optional Footer Information HereSymantec Vision The Rise of Image Spam 7 As vendors crush image spam, spammers getting more desperate: –Started w/ background noise –Neopolitan –Mr. Ransom –CAPTCHA –Magic Eye

Optional Footer Information HereSymantec Vision Attack Trends Bot Networks During the current reporting period Symantec observed an average of 63,912 active bot network computers per day, an 11% increase over the first half of the year. The worldwide total of distinct bot-infected computers that Symantec identified rose to just over 6,049,594 - a 29% increase. Command and control servers decreased during this period to 4,746 - a 25% decrease. The United States continues to have the highest number of command and control servers worldwide with 40% - a 2% drop from it’s previous total. China has increased its global proportion of bot-infected computers to 26% while the United States continues to decline. EMEA countries, with the exception of the U.K., showed the largest increase.

Optional Footer Information HereSymantec Vision Attack Trends Data Breaches Information on data breaches that could lead to identity theft. Data collected is not Symantec data The government sector accounted for the majority of data breaches with 25%, followed by Education (20%) and Healthcare (14%) - the majority of breaches (54%) were due to theft or loss with hacking only accounting for 13%

Optional Footer Information HereSymantec Vision Malicious Code Trends Threats to Confidential Information During the current reporting period, threats to confidential information made up 66% of the volume of top 50 malicious code reported to Symantec, up from 48% in the previous reporting period. While the volume of threats that allow remote access have decreased from the same reporting period last year, the volume of threats that log keystrokes and export user and system data have all increased - Keystroke loggers represent 79% of the report threats to confidential information.

Optional Footer Information HereSymantec Vision Symantec Vision Instant Messaging Threats “As one of the most successful and widely deployed applications on the Internet, IM has become a potent means for the propagation of viruses, worms, and other threats.” Symantec Security Response 2006 Client Vulnerabilities 1% Viruses & Trojans 12% Worms 87% Top 5 IM Threat Mutations 2006 Monthly Unique IM Threats Note: Symantec Security Response WormLatest VariantMutations Distribution Method Kelvir W32/Kelvir-BJ140All IM Bropia Bropia-K29MSN Opanki W32/Opanki-W26AIM, IRC Chode W32/Chode-Q16AIM, IRC, MSN Rbot W32/Rbot-BDV16AIM, IRC

Symantec Messaging Solutions

Optional Footer Information HereSymantec Vision Multilayered Security

Optional Footer Information HereSymantec Vision Symantec Solutions - Overview Secure Transmission Symantec operations  Collects spam, virus, sender reputation, and other security data  Employs technicians 24/7 who analyze threats and create filters in real time  Deploys updated filters and reputation information to customer sites every 7 minutes Spam and Reputation Data Symantec Global Intelligence Network Customer site Mail Gateway Symantec Mail Security 8300 Scanner Control Center Server (e.g. Exchange, Domino) User Mailbox SpamViruses Inbound and Outbound mail Updated Spam Filters Updated Virus Signatures Updated Reputation Information ~ Content filtering Viruses in the wild Symantec Security Response Centers

Optional Footer Information HereSymantec Vision Information Foundation 2007 Delivers Market Leading Products A Recognized Leader In Security Source: Gartner (Mail Security + IM Management)

Thank You

Optional Footer Information HereSymantec Vision Symantec Vision Case Study SMS 8300 Reputation SMS 8300 Content 20K End Users Cut Volume In Half. Throttle mail from known bad senders to reduce unsolicited . Purify Mail Stream Deeper analysis of structure and content of message Control Infrastructure The reduced mail volume equals fewer strains on Groupware and Archiving servers. Satisfy End Users Only 1 Spam message per user. Internet Groupware + Archiving 1M eliminated 600K Good 400K Spam 30 Good 1 Spam 1M messagesUser Mail Stream 600K Good 1.4M Spam 2M messages 1.38M eliminated 600K Good 20K Spam 620K messages 1.38M eliminated 600K Good 20K Spam 620K messages