IronPort Reputation Filters
A flexible response to suspicious senders keeps hostile traffic off your network.
Cisco IronPort Reputation Filters™ provide the outer layer of spam protection for your email infrastructure. As the first line of defense on the Cisco IronPort email security appliances, Reputation Filters dispose of up to 80% of incoming spam at the connection level—saving bandwidth, conserving system resources and yielding the highest levels of security for critical messaging systems. A proven preventive solution, Cisco IronPort Reputation Filters defend the largest ISP and enterprise networks, as well as small and medium-sized businesses, in production environments around the world.
Over 100,000 organizations participate in the SenderBase
Network, enabling the world's largest email traffic monitoring system.
Accurate Reputation Scores:
Cisco IronPort's SenderBase® Network is the world's first and largest email and web traffic monitoring system. SenderBase collects data from more than 100,000 networks around the world, 10x more than competing reputation monitoring systems. By tracking a broad set of over 110 attributes from more than 30% of the world's email, SenderBase supports very accurate conclusions about a given sender. More
Sophisticated security modeling leverages the breadth of SenderBase data to generate a granular reputation score ranging from -10 (for the worst senders) to +10 (for the very best).
Cisco Security Intelligence Operations (SIO):
Cisco IronPort Web Reputation Filters also leverages Cisco Security Intelligence Operations (SIO), an advanced security infrastructure that provides threat detection, correlation and mitigation to continuously facilitate the highest level of security for Cisco customers. Using a combination of threat telemetry, a team of global research engineers and sophisticated security modeling, Cisco SIO enables fast and accurate protection - allowing customers to securely collaborate and embrace new technologies.
Advanced protection powered by Cisco Security Intelligence Operations (SIO) delivers current and complete security information to Cisco customers and devices. Threat mitigation data is provided through:
- Dynamic rule updates for Cisco products, such as firewall, web, IPS, or email devices
- IntelliShield vulnerability aggregation and alert services
- Security best-practice recommendations and community outreach services
When a new threat is detected (based on processing data in Cisco SensorBase), it is extracted and correlated, rules and signatures are generated, and systems are dynamically updated. Updates are then immediately sent to Cisco security devices - enabling customers to stay ahead of the latest threats.
Cisco IronPort email security appliances automatically apply mail flow policies to senders based on their reputation score. As the appliance receives inbound mail, a threat assessment of the sender is performed. This assessment returns a granular reputation score, which is linked to mail flow policies specified by the administrator.
A full range of mail flow control policies can be defined to effectively cover all sender categories. With Cisco IronPort Reputation Filters, administrators can make sure that "the punishment fits the crime."
"True" rate limiting based on sender reputation provides a unique and intelligent way of dealing with spammers that occupy the gray zone, where it's not clear if they are friend or foe. The Cisco IronPort system can limit recipients per hour accepted. Since Reputation Filters respond to these gray zone mailers by this "true" rate limiting, but not actually blocking, the false positive rate is extremely low—less than one in one million.
An integrated Web-based user interface makes it simple to manage sender groups and associated mail flow policies. Administrators easily create sender groups and configure policy parameters to meet their corporate-specific email security requirements.
Automatic updates ensure that once the Cisco IronPort email security appliance is configured; scores are dynamically updated based on the latest data from SenderBase. This eliminates the need for any ongoing management of Reputation Filters.
Improved Catch-Rate Cisco IronPort Reputation Filters block up to 80% of incoming spam at the edge of your network, improving the overall efficacy of your anti-spam solution.
No Administrator Maintenance Required Cisco IronPort Reputation Filters adjust scores automatically as SenderBase pulls in new data. The mail administrator only needs to configure their desired policies, and Reputation Filters does the rest.
Reduced False-Positives Cisco IronPort Reputation Filters intelligently combine many different metrics before determining a sender's reputation. Confirmation of suspicious traffic patterns across many data types and sources will result in a poor reputation. This unique ability to triangulate information across SenderBase makes Reputation Filters the undisputed leader in reputation accuracy.
Lower Hardware Costs and Increased Message Throughput Eliminating spam and unwanted mail, before resource-intensive content filtering, will improve overall system performance and reduce the amount of supporting hardware required for the rest of the email infrastructure. Typical customer results show that downstream load is reduced by three to five times through use of Cisco IronPort Reputation Filters.
Reduced Risk From Denial of Service or Dictionary Harvest Attacks Cisco IronPort Reputation Filters score senders in real time and are adept at preventing damage from many types of distributed attacks. Attacks arising from zombie networks, which can bring content-based anti-spam systems to a grinding halt, can be gracefully managed with Reputation Filters.
Download the IronPort Reputation Filters Data Sheet (PDF).