A flexible response to suspicious senders keeps hostile
traffic off your network.
Cisco IronPort Reputation Filters™ provide the outer layer
of spam protection for your email infrastructure. As the first
line of defense on the Cisco IronPort email security appliances,
Reputation Filters dispose of up to 80% of incoming spam at
the connection level—saving bandwidth, conserving system resources
and yielding the highest levels of security for critical messaging
systems. A proven preventive solution, Cisco IronPort Reputation
Filters defend the largest ISP and enterprise networks, as well
as small and medium-sized businesses, in production environments
around the world.
Over 100,000 organizations participate
in the SenderBase
Network, enabling the world's largest email traffic monitoring
system.
Features:
Accurate Reputation Scores:
Cisco IronPort's SenderBase® Network is
the world's first and largest email and web traffic monitoring
system. SenderBase collects data from more than 100,000 networks
around the world, 10x more than competing reputation monitoring
systems. By tracking a broad set of over 110 attributes from
more than 30% of the world's email, SenderBase supports very
accurate conclusions about a given sender.
More
Sophisticated security modeling leverages
the breadth of SenderBase data to generate a granular reputation
score ranging from -10 (for the worst senders) to +10 (for the
very best).
Cisco Security Intelligence Operations (SIO):
Cisco IronPort Web Reputation Filters also
leverages Cisco Security Intelligence Operations (SIO), an advanced
security infrastructure that provides threat detection, correlation
and mitigation to continuously facilitate the highest level
of security for Cisco customers. Using a combination of threat
telemetry, a team of global research engineers and sophisticated
security modeling, Cisco SIO enables fast and accurate protection
- allowing customers to securely collaborate and embrace new
technologies.
Advanced protection powered by Cisco Security
Intelligence Operations (SIO) delivers current and complete
security information to Cisco customers and devices. Threat
mitigation data is provided through:
- Dynamic rule updates for Cisco products, such as firewall,
web, IPS, or email devices
- IntelliShield vulnerability aggregation and alert services
- Security best-practice recommendations and community
outreach services
When a new threat is detected (based on processing data in
Cisco SensorBase), it is extracted and correlated, rules and
signatures are generated, and systems are dynamically updated.
Updates are then immediately sent to Cisco security devices
- enabling customers to stay ahead of the latest threats.
Dynamic Protection:
Cisco IronPort email security appliances automatically
apply mail flow policies to senders based on their
reputation score. As the appliance receives inbound mail, a
threat assessment of the sender is performed. This assessment
returns a granular reputation score, which is linked to mail
flow policies specified by the administrator.
A full range of mail flow control policies
can be defined to effectively cover all sender categories. With
Cisco IronPort Reputation Filters, administrators can
make sure that "the punishment fits the crime."
"True" rate limiting based on sender reputation
provides a unique and intelligent way of dealing with spammers
that occupy the gray zone, where it's not clear if they are
friend or foe. The Cisco IronPort system can limit recipients
per hour accepted. Since Reputation Filters respond
to these gray zone mailers by this "true" rate limiting, but
not actually blocking, the false positive rate is extremely
low—less than one in one million.
Comprehensive Management
An integrated Web-based user interface makes
it simple to manage sender groups and associated mail flow policies.
Administrators easily create sender groups and configure policy
parameters to meet their corporate-specific email security requirements.
Automatic updates ensure that once the Cisco
IronPort email security appliance is configured; scores are
dynamically updated based on the latest data from SenderBase.
This eliminates the need for any ongoing management of Reputation
Filters.
Benefits:
Improved Catch-Rate Cisco IronPort Reputation
Filters block up to 80% of incoming spam at the edge of
your network, improving the overall efficacy of your anti-spam
solution.
No Administrator Maintenance Required
Cisco IronPort Reputation Filters adjust scores automatically
as SenderBase pulls in new data. The mail administrator only
needs to configure their desired policies, and Reputation
Filters does the rest.
Reduced False-Positives Cisco IronPort
Reputation Filters intelligently combine many different
metrics before determining a sender's reputation. Confirmation
of suspicious traffic patterns across many data types and sources
will result in a poor reputation. This unique ability to triangulate
information across SenderBase makes Reputation Filters
the undisputed leader in reputation accuracy.
Lower Hardware Costs and Increased Message Throughput
Eliminating spam and unwanted mail, before resource-intensive
content filtering, will improve overall system performance and
reduce the amount of supporting hardware required for the rest
of the email infrastructure. Typical customer results show that
downstream load is reduced by three to five times through use
of Cisco IronPort Reputation Filters.
Reduced Risk From Denial of Service or Dictionary
Harvest Attacks Cisco IronPort Reputation Filters
score senders in real time and are adept at preventing damage
from many types of distributed attacks. Attacks arising from
zombie networks, which can bring content-based anti-spam systems
to a grinding halt, can be gracefully managed with Reputation
Filters.
Documentation:
Download the
IronPort Reputation Filters Data Sheet (PDF).
|
