IBM Proventia Network Security

In difference from others an antispam of solutions the hardware-software product IBM Proventia Network Mail Security performs security blanket of the enterprise e-mail as entering and outgoing. In this device the most advanced work a solution antispam. Several components of an antispam are developed by the IBM Internet Security Systems C-Force command which specializes only in protection against spam. The device is easily integrated with the different mail systems, with LDAP. Is controlled through HTTPS or through SiteProtector management system.

Proventia Network Mail components

• Modules of multilevel protection against spam (10 different modules of the analysis)
• The module of strict content filtering and quarantine which is set precisely by whom when that and to whom can send. It is possible to tell that it is the mail firewall (Mail Firewall).
• The antivirus signature (Sophos) - catches all known types of viruses.
• The antivirus based on the analysis of behavior of the unknown code in virtual environment of Virus Prevention System (VPS) - catches unknown viruses on behavior. In fact the mechanism is the only way to be protected from the trojans directed to the specific company as such attacks are not able to catch signature antiviruses. And, at last, it is protection against new viruses for which signatures are not released yet.
• The system of blocking of a malicious code in the attached not executable files (ShellCode Heuristics) - detects viruses in DOC, XLS, PPT, JPG, ANI, etc. files in which, apparently, viruses cannot be.
• The module of prevention of the attacks (IPS) - reveals network attacks in the SMTP protocol. Including the module Virtual Patch™ which protects systems from vulnerabilities which were not propatchena OS producers yet works.
• The content filtering module on a key word and on base of phishing and other malicious sites (at IBM ISS base from 60 million URL). A key word for a moment is by default put English and German, it is possible to add the including Russians.
• The module of reports for SiteProtector
• The integration module with SiteProtector
• Module of logging of e-mails

From what threats protects Proventia Network Mail

• spam
• viruses, spyware and other malicious code in investments, including unknown viruses and worms

attacks to SMTP, including the attacks like zero-day and DoS

• leak of confidential information
• violations of corporate security policy
• phishing and pharming
• damage of reputation

Modules of the analysis of spam Proventia Network Mail

• Spam Fingerprint – each letter receives a unique 128th bit signature. This signature is compared to the existing signatures in the database of the filter that allows to control the existing spam precisely.
• Spam Signature Database – a unique 128th bit signature is calculated also for some parts of the letter (for example one paragraph). These signatures are compared to already existing in base to detect spam, despite some changes of all message.
• Spam Structure Check – checks structure of HTML, giving the chance to this module to classify it letters as spam on the basis of structure of the letter.
• Spam URL Check – more than 80% of all spam sending contain references. Except signatures of letters with spam URL which appear in spam letters are stored in the database also all. One occurrence of URL from base allows to classify the letter as spam.
• Spam Heuristics – this qualifier is based on the heuristic analysis typical sign spam letter, for example some fields in letter heading. Own system of assessment for each sign giving either positive or negative increment is used, depending on that the heuristics for search of spam or the boor is used. If the calculated coefficient exceeds predefined level, then the letter is classified as spam.
• Spam RBL check – the IP address of a host of the sent SMTP the message is checked on one or several RBL servers.
• Spam Bayesian Classifier is statistical assessment which defines whether the letter is necessary or spam on some certain frequency responses. This module of the analysis is very exact at detection of new type of spam.
• Spam Flow Check – analyzes a flow of letters during the set period. If the same letter (it is considered a directed number of identical characteristics) is received more some level of times set in advance during this period and has different domains of the sender, then the letter is classified as spam.
• Spam Keyword – this qualifier uses a standard key word and templates (regular expressions) which usually find in spam. The C-Force group of IBM ISS company collects the matching key word and templates from already known spam of letters and estimates them individually for additional protection against spam.
• Phishing Check – is the whole set of the methods combined for ensuring effective protection against phishing letters including checks of URL and heuristics.
• The automatic updates which are available in Proventia Network Mail Security provide more effective protection against spam, viruses and other malicious code.