Businesses worldwide are seeing an enormous increase in unsolicited junk e-mail, or spam, and Cisco is no different. The volume of spam that Cisco receives has increased by more than 700 percent over the past two years, and safeguarding Cisco e-mail systems has never been more critical.
Cisco relies heavily on IronPort messaging security technology to ensure a fast, reliable, and secure e-mail system. Before acquiring IronPort in January 2007, Cisco had used IronPort message gateways for more than six years for e-mail message routing, antispam and antivirus protection, and e-mail infrastructure. The Cisco and IronPort relationship began when Cisco needed a speedy device that could efficiently handle e-mail. With its robust, asynchronous operating system the IronPort C60 message appliance had the speed Cisco sought for receiving and delivering e-mail.
By combining the IronPort product’s speed and reliability with antispam and antivirus capabilities from Brightmail and Sophos, IronPort consolidated three layers of e-mail security processing into one reliable layer. “Reducing the number of machines and e-mail hops in Cisco’s layered infrastructure by a ratio of three to one, or one hardware layer instead of three, eliminated two layers of expensive hardware and saved Cisco millions of dollars in hardware support costs,” says Jason Colvin, a systems administrator in Cisco IT.
IronPort Antispam has replaced Brightmail along with Sender Base Reputation (SBR) filtering, both of which are IronPort products. SBR peforms most of the filtering at Cisco and is responsible for dropping more than 90 percent of inbound threat messages. “The mail is dropped at the handshake level and prevents us from actually having to accept the mail and waste cycles filtering it with IPAS and Sophos,” says Colvin.
Although the Sophos application was not developed by IronPort, it resides on the appliance and works well with IronPort’s asynchrous operating system.
Cisco currently uses IronPort message gateways to process all e-mail that travels over the network. All mail is scanned for viruses whether it is an inbound, internal, or outbound. With the development of IronPort anti-spam and IronPort Sender Base Reputation Filtering, the Cisco infrastructure can now more effectively and efficiently protect against spam. The new capabilities allow Cisco to filter some 800 million spam messages that are targeted at Cisco's network each month. “This averages out to about 10,000 spam messages per user mailbox that are filtered by applications that reside on the IronPort appliance,” says Colvin.
Colvin says the number of inbound messages that are sent to Cisco e-mail accounts varies throughout the year from about 8000 per month per user to 13,000 or more per month per user during peak periods. This per-mailbox average depends on the user. Adds Colvin, “This is just e-mail coming in to Cisco from external destinations and does not count the e-mail sent internally.”
Using the SBR, IPAS, and Sophos tools, Cisco IT intercepts and removes approximately 97 percent of all inbound traffic at the gateway layer. These e-mail messages include spam, viruses, mail sent to invalid recipients, etc. After all the processing, a typical Cisco user receives an approximate average of 350 inbound messages per month to their inbox.
Cisco uses IronPort gateways to manage spam, virus, message delivery, DNS attacks, and virus outbreaks, and to monitor messaging trends and HR filtering. Future plans include a user-installed Outlook plug-in that will allow users to report spam directly to IronPort; increased virus outbreak protection with virus outbreak filters, increased efficiency with Lightweight Directory Access Protocol (LDAP) authentication at the gateway, and increased e-mail security with Transport Layer Security (TLS) delivery options.
For More Information
Cisco on Cisco
IronPort E-mail and Web Security Applications
Cisco IT Security Case Studies