Press Release - For Immediate Release
IronPort Systems Confirms Recent Sober Attack as Largest Outbreak of 2005
IronPort Virus Outbreak Filters™ Stops Sober Outbreak Nearly 5 Hours Before Any Other Anti-Virus Solution
SAN BRUNO, Calif. - December 20, 2005 -IronPort Systems Inc., the price performance leader in email security, today confirmed that the recent Sober outbreak, Sober-Z, is the most widespread outbreak of 2005. The outbreak, which occurred in late November, spread primarily by sending spoofed emails, including emails from various police agencies such as the FBI and CIA. These emails informed recipients that their internet use had been monitored and asked them to open an attachment to answer questions. Once opened, the virus has the capability to disable personal firewalls and anti-virus engines, harvest email addresses, send viral messages and take over infected machines for use in 'bot' networks.
IronPort's Threat Operation Center detected the Sober virus and IronPort's Virus Outbreak Filters™, the world's leading preventive anti-virus solution, was able to protect customers from the Sober outbreak 4 hours and 38 minutes prior to the first signature available from any traditional AV vendor. During this time period, approximately 550,000 viral emails were stopped, resulting in an estimated savings of over $11M to IronPort customers.
The IronPort Threat Operations Center (TOC) is a group dedicated exclusively to preventive outbreak detection and protection 24 hours a day, 7 days a week. TOC analysts use sophisticated tools to model current and historic traffic patterns and analyze traffic anomalies to uncover new threats. When an outbreak is detected, updates are issued by the TOC to IronPort's email security appliances on a constant, rapid basis. TOC tools are powered by a series of proprietary algorithms that process data from SenderBase, the world's first and largest email traffic monitoring network. IronPort's security appliances perform threat assessments of inbound and outbound messages based on the most recent TOC updates to quarantine suspicious messages until signatures from traditional anti-virus vendors are deployed.
"The recent Sober outbreak generated a dramatic 1,500% increase in infected email traffic," said Tom Gillis, Senior Vice President of Marketing for IronPort Systems. "At its peak, we observed that one in every eleven emails was infected by the Sober virus. This increase in dangerous email wastes valuable bandwidth and storage capacity, and consumes administration and employee time. IronPort Outbreak Filters™ is innovative technology that provides customers protection from dangerous email and helps reduce or eliminate associated costs."
Trend Shows More Targeted Attacks
Despite the extent of the Sober outbreak, industry experts are seeing a trend away from larger outbreaks and toward smaller, more targeted attacks. "Security threats are clearly on the rise", said Patrick Peterson, Vice President of Technology for IronPort Systems. "But virus writers are increasingly focusing their attacks on specific companies and organizations so that they can fly under the radar of reactive AV solutions that were built to look for and protect against larger outbreaks. IronPort, on the other hand, has the Threat Operations Center and SenderBase, the world's largest real-time email traffic monitoring network, which means that we can detect attacks--large and small—more quickly than any other security company in the world."
IronPort Virus Outbreak Filters™
- stopped over 160 outbreaks in the last year, including 12 separate Sober outbreaks
- has an average lead time over traditional AV solutions of over 13 hours
- has stopped approximately 8 million infected messages
- has saved IronPort customers an estimated $160M in cleanup costs
About Virus Outbreak Filters™
A proven preventive solution, IronPort Virus Outbreak Filters™ provides a critical first layer of defense against new outbreaks hours before signatures used by traditional anti-virus solutions are in place. Real world results show an average lead time over reactive anti-virus solutions of over 13 hours, along with an extremely high catch rate and near zero misclassifications. Integrated into IronPort's C-Series™ email security appliances, IronPort Virus Outbreak Filters™ performs a threat assessment of inbound and outbound messages, and quarantines suspicious messages temporarily. Messages are automatically released once signatures from traditional anti-virus vendors are deployed.
To receive automated alerts of when Outbreak Filters first detects outbreaks, please visit http://www.ironport.com/outbreak_alerts/.
About IronPort Systems
IronPort Systems is the leading email security provider for organizations ranging from small businesses to the Global 2000. The company has developed a family of email security appliances, the IronPort C-Series™, that offer breakthrough performance, unprecedented ease of use and reduced total cost of ownership. IronPort is driving new standards and providing innovative products for those faced with the monumental task of managing, protecting, and growing mission-critical email systems. For more information on IronPort products and services, visit: http://www.ironport.com/.
Press / Analysts
If you are a reporter or analyst and want more information on IronPort Systems please contact:
DAVID ORO, IRONPORT SYSTEMS, 415.885.9898 MOBILE, DTO@THROROGROUP.COM
SUZANNE MATICK, IRONPORT SYSTEMS, SUZANNE@MATICK.COM
