Proofpoint announces zero-hour protection against emerging viruses, new defences against inbound spam

Proofpoint, Inc, the leader in large-enterprise messaging security solutions, today introduced the Proofpoint Zero-Hour Anti-Virus module, an optional component of the Proofpoint Protection Server software and Proofpoint Messaging Security Gateway appliance, that provides real-time protection against emerging virus attacks.

The Proofpoint Zero-Hour Anti-Virus module protects enterprises against new viruses and other forms of malicious code during the critical first hours after new viruses are released and before anti-virus signatures have been updated.

Proofpoint also announced the availability of new enhancements to its Proofpoint Spam Detection module, powered by Proofpoint MLX technology, which incorporates advanced machine learning and reputation-based techniques to provide additional protection against new types of spam and phishing attacks.

To protect large organisations from emerging virus attacks, Proofpoint Zero-Hour Anti-Virus combines global analysis of Internet traffic patterns with local containment of suspicious messages and attachments. Proofpoint Zero-Hour Anti-Virus constantly analyses millions of Internet messages for anomalies that indicate a potential virus attack.

Advanced pattern recognition technology is used to identify new viruses within minutes of their mass distribution over the Internet with greater than 95% accuracy.

"Traditional anti-virus products are inherently reactive, leaving customers vulnerable to infection by a new virus between its initial appearance `in the wild` and the deployment of an anti-virus signature update," said Sandra Vaughan, senior vice-president of products and marketing for Proofpoint.

"Because today`s viruses propagate extremely rapidly and carry ever more malicious payloads, enterprises need accurate, real-time defence in the first minutes of a virus outbreak. Proofpoint Zero-Hour Anti-Virus accurately detects and blocks emerging threats during this critical window of vulnerability."

At the customer`s site, Proofpoint Zero-Hour Anti-Virus analyses incoming messages for similarities with suspected virus messages. Messages and attachments that exhibit recurrent pattern characteristics of the emerging virus are automatically quarantined at the enterprise gateway where they can be held until the availability of a production-ready virus signature.

Proofpoint customers can easily customise their zero-hour anti-virus policies using the Proofpoint Messaging Security Console, a convenient graphical user interface to all Proofpoint policy management, system administration and reporting features. Based on these flexible, customer-configurable policies, messages identified as part of a virus outbreak can be automatically rescanned and cleaned, deleted, released or otherwise disposed of based on the availability of updated virus signatures and other conditions.

Proofpoint Zero-Hour Anti-Virus technology identifies new virus activity and can take preventive action hours before competing "outbreak filters" react. In the case of the recent outbreak of the Lebreat worm (also known as Breatle.A), Proofpoint technology identified the worm`s activity four hours before competing zero-hour solutions started blocking affected attachments and more than 10 hours before many signature-based anti-virus products issued updated signatures.

Additionally, Proofpoint distributed updated signatures to Proofpoint Virus Protection module customers-fully protecting them from the Lebreat worm-more than 30 minutes before competing "early warning" systems even began to respond.

Unlike other virus outbreak solutions, Proofpoint Zero-Hour Anti-Virus accurately detects and quarantines only those messages associated with an emerging virus, without stopping legitimate e-mail. Instead of quarantining all e-mail with attachment types deemed to be dangerous, Proofpoint`s solution temporarily delays only specific messages that are classified as being part of an emerging outbreak. Proofpoint`s techniques result in immediate protection from new viruses with a minimal impact on the normal flow of business e-mail.

The Proofpoint Spam Detection module continues to be enhanced with new techniques developed by scientists and engineers at the Proofpoint Attack Response Center. The unrivalled accuracy of Proofpoint Spam Detection is powered by Proofpoint MLX, a patent-pending machine learning system for content classification and analysis. Continual updates to the Proofpoint MLX engine ensure that Proofpoint customers are always protected from spam with an average of 99% or higher effectiveness and an extremely low rate of false positives.

Recent enhancements to Proofpoint MLX and the Proofpoint Spam Detection module include:

* More than 100 000 new attributes: Proofpoint MLX now examines more than 200 000 structural and content attributes to decisively classify incoming messages as spam or valid e-mail. Proofpoint scientists use the latest machine learning techniques, such as information gain analysis, to ensure that only the most useful attributes are processed by the MLX engine, ensuring the highest levels of performance and accuracy at all times.

* Enhanced reputation analysis: Among the new attributes examined by Proofpoint MLX are reputation scores associated with the IP address of each sender. The Proofpoint Attack Response Center continually examines large volumes of Internet mail, external spam block lists and data from Proofpoint customers to identify IP addresses that are commonly used to send spam. This ever-changing list of spam servers, suspected spam domains, botnet and "zombie" machines is incorporated into MLX engine updates that are automatically delivered to Proofpoint software and appliance deployments.

Combined with the real-time, local reputation data generated by the MLX Dynamic Reputation features of each Proofpoint server and other message attributes, Proofpoint MLX can make intelligent decisions about which messages and connections to block or throttle without the negative performance impact of constant network blocklist (DNSBL) lookups. Proofpoint MLX also uses similar techniques to identify and block malicious URLs contained in spam and phishing messages.

* Obfuscation and randomisation detection: Obfuscation (such as spammers using variant spellings of "Viagra" or camouflaging HTML text) is a very popular strategy that spammers use to deceive spam filters. Proofpoint researches have developed new machine learning techniques that allow Proofpoint MLX to rapidly and accurately identify obfuscated text and differentiate intentional obfuscations from legitimate spelling errors.

The predictive nature of Proofpoint MLX is also highly resistant to randomisation and "hash busting" techniques commonly used by spammers to bypass signature-based spam filters.

* Image-based spam detection: In another attempt to bypass less sophisticated spam filters, an increasing amount of spam is now being sent with the spam "payload" contained in an attached image, sometimes accompanied by randomised text. The latest version of Proofpoint MLX has been enhanced with new algorithms to detect and block image-based spam, which competing solutions cannot accurately catch.

* Multilingual training: As the volume of non-English language spam increases, Proofpoint`s machine learning engine is continually being trained to identify spam in a wide variety of European and Asian languages.

The Proofpoint Zero-Hour Anti-Virus module will be available in the fourth quarter of 2005. Pricing starts at $30 per user per year, depending upon number of mailboxes protected. The Proofpoint Spam Detection module with the latest MLX enhancements is available immediately. Existing Proofpoint Spam Detection customers receive ongoing MLX-powered updates automatically via the Proofpoint Dynamic Update Service, ensuring they are always protected against the latest emerging threats. Pricing ranges from $3 to $40 per user per year depending on number of mailboxes.