Cloudmark Sender Intelligence

Cloudmark Sender Intelligence uses real-time data from the Cloudmark Global Threat Network to create accurate, comprehensive sender profiles enabling communications service providers to set informed policies against good, bad and suspect senders.

Highly Accurate Sender Reputation Data to Improve Messaging Security

Cloudmark Sender Intelligence (CSI) is a comprehensive sender monitoring and analysis system that delivers timely and accurate reputation and categorization for different senders across messaging channels. CSI combines real-time data from Cloudmark's Global Threat Network system as well as communications service providers’ own environment to create the industry's most comprehensive sender reputation service. The Global Threat Network monitors traffic from all Cloudmark Authority installations worldwide, representing a significant percentage of messaging traffic.

The data collected from the Cloudmark Global Threat Network consist of user feedback reports, honeypot reports, real-time IP volume statistics, and real-time fingerprint volume statistics. Supplementing the data received from the Global Threat Network system and the service provider environment, Cloudmark’s Security Operations Center (SOC) performs expert analysis and provides additional monitoring and intelligence. Cloudmark Sender Intelligence data can be integrated into network perimeter devices, such as edge mail transfer agents (MTAs), to protect critical messaging infrastructure against spam, phishing, zombies, and today's advanced converged threats. The frequency of updates and the granularity of the data allows for greater flexibility in policy management, contributing to greater accuracy.

Sophisticated Data Analysis Engine

Cloudmark Sender Intelligence analyzes traffic patterns, feedback, and fingerprint correlation statistics to establish and adjust sender reputation scores in near real time. In addition, CSI leverages a variety of proprietary sender identification systems and third-party data, to provide additional classifications of senders beyond reputation. Examples of Cloudmark's sender identification systems include Newsletter Sender Logic, which identifies newsletter senders, Mail Forwarders Identification, which identifies public mail forwarders, Dynamic Space Analysis, which verifies that an IP is contained within a service provider's dynamic IP address range, and Local Volumetric Analysis, which determines customer specific recommended rate limits for individual IP addresses.

Faster and More Accurate Sender Categorization

Most sender reputation services rely primarily on global traffic pattern statistics. While this can be an effective approach for establishing a reputation, it's a reactive approach that introduces latency during which environments are vulnerable to new spam-senders. As attackers grow their botnets and use ever more sophisticated mechanisms to 'fly under the radar' with each spam source by sending very limited numbers of messages from each zombie host, global traffic pattern analysis alone is no longer sufficient.

By combining fingerprint correlation statistics, a data source unique to Cloudmark, along with feedback statistics from users and honeypots, Cloudmark can more rapidly identify spamming senders, as well as good senders, closing the vulnerability gap. This can happen well before any meaningful global traffic pattern statistics emerge. By analyzing the correlation of multiple fingerprints in different messages, both spam and legitimate, CSI proactively and reliably detects suspicious activity during the zero-hour attack phase.

Additionally, utilizing actual traffic data from individual service providers, CSI can establish specific expected traffic pattern for each service provider and detect anomalous behavior both earlier and more accurately than competing solutions. As new traffic pattern statistics are received at Cloudmark, the traffic patterns continue to be updated to ensure the most accurate reputations are derived.

Features and Benefits

  • Global Data Source & Sophisticated Data Analysis Engine

    Rapidly and accurately determines sender reputation based on observed and reported behavior. Tracks reputation on true sending source via deep header analysis. Updates with faster frequency and more accurate sender categorization. Crafts granular policies can based on the multiple categorizations of senders.

  • Industry-Leading Accuracy

    Identifies threats unknown to other reputation systems. Reduces OPEX through efficient enforcement at the edge of the environment.

  • Multiple Reputation Data Delivery Methods

    Detects emerging threats immediately based on proprietary rapid identification of senders with poor reputation. Stores comprehensive sender reputation information in industry standard format covering longer time periods and multiple categories. Streamlines system performance while maintaining rapid response rate for new threats.

  • Localized Traffic Pattern Analysis

    Allows dynamic rate limits based on actual behavior specific to each customer. Prevents abuse from new IP addresses with no Cloudmark Sender Intelligence Global reputation. Prevents abuse from unknown senders that have not been identified by any other reputation service.

How it Works

Collect

Message Statistics from Authority installations

  • 120+ operators worldwide
  • Installations across email, mobile and SMS environments
  • Tens of billions of messages processed a day
  • Hundreds of millions of subscribers protected

End User submissions and Honeypot messages

  • Tens of millions daily

Analyze

  • Automated analysis based on sender message pattern and content characteristics
  • Correlation of sending pattern with content fingerprints
  • Automated analysis of sender characteristics
  • Expert analysis of sender identity and sending behavior
  • Identification of spam campaign and spam message characteristics
  • Develop reputation and categorization for senders

Publish

  • Microupdate occurs every 15 seconds
  • Data feed update every 5 minutes
  • Retain data for a rolling window with a duration that is optimized for performance, with minimal impact to accuracy

Enforce

  • Operator-defined policies that take action based on reputation delivered by CSI
  • Recommended action
    • Block for poor reputation sender
    • Throttle for suspect reputation sender
    • Do not block for known mail forwarders, this is used to negate potential FP with traditional DNSBL

Remediate

  • Automated remediation to expedite correction of misidentified reputation
  • Expert analysis and in-depth investigation for questionable requests
Site Map  •  Privacy Policy  •  ©2002–2014 Cloudmark, Inc.