Cloudmark solutions set the industry standard for protecting organizations from today's most advanced threats
Cloudmark Sender Intelligence uses real-time data from the Cloudmark Global Threat Network to create accurate, comprehensive sender profiles enabling communications service providers to set informed policies against good, bad and suspect senders.
Cloudmark Sender Intelligence (CSI) is a comprehensive sender monitoring and analysis system that delivers timely and accurate reputation and categorization for different senders across messaging channels. CSI combines real-time data from Cloudmark's Global Threat Network system as well as communications service providers’ own environment to create the industry's most comprehensive sender reputation service. The Global Threat Network monitors traffic from all Cloudmark Authority installations worldwide, representing a significant percentage of messaging traffic.
The data collected from the Cloudmark Global Threat Network consist of user feedback reports, honeypot reports, real-time IP volume statistics, and real-time fingerprint volume statistics. Supplementing the data received from the Global Threat Network system and the service provider environment, Cloudmark’s Security Operations Center (SOC) performs expert analysis and provides additional monitoring and intelligence. Cloudmark Sender Intelligence data can be integrated into network perimeter devices, such as edge mail transfer agents (MTAs), to protect critical messaging infrastructure against spam, phishing, zombies, and today's advanced converged threats. The frequency of updates and the granularity of the data allows for greater flexibility in policy management, contributing to greater accuracy.
Cloudmark Sender Intelligence analyzes traffic patterns, feedback, and fingerprint correlation statistics to establish and adjust sender reputation scores in near real time. In addition, CSI leverages a variety of proprietary sender identification systems and third-party data, to provide additional classifications of senders beyond reputation. Examples of Cloudmark's sender identification systems include Newsletter Sender Logic, which identifies newsletter senders, Mail Forwarders Identification, which identifies public mail forwarders, Dynamic Space Analysis, which verifies that an IP is contained within a service provider's dynamic IP address range, and Local Volumetric Analysis, which determines customer specific recommended rate limits for individual IP addresses.
Most sender reputation services rely primarily on global traffic pattern statistics. While this can be an effective approach for establishing a reputation, it's a reactive approach that introduces latency during which environments are vulnerable to new spam-senders. As attackers grow their botnets and use ever more sophisticated mechanisms to 'fly under the radar' with each spam source by sending very limited numbers of messages from each zombie host, global traffic pattern analysis alone is no longer sufficient.
By combining fingerprint correlation statistics, a data source unique to Cloudmark, along with feedback statistics from users and honeypots, Cloudmark can more rapidly identify spamming senders, as well as good senders, closing the vulnerability gap. This can happen well before any meaningful global traffic pattern statistics emerge. By analyzing the correlation of multiple fingerprints in different messages, both spam and legitimate, CSI proactively and reliably detects suspicious activity during the zero-hour attack phase.
Additionally, utilizing actual traffic data from individual service providers, CSI can establish specific expected traffic pattern for each service provider and detect anomalous behavior both earlier and more accurately than competing solutions. As new traffic pattern statistics are received at Cloudmark, the traffic patterns continue to be updated to ensure the most accurate reputations are derived.
Rapidly and accurately determines sender reputation based on observed and reported behavior. Tracks reputation on true sending source via deep header analysis. Updates with faster frequency and more accurate sender categorization. Crafts granular policies that can be based on the multiple categorizations of senders.
Identifies threats unknown to other reputation systems. Reduces OPEX through efficient enforcement at the edge of the environment.
Detects emerging threats immediately based on proprietary rapid identification of senders with poor reputation. Stores comprehensive sender reputation information in industry standard format covering longer time periods and multiple categories. Streamlines system performance while maintaining rapid response rate for new threats.
Allows dynamic rate limits based on actual behavior specific to each customer. Prevents abuse from new IP addresses with no Cloudmark Sender Intelligence Global reputation. Prevents abuse from unknown senders that have not been identified by any other reputation service.
Message Statistics from Authority installations
End User submissions and Honeypot messages