IronPort OS Gets Encryption Update

Cisco Systems’ IronPort division is perhaps best known for its anti-spam e-mail
appliances and technologies. But it wants to be known for more.

That might happen with the new encryption and data-loss prevention (DLP) features it’s rolling out in its new AsyncOS operating system 5.5 release. The
AsyncOS operating system powers IronPort’s e-mail security appliances.

“This is data-loss prevention made easy,” Nick Edwards, project manager for
IronPort, told It takes advantage of investments customers have made in their anti-spam infrastructures and gives them really good tools for data-loss prevention.

Edwards added that AsyncOS started from a FreeBSD kernel on which
IronPort developed its own proprietary MTA (mail transfer agent) and other

Among the key enhancements in AsyncOS 5.5 is full e-mail encryption. Edwards
explained that all encryption takes place at the gateway of the sending
organization and can be done by policy.

Once an outbound message has hit
the server, an e-mail message is sent to the recipient that
says they have a secure message waiting for them and if they go to a specific Web site login, they can retrieve it.

“It provides for a universal approach for deploying encryption without the
need for some kind of end-to-end compatibility,” Edwards said. “It takes
complexity off the table and makes deployment easier.”

According to Edwards, the fact that a recipient has to click on a link and
go to a Web site to see their encrypted mail has not had any push back from

The new AsyncOS release also helps users more easily tag and identify
e-mail that should not be leaving the enterprise. Called “smart identifiers,” they help to identify content, such
as Social Security and credit-card numbers that should not be in outbound

Edwards noted that IronPort had the ability to do custom filters
prior to this release, but customers had to do a lot more manual lifting.
Smart identifiers are intended to be as easy as point and click.

“The reason why it’s called smart identifiers and not just identifiers is
we’ve introduced logic to allow the platform to understand what it’s looking
at,” Edwards explained.

Though the new AsyncOS adds features, existing users shouldn’t necessarily
expect that it will improve the performance of their e-mail security
appliance. Edwards described the performance as “flat” for existing
customers for the features they’re already using.

“But if someone is going to deploy encryption, which is pretty CPU intensive,
it depends on their rollout and how much mail they will encrypt,” Edwards
said. “We’re not in the business of promising customers that they’ll never
experience a performance decline, but we are committed to giving them parity
for their existing feature set release to release.”

The release is the first made by IronPort since being acquired by Cisco earlier this year for $830 million. Though it’s still relatively
early in the integration, Edwards noted that there are a lot of interesting
opportunities for IronPort to interoperate with Cisco.

“Cisco has a ton of products all across the network infrastructure and
many look interesting to us to deploy our security technology on.”

News Around the Web