Postini
 
Request A Demo Get A Free Trial

Aaron Barak
Architect-Global Directory and Messaging Services
Business Objects

"Postini is an enterprise email security solution that enables us to eliminate spam, improve our anti-virus protection, and reduce the cost and complexity of our email system. Spam and email viruses are manageable because we don't have to manage it ourselves anymore."
More
 
 
Partners

Postini Threat Identification Network™ (PTIN)

The Postini Threat Identification Network™ (PTIN) is a comprehensive, real-time information service that identifies malicious computers that have recently launched email attacks (viruses, phishing, spam, directory harvests). PTIN has been designed to be embedded in network equipment to provide network layer security, accessed by ISPs that want to stop spammers from hijacking their networks, and accessed by email accreditors and certification agencies that want clear, objective data about their clients.

PTIN Features and Benefits

  • Based on Actual Behavior
    PTIN data is updated several times per minute by Postini's proprietary Traffic Monitor process, so PTIN's repository of malicious computers, identified and tracked by their IP addresses, is always up to date. At any given time, PTIN contains threat information for approximately 40,000 suspicious computers. Computers listed in PTIN have been observed sending unwanted email in the past few hours. PTIN data is based on the 1 billion SMTP connections that Postini processes every day for its 35,000 managed service customers. Unlike reputation systems, senders cannot self-certify their “good” reputation, thus bypassing defenses.

  • Completely Objective
    PTIN is based on a completely objective evaluation of the behavior of sending computers, tracking and evaluating more than 20 aspects of every SMTP connection processed by Postini. This means PTIN has none of the manual submission and subjective human review that plagues RBLs.

  • Truly Real-Time
    PTIN is real-time, with data updated by Postini every few seconds, unlike RBLs whose manual submission process can take hours or days to block an offending computer, and weeks or months to unblock. In a world where most unwanted email comes from “spam zombies” (PCs that have been compromised by viruses), this kind of latency in unacceptable. A PC can go from well-behaved, to malicious, and back to well-behaved again in a matter of minutes, so any system designed to track offending computers must be similarly dynamic in its data collection and updating.

  • Flexible
    PTIN's database contains detailed offense scores, rather than the simplistic deny/allow entries found in RBLs. This allows customers to set their own thresholds for how to handle offending computers. This granular scoring lets customers choose different actions – drop, block, redirect, throttle, black hole, quarantine or deliver – based on their preferences.

Three Ways to Use PTIN

1. PTIN Access
PTIN Access is designed to be embedded in network devices like routers and mail transfer agents, or in security software and appliances. PTIN Access can be integrated by the original equipment manufacturer, or by the customer. The source IP address of inbound traffic can be immediately checked against PTIN to determine if the packets should be routed or dropped. PTIN data can be accessed three ways:

  • BGP – PTIN data can be distributed to network devices over BGP (border gateway protocol), and offending source IPs routed to null routes.
  • DNS – Network devices can make real time queries of PTIN using DNS (domain name system) calls.
  • Text files – PTIN data can periodically downloaded as flat file lists of IP addresses and scores.

2. PTIN Monitor
PTIN Monitor is aimed at ISPs that want to know if they have offending computers on their networks sending junk email. ISPs periodically receive updates from Postini of the offending IP addresses that belong to the ISP. This allows ISPs to actively identify problems like spammers on their networks, or subscriber PCs that have been converted into spam zombies by viruses.

3. PTIN Query
PTIN Query is designed for email accreditors and certification agencies that want to verify the legitimacy of their clients, by establishing that the client has never been listed in PTIN as having offending computers. Client IP addresses are entered into a web interface for immediate feedback on their prior history.

Learn More About PTIN
To find out more about Postini Threat Identification Network services, click here to download the datasheet or contact Postini business development at 650-486-8249, or email ptin@postini.com.
© Copyright 2008 Google
Legal and Patent Notices | Privacy Statement | Security Statement | Acceptable Use Policy | Sitemap
Google, the Google logo, Google Message Filtering, Google Message Security, Google Message Discovery, Postini, the Postini logo, Postini Perimeter Manager, Postini Threat Identification Network (PTIN), Postini Industry Heuristics, and PREEMPT are trademarks, registered trademarks, or service marks of Google, Inc. All other trademarks are the property of their respective owners.