The company's Threat Operations Center analysts are on duty 24x7 and use automated tools to review complex real time and historic e-mail traffic patterns in order to discover new threats and track e-mail traffic trends. The center's automatically generated alerts are verified by the analysts before updates are issued to IronPort e-mail security appliances. Users can view the Threat Operations Center Reports can be viewed at www.ironport.com/press/toc.html.
Users of the Threat Operations Center Reports can sign up for alerts which will create e-mail messages to them when new spam or virus outbreaks are detected. They can also have their own reputations rated by IronPort.
The Threat Operations Center is fed by many sources, but the most important one is IronPort SenderBase Reputation Service. This publicly available data base rates e-mail senders and scores their reputation given their history of sending spam or other malware. The score is generated based on 50 different parameters, and is fed by IronPort's network of e-mail security appliances at some 75,000 networks. The data base is available at www.senderbase.org.
In addition, IronPort Virus Outbreak Filters are an important source of information that is fed into the Threat Operations Center, and ultimately into the reports. E-mail streams suspected by IronPort appliances of containing viruses because of the way they behave are set aside while virus analysis is performed on their content. Similarly, spam attacks detected by IronPort's Outbound e-mail filtering capability are also fed into the Threat Operations Center.