January 29, 2019

Protecting Against Advanced Email ThreatsBeyond the Nigerian Prince Scam

2

“Phishing” is Many Things, Not One

＞ Requires different tools / strategies to combat

＞ Constantly evolving attack patterns easily bypass threat intel-based defenses

＞Most dangerous:ѱ Impersonationsѱ Business Services spoofingѱ Credential Theft

Copyright © 2019 GreatHorn

3

Common Characteristics of a Phishing Email

Trusted Sender

Urgency

Response Required

Copyright © 2019 GreatHorn

Copyright © 2019 GreatHorn - GreatHorn Confidential 4

Sophisticated Attacks Look Real

1 in 25 people click on any given phishing attack

5

Phishing Tactics & Countermeasures

Technical Tactics

＞ Display name spoof

＞ Email address spoof

＞ Branding

＞ Domain look-alikes

＞ URL obfuscation

Countermeasures＞ Check authentication

＞ Verify sending email addresses against known email addresses

＞ Review header dataѱ Reply toѱ Return Pathѱ IP Addressѱ Sending Domain

＞ Confirm destination URLs

Challenge: Users can’t / won’t review email metadata

Copyright © 2019 GreatHorn

Threat Intelligence

Prescriptive Policies

Strict Authentication

Legacy Phishing Defenses Are Unrealistic

Incoming Email Inbox

Trash

Copyright © 2019 GreatHorn - GreatHorn Confidential 6

Copyright © 2019 GreatHorn 7

Defense In Depth Hides Legacy Email Security Failings

Security Awareness training

Binary Good/Bad Email Security

Endpoint Tools

Multi-Factor Authentication

Tools that prevent attack or engagement with attack

Web Application Firewall

Threat Intel Email Security

Tools that reduce impact of an engaged attack

Today's Threats Bypass Legacy Email Security

1 in 5security professionals

have to take direct remediation action at least weekly

8Copyright © 2019 GreatHorn - GreatHorn Confidential

1 in

25people click on any given phishing attack

Copyright © 2019 GreatHorn 9

Email Security Failings Have Become More Prominent

Security Awareness training

Binary Good/Bad Email Security

Endpoint Tools

Multi-Factor Authentication

Web Application Firewall

Threat Intel Email Security

Tools that prevent attack or engagement with attack

Tools that reduce impact of an engaged attack

End Users are Not the "Weakest Link"

Legacy Way

Modern Approach

＞Mitigate user risk (Quarantine, quarantine, quarantine)

＞ Provide end users with the context and tools they need to positively contribute to email security efforts

So...What Can We Do?

Practical Approaches to Stop Phishing

Copyright © 2018 GreatHorn - GreatHorn Confidential 11

Processes

Technology

People

Copyright © 2019 GreatHorn 12

Email Security Lifecycle is More Than Just Tech

13

Evaluate Business Processes with Phishing in Mind

Copyright © 2019 GreatHorn

Work with high risk teams to minimize risk

Develop internal communication processes for sharing incident information

Finance – How are wire transfers authorized?

HR / Execs – How do different classes of confidential information get communicated?

How do executive teams communicate urgent requests?

Who has access to what data? Who has access to which systems?

Protects against phishing attacks that target financial risk & information theft

Copyright © 2019 GreatHorn - GreatHorn Confidential 14

15

Engage End Users at Point of Risk

Copyright © 2019 GreatHorn

Ensure that security controls balance risk and business agility

Provide accessible tools for users to easily judge email authenticity

Invest in context-based tools to reinforce business processes and security hygiene habits

Develop program for users to participate in security improvements – phish reporting, etc.

Automate integration of user feedback email security

Protects against social engineering techniques

Copyright © 2019 GreatHorn - GreatHorn Confidential 16

Provide Users with Context to Make Better Decisions

17

Technology as Both Enablement and Enforcement

Copyright © 2019 GreatHorn

Assess existing threat detection tools against phishing threats

Is multi-factor authentication enabled across all apps?

Provide users real-time security context within email

Implement a feedback mechanism to determine effectiveness / accuracy of email security

Evaluate existing incident response processes / tools against ideal time-to-remediation goals

Align technology capabilities against business process / user feedback needs

Determine whether customizations are required to meet your organization’s risk profile / tolerance

Protects against phishing and enforces other areas

Copyright © 2018 GreatHorn - GreatHorn Confidential 18

Use Technology to Simplify Manual Tasks

A Comprehensive Approach

People

Business Process

Technology

Copyright © 2019 GreatHorn 20

Next Steps

＞ Evaluate your risk against biggest threatsѱ Which tactics / goals make you most vulnerable?

＞ Prioritize core areas (brand reputation, business process, people, technology) based on analysis

＞ Create an integrated plan for each risk areaѱ E.g. Protecting against wire transfer fraud involves:

− Business process changes

− User training

− Making DMARC / authentication / header data accessible / understandable to end users− Contextualized warnings

GreatHorn simplifies email security by automating threat detection, defense, and incident response.Security teams using GreatHorn not only gain enterprise-class protection against both sophisticated phishing attacks and traditional threats, they also reduce complexity, manual remediation time, and negative impact on business operations.

Copyright © 2019 GreatHorn - GreatHorn Confidential 21

Questions?

Copyright © 2019 GreatHorn - GreatHorn Confidential 22