January 29, 2019 Protecting Against Advanced Email Threats Slides/Protecting-Advanced... · Binary...
Transcript of January 29, 2019 Protecting Against Advanced Email Threats Slides/Protecting-Advanced... · Binary...
January 29, 2019
Protecting Against Advanced Email ThreatsBeyond the Nigerian Prince Scam
2
“Phishing” is Many Things, Not One
> Requires different tools / strategies to combat
> Constantly evolving attack patterns easily bypass threat intel-based defenses
>Most dangerous:ѱ Impersonationsѱ Business Services spoofingѱ Credential Theft
Copyright © 2019 GreatHorn
3
Common Characteristics of a Phishing Email
Trusted Sender
Urgency
Response Required
Copyright © 2019 GreatHorn
Copyright © 2019 GreatHorn - GreatHorn Confidential 4
Sophisticated Attacks Look Real
1 in 25 people click on any given phishing attack
5
Phishing Tactics & Countermeasures
Technical Tactics
> Display name spoof
> Email address spoof
> Branding
> Domain look-alikes
> URL obfuscation
Countermeasures> Check authentication
> Verify sending email addresses against known email addresses
> Review header dataѱ Reply toѱ Return Pathѱ IP Addressѱ Sending Domain
> Confirm destination URLs
Challenge: Users can’t / won’t review email metadata
Copyright © 2019 GreatHorn
Threat Intelligence
Prescriptive Policies
Strict Authentication
Legacy Phishing Defenses Are Unrealistic
Incoming Email Inbox
Trash
Copyright © 2019 GreatHorn - GreatHorn Confidential 6
Copyright © 2019 GreatHorn 7
Defense In Depth Hides Legacy Email Security Failings
Security Awareness training
Binary Good/Bad Email Security
Endpoint Tools
Multi-Factor Authentication
Tools that prevent attack or engagement with attack
Web Application Firewall
Threat Intel Email Security
Tools that reduce impact of an engaged attack
Today's Threats Bypass Legacy Email Security
1 in 5security professionals
have to take direct remediation action at least weekly
8Copyright © 2019 GreatHorn - GreatHorn Confidential
1 in
25people click on any given phishing attack
Copyright © 2019 GreatHorn 9
Email Security Failings Have Become More Prominent
Security Awareness training
Binary Good/Bad Email Security
Endpoint Tools
Multi-Factor Authentication
Web Application Firewall
Threat Intel Email Security
Tools that prevent attack or engagement with attack
Tools that reduce impact of an engaged attack
End Users are Not the "Weakest Link"
Legacy Way
Modern Approach
>Mitigate user risk (Quarantine, quarantine, quarantine)
> Provide end users with the context and tools they need to positively contribute to email security efforts
So...What Can We Do?
Practical Approaches to Stop Phishing
Copyright © 2018 GreatHorn - GreatHorn Confidential 11
Processes
Technology
People
Copyright © 2019 GreatHorn 12
Email Security Lifecycle is More Than Just Tech
13
Evaluate Business Processes with Phishing in Mind
Copyright © 2019 GreatHorn
Work with high risk teams to minimize risk
Develop internal communication processes for sharing incident information
Finance – How are wire transfers authorized?
HR / Execs – How do different classes of confidential information get communicated?
How do executive teams communicate urgent requests?
Who has access to what data? Who has access to which systems?
Protects against phishing attacks that target financial risk & information theft
Copyright © 2019 GreatHorn - GreatHorn Confidential 14
15
Engage End Users at Point of Risk
Copyright © 2019 GreatHorn
Ensure that security controls balance risk and business agility
Provide accessible tools for users to easily judge email authenticity
Invest in context-based tools to reinforce business processes and security hygiene habits
Develop program for users to participate in security improvements – phish reporting, etc.
Automate integration of user feedback email security
Protects against social engineering techniques
Copyright © 2019 GreatHorn - GreatHorn Confidential 16
Provide Users with Context to Make Better Decisions
17
Technology as Both Enablement and Enforcement
Copyright © 2019 GreatHorn
Assess existing threat detection tools against phishing threats
Is multi-factor authentication enabled across all apps?
Provide users real-time security context within email
Implement a feedback mechanism to determine effectiveness / accuracy of email security
Evaluate existing incident response processes / tools against ideal time-to-remediation goals
Align technology capabilities against business process / user feedback needs
Determine whether customizations are required to meet your organization’s risk profile / tolerance
Protects against phishing and enforces other areas
Copyright © 2018 GreatHorn - GreatHorn Confidential 18
Use Technology to Simplify Manual Tasks
A Comprehensive Approach
People
Business Process
Technology
Copyright © 2019 GreatHorn 20
Next Steps
> Evaluate your risk against biggest threatsѱ Which tactics / goals make you most vulnerable?
> Prioritize core areas (brand reputation, business process, people, technology) based on analysis
> Create an integrated plan for each risk areaѱ E.g. Protecting against wire transfer fraud involves:
− Business process changes
− User training
− Making DMARC / authentication / header data accessible / understandable to end users− Contextualized warnings
GreatHorn simplifies email security by automating threat detection, defense, and incident response.Security teams using GreatHorn not only gain enterprise-class protection against both sophisticated phishing attacks and traditional threats, they also reduce complexity, manual remediation time, and negative impact on business operations.
Copyright © 2019 GreatHorn - GreatHorn Confidential 21
Questions?
Copyright © 2019 GreatHorn - GreatHorn Confidential 22