THINKING DIFFERENTLY: PROTECTING YOUR EMPLOYEES, CUSTOMERS ... · 1 #ISMGSummits THINKING...

31
#ISMGSummits 1 THINKING DIFFERENTLY : PROTECTING YOUR EMPLOYEES, CUSTOMERS AND THE SUPPLY CHAIN THROUGH DMARC ENFORCEMENT Denis Ryan Sr. Director, Email Fraud Defense BU

Transcript of THINKING DIFFERENTLY: PROTECTING YOUR EMPLOYEES, CUSTOMERS ... · 1 #ISMGSummits THINKING...

Page 1: THINKING DIFFERENTLY: PROTECTING YOUR EMPLOYEES, CUSTOMERS ... · 1 #ISMGSummits THINKING DIFFERENTLY: PROTECTING YOUR EMPLOYEES, CUSTOMERS AND THE SUPPLY CHAIN THROUGH DMARC ENFORCEMENT

#ISMGSummits1

THINKING DIFFERENTLY: PROTECTING YOUR EMPLOYEES, CUSTOMERS AND THE SUPPLY CHAIN THROUGH DMARC ENFORCEMENT

Denis Ryan

Sr. Director, Email Fraud Defense BU

Page 2: THINKING DIFFERENTLY: PROTECTING YOUR EMPLOYEES, CUSTOMERS ... · 1 #ISMGSummits THINKING DIFFERENTLY: PROTECTING YOUR EMPLOYEES, CUSTOMERS AND THE SUPPLY CHAIN THROUGH DMARC ENFORCEMENT

2 © 2018 Proofpoint, Inc.CONFIDENTIAL

Proofpoint At-A-GlanceLEADING CUSTOMERS

60%+of the

Fortune 100

6,400+enterprisecustomers

50,000+total customers

5-10B+messages

processed daily

3Leaders’ Quadrants in Gartner research

#1fastest growing

public company in cybersecurity over

the past 3 years strategic ecosystem

integrations

#1effectiveness rate

against email threats, proven consistently against competing

products 500B+ node threat

graph

300K+daily malware

samples100+world’s largest SPs

DEEP SECURITY DNA UNIQUE VISIBILITY ENTERPRISE CLASS

Page 3: THINKING DIFFERENTLY: PROTECTING YOUR EMPLOYEES, CUSTOMERS ... · 1 #ISMGSummits THINKING DIFFERENTLY: PROTECTING YOUR EMPLOYEES, CUSTOMERS AND THE SUPPLY CHAIN THROUGH DMARC ENFORCEMENT

3 © 2018 Proofpoint, Inc.CONFIDENTIAL

$12.5B+

78,617Incidents worldwide

Direct losses worldwide(Oct 2013 – May 2018)

Source: FBI

99%+Rely on user to run

malicious code

2/3Malicious links are credential

phishingSource: Gartner Survey “Implementing Office 365”

“Email is the most important Office 365

service”

Hybrid integration is important… but also

large source of technical problems

Email fraud is aboard-level issue

Shift to cloud creates new threat vectors,

data exposure

Threats use social engineering, not vulnerabilities

Attacks Increasingly Target People, Not Infrastructure

Page 4: THINKING DIFFERENTLY: PROTECTING YOUR EMPLOYEES, CUSTOMERS ... · 1 #ISMGSummits THINKING DIFFERENTLY: PROTECTING YOUR EMPLOYEES, CUSTOMERS AND THE SUPPLY CHAIN THROUGH DMARC ENFORCEMENT

4 © 2018 Proofpoint, Inc.CONFIDENTIAL

Which is Easier to Fool?

2015 - present1995 - 2015Dawn of time - 1995

Human Computer Human

Page 5: THINKING DIFFERENTLY: PROTECTING YOUR EMPLOYEES, CUSTOMERS ... · 1 #ISMGSummits THINKING DIFFERENTLY: PROTECTING YOUR EMPLOYEES, CUSTOMERS AND THE SUPPLY CHAIN THROUGH DMARC ENFORCEMENT

5 © 2018 Proofpoint, Inc.CONFIDENTIAL

Attack VectorsIT Security Spending

Source: 2018 Verizon DBIRSource: Gartner (2017 forecast)

Network62%

Endpoint18%

Email 8%

Web 12%

93%all breaches are attacks

targeting people, 96% via email

Defenders Don’t Focus on People, Attackers Do

Page 6: THINKING DIFFERENTLY: PROTECTING YOUR EMPLOYEES, CUSTOMERS ... · 1 #ISMGSummits THINKING DIFFERENTLY: PROTECTING YOUR EMPLOYEES, CUSTOMERS AND THE SUPPLY CHAIN THROUGH DMARC ENFORCEMENT

6 © 2018 Proofpoint, Inc.CONFIDENTIAL

The Defender’s POV

DMZ Internal vLANs

File Shares

DatabasesWeb Servers

App and Email Servers

PCs / Printers

InternetInternet

O365?

Page 7: THINKING DIFFERENTLY: PROTECTING YOUR EMPLOYEES, CUSTOMERS ... · 1 #ISMGSummits THINKING DIFFERENTLY: PROTECTING YOUR EMPLOYEES, CUSTOMERS AND THE SUPPLY CHAIN THROUGH DMARC ENFORCEMENT

7 © 2018 Proofpoint, Inc.CONFIDENTIAL

The Attacker’s POV

Laurie Bream • 2nd Financial Advisor at Bank Co500+ connections

[email protected]

Jack Barker Executive at Bank Co500+ connections

[email protected]

Richard Hendricks • 3rd Senior System Administrator

[email protected]

Page 8: THINKING DIFFERENTLY: PROTECTING YOUR EMPLOYEES, CUSTOMERS ... · 1 #ISMGSummits THINKING DIFFERENTLY: PROTECTING YOUR EMPLOYEES, CUSTOMERS AND THE SUPPLY CHAIN THROUGH DMARC ENFORCEMENT

8 © 2018 Proofpoint, Inc.CONFIDENTIAL

Receive highly targeted, very sophisticated, or high volumes of attacks

Clicks on malicious content, fails awareness training, or uses risky

devices/cloud services

Can access or manage critical systems or sensitive data

Who Are Your Very Attacked People (VAPs)?

Access to Valuable DataWork in High Risk Ways

Targeted by Threats

Attack

Vulnerability Privilege

VAPs

Page 9: THINKING DIFFERENTLY: PROTECTING YOUR EMPLOYEES, CUSTOMERS ... · 1 #ISMGSummits THINKING DIFFERENTLY: PROTECTING YOUR EMPLOYEES, CUSTOMERS AND THE SUPPLY CHAIN THROUGH DMARC ENFORCEMENT

9 © 2018 Proofpoint, Inc.CONFIDENTIAL

VAP View: Transportation CompanyAdmin asst

Operations Mgr

Maintenance & reliability Mgr

CEO

Legal counsel

Engineering Mgr

Medical officer

Pilot

Are these users trained to recognize threats?

Have their accounts been compromised?

Page 10: THINKING DIFFERENTLY: PROTECTING YOUR EMPLOYEES, CUSTOMERS ... · 1 #ISMGSummits THINKING DIFFERENTLY: PROTECTING YOUR EMPLOYEES, CUSTOMERS AND THE SUPPLY CHAIN THROUGH DMARC ENFORCEMENT

10 © 2018 Proofpoint, Inc.CONFIDENTIAL

INFORMATION PROTECTION

USER PROTECTION

THREATPROTECTION

PREVENT

Simulate Attacks + Train

Detect Compromised Accounts

Stop Email Fraud

DEFEND

Isolate Web Browsing

Protect Data Access

Stop Email + Cloud Threats

RESPOND

Train Targeted Users

Stop Data Loss

Orchestrate Response

Enterprises Need A People-Centric Approach

Page 11: THINKING DIFFERENTLY: PROTECTING YOUR EMPLOYEES, CUSTOMERS ... · 1 #ISMGSummits THINKING DIFFERENTLY: PROTECTING YOUR EMPLOYEES, CUSTOMERS AND THE SUPPLY CHAIN THROUGH DMARC ENFORCEMENT

Email FraudThe multi-billion dollar problem

Page 12: THINKING DIFFERENTLY: PROTECTING YOUR EMPLOYEES, CUSTOMERS ... · 1 #ISMGSummits THINKING DIFFERENTLY: PROTECTING YOUR EMPLOYEES, CUSTOMERS AND THE SUPPLY CHAIN THROUGH DMARC ENFORCEMENT

12 © 2018 Proofpoint, Inc.

Border Control: Identity & Security Screening

Page 13: THINKING DIFFERENTLY: PROTECTING YOUR EMPLOYEES, CUSTOMERS ... · 1 #ISMGSummits THINKING DIFFERENTLY: PROTECTING YOUR EMPLOYEES, CUSTOMERS AND THE SUPPLY CHAIN THROUGH DMARC ENFORCEMENT

13 © 2018 Proofpoint, Inc.CONFIDENTIAL

Email Fraud Impacts EmployeesEMPLOYEES CUSTOMERS PARTNERS

“Xoom Corp. CFO Resigns After Fraudsters

Steal $30.8M in Corporate Cash”

- Business Times

Xoom Corporation

Page 14: THINKING DIFFERENTLY: PROTECTING YOUR EMPLOYEES, CUSTOMERS ... · 1 #ISMGSummits THINKING DIFFERENTLY: PROTECTING YOUR EMPLOYEES, CUSTOMERS AND THE SUPPLY CHAIN THROUGH DMARC ENFORCEMENT

14 © 2018 Proofpoint, Inc.CONFIDENTIAL

Email Fraud Impacts CustomersEMPLOYEES CUSTOMERS PARTNERS

“I thought I’d bought my first home, but I lost

£67,000 in a conveyancing scam”

- The Guardian

Howard Mollett, charity worker

Page 15: THINKING DIFFERENTLY: PROTECTING YOUR EMPLOYEES, CUSTOMERS ... · 1 #ISMGSummits THINKING DIFFERENTLY: PROTECTING YOUR EMPLOYEES, CUSTOMERS AND THE SUPPLY CHAIN THROUGH DMARC ENFORCEMENT

15 © 2018 Proofpoint, Inc.CONFIDENTIAL

Email Fraud Impacts PartnersEMPLOYEES CUSTOMERS PARTNERS

Stefan De Vrij, Lazio FC

“ Football club Lazio FC loses €2 million by falling

foul of phishing scam”- IT Pro

Page 16: THINKING DIFFERENTLY: PROTECTING YOUR EMPLOYEES, CUSTOMERS ... · 1 #ISMGSummits THINKING DIFFERENTLY: PROTECTING YOUR EMPLOYEES, CUSTOMERS AND THE SUPPLY CHAIN THROUGH DMARC ENFORCEMENT

16 © 2018 Proofpoint, Inc.CONFIDENTIAL

Email Fraud is Growing, Widespread, and Impactful

$12.5B 103% 78,617 150In losses due to BEC and EAC scams since

the FBI started tracking

YoY increase in the number of email fraud

attacks since 2017

Of organizations impacted by email fraud

worldwide

Countries – including all 50 states – impacted by

email fraud

(FBI) (FBI) (FBI)(Proofpoint)

Page 17: THINKING DIFFERENTLY: PROTECTING YOUR EMPLOYEES, CUSTOMERS ... · 1 #ISMGSummits THINKING DIFFERENTLY: PROTECTING YOUR EMPLOYEES, CUSTOMERS AND THE SUPPLY CHAIN THROUGH DMARC ENFORCEMENT

17 © 2018 Proofpoint, Inc.CONFIDENTIAL

Proofpoint Research Slides with 2018 Data

All Organizations– Large and Small All Industries All Functions

25%

13%

8%

5%

47%CFO

HR

FINANCE

PAYROLL

COO

Source: Proofpoint Threat Research

VERTICAL 2018-Q2Real Estate 67Biotechnology/Medical Devices 57Consulting 52Construction 50Telecommunications 46Energy/Utilities 42Technology 42Retail 41Entertainment/Media 41Engineering 40Pharmaceutical 40

Average BEC attack per company targeted

Page 18: THINKING DIFFERENTLY: PROTECTING YOUR EMPLOYEES, CUSTOMERS ... · 1 #ISMGSummits THINKING DIFFERENTLY: PROTECTING YOUR EMPLOYEES, CUSTOMERS AND THE SUPPLY CHAIN THROUGH DMARC ENFORCEMENT

18 © 2018 Proofpoint, Inc.CONFIDENTIAL

Fraudsters Use Multiple Tactics

DOMAIN SPOOFING

proofpoint.com

DISPLAY NAME SPOOFING

<Gary Steele>

LOOK-ALIKE DOMAIN

proofpoirt.com

% of customers targeted by BEC tactic

69%

15%

92%

Page 19: THINKING DIFFERENTLY: PROTECTING YOUR EMPLOYEES, CUSTOMERS ... · 1 #ISMGSummits THINKING DIFFERENTLY: PROTECTING YOUR EMPLOYEES, CUSTOMERS AND THE SUPPLY CHAIN THROUGH DMARC ENFORCEMENT

19 © 2018 Proofpoint, Inc.

Email Fraud: STOP ATTACKERS’ KEY TACTICS

Domain spoofing

Look alike domain

Display name spoofingOther brand

impersonation

Domain Monitoring

EmailAuthentication

Email Gateway:Policy and ML Classifier

Brand impersonation email threat data

proofpoint.com

proofpoirt.com

Gary Steele <[email protected]>

Internal Threats

External Threats

EmailAuthentication

Domain Monitoring

Page 20: THINKING DIFFERENTLY: PROTECTING YOUR EMPLOYEES, CUSTOMERS ... · 1 #ISMGSummits THINKING DIFFERENTLY: PROTECTING YOUR EMPLOYEES, CUSTOMERS AND THE SUPPLY CHAIN THROUGH DMARC ENFORCEMENT

20 © 2018 Proofpoint, Inc.CONFIDENTIAL

Multiple Stakeholders Targeted

EMPLOYEES

Business email compromise or BEC Consumer phishing Supply chain spoofing

PARTNERSCUSTOMERS

Page 21: THINKING DIFFERENTLY: PROTECTING YOUR EMPLOYEES, CUSTOMERS ... · 1 #ISMGSummits THINKING DIFFERENTLY: PROTECTING YOUR EMPLOYEES, CUSTOMERS AND THE SUPPLY CHAIN THROUGH DMARC ENFORCEMENT

21 © 2018 Proofpoint, Inc.CONFIDENTIAL

Full Control Against All Fraud Tactics

Domain Spoofing Look-alike Domain Display NameSpoofing

Domain Monitoring

EmailAuthentication

Machine Learning Classifier & Policy

proofpoint.com proofpoirt.com <Gary Steele>

Page 22: THINKING DIFFERENTLY: PROTECTING YOUR EMPLOYEES, CUSTOMERS ... · 1 #ISMGSummits THINKING DIFFERENTLY: PROTECTING YOUR EMPLOYEES, CUSTOMERS AND THE SUPPLY CHAIN THROUGH DMARC ENFORCEMENT

The Ideal Solution360 degree protection for a 360 degree problem

Page 23: THINKING DIFFERENTLY: PROTECTING YOUR EMPLOYEES, CUSTOMERS ... · 1 #ISMGSummits THINKING DIFFERENTLY: PROTECTING YOUR EMPLOYEES, CUSTOMERS AND THE SUPPLY CHAIN THROUGH DMARC ENFORCEMENT

23 © 2018 Proofpoint, Inc.CONFIDENTIAL

Email Authentication

[email protected]

Threat [email protected]

[email protected]

Inbox

Legitimate Company Email

Legitimate Partner Email

Suspicious Email

Page 24: THINKING DIFFERENTLY: PROTECTING YOUR EMPLOYEES, CUSTOMERS ... · 1 #ISMGSummits THINKING DIFFERENTLY: PROTECTING YOUR EMPLOYEES, CUSTOMERS AND THE SUPPLY CHAIN THROUGH DMARC ENFORCEMENT

24 © 2018 Proofpoint, Inc.CONFIDENTIAL

37.6%

Domain Monitoring

Individual Character Swap

Insert Additional Character

Add or Remove Leading/Trailing Characters

33.5%

12.7%

• Proofp0int.com• Proofpolnt.com

• proofpo1nt.com• proofpoirt.com

• Proofpoints.com• Proofpoint.us.com

DETECT & ANALYZE FLAG SUSPICIOUS TAKE DOWN

Page 25: THINKING DIFFERENTLY: PROTECTING YOUR EMPLOYEES, CUSTOMERS ... · 1 #ISMGSummits THINKING DIFFERENTLY: PROTECTING YOUR EMPLOYEES, CUSTOMERS AND THE SUPPLY CHAIN THROUGH DMARC ENFORCEMENT

25 © 2018 Proofpoint, Inc.CONFIDENTIAL

Machine Learning & Policy

From: Partner <[email protected]>Subject: Account Changes, Action RequiredDate: Oct 9, 2016 8:07 AM PDTTo: order admin<[email protected]>

Hi John, We’re making some structural banking changes ahead of March 2019.

Please update the payment details you use for out international business to the following:China Merchants Bank, H. O. Shenzhen (SWIFT CODE: CMBCCNBSXXX)Account Number: 0020-12345678Account Holder: Partner International Holdings

Thanks,Alice

Sender has a good reputation

Appears to come from a trusted

source

Potentially suspicious content

to analyze

Potentially suspicious subject

Sender/receiver relationship

Page 26: THINKING DIFFERENTLY: PROTECTING YOUR EMPLOYEES, CUSTOMERS ... · 1 #ISMGSummits THINKING DIFFERENTLY: PROTECTING YOUR EMPLOYEES, CUSTOMERS AND THE SUPPLY CHAIN THROUGH DMARC ENFORCEMENT

26 © 2018 Proofpoint, Inc.

Requires Greater Efficacy

Block more threats without risking deliverability of legitimate email

MORE DATAFewer blind spots means

less risk of missing threats or blocking legitimate

FULL CONTROLAcross all fraud tactics from a single provider

INTEGRATIONWith the gateway

provides more flexibility and therefore

less risk

Page 27: THINKING DIFFERENTLY: PROTECTING YOUR EMPLOYEES, CUSTOMERS ... · 1 #ISMGSummits THINKING DIFFERENTLY: PROTECTING YOUR EMPLOYEES, CUSTOMERS AND THE SUPPLY CHAIN THROUGH DMARC ENFORCEMENT
Page 28: THINKING DIFFERENTLY: PROTECTING YOUR EMPLOYEES, CUSTOMERS ... · 1 #ISMGSummits THINKING DIFFERENTLY: PROTECTING YOUR EMPLOYEES, CUSTOMERS AND THE SUPPLY CHAIN THROUGH DMARC ENFORCEMENT
Page 29: THINKING DIFFERENTLY: PROTECTING YOUR EMPLOYEES, CUSTOMERS ... · 1 #ISMGSummits THINKING DIFFERENTLY: PROTECTING YOUR EMPLOYEES, CUSTOMERS AND THE SUPPLY CHAIN THROUGH DMARC ENFORCEMENT

29 © 2018 Proofpoint, Inc.

Summary

▪Email Fraud is a big, growing and costly problem

▪Email Fraud is multi-faceted:▪Multiple assets at stake▪Multiple stakeholders targeted▪Multiple tactics employed

▪You need a solution that addresses the whole problem

Page 30: THINKING DIFFERENTLY: PROTECTING YOUR EMPLOYEES, CUSTOMERS ... · 1 #ISMGSummits THINKING DIFFERENTLY: PROTECTING YOUR EMPLOYEES, CUSTOMERS AND THE SUPPLY CHAIN THROUGH DMARC ENFORCEMENT

30 © 2018 Proofpoint, Inc.

2018 Human Factor Reporthttps://www.proofpoint.com/au/human-factor-2018

Learn More

@proofpoint

Page 31: THINKING DIFFERENTLY: PROTECTING YOUR EMPLOYEES, CUSTOMERS ... · 1 #ISMGSummits THINKING DIFFERENTLY: PROTECTING YOUR EMPLOYEES, CUSTOMERS AND THE SUPPLY CHAIN THROUGH DMARC ENFORCEMENT

31 © 2018 Proofpoint, Inc.