Upload
others
View
7
Download
0
Embed Size (px)
Citation preview
#ISMGSummits1
THINKING DIFFERENTLY: PROTECTING YOUR EMPLOYEES, CUSTOMERS AND THE SUPPLY CHAIN THROUGH DMARC ENFORCEMENT
Denis Ryan
Sr. Director, Email Fraud Defense BU
2 © 2018 Proofpoint, Inc.CONFIDENTIAL
Proofpoint At-A-GlanceLEADING CUSTOMERS
60%+of the
Fortune 100
6,400+enterprisecustomers
50,000+total customers
5-10B+messages
processed daily
3Leaders’ Quadrants in Gartner research
#1fastest growing
public company in cybersecurity over
the past 3 years strategic ecosystem
integrations
#1effectiveness rate
against email threats, proven consistently against competing
products 500B+ node threat
graph
300K+daily malware
samples100+world’s largest SPs
DEEP SECURITY DNA UNIQUE VISIBILITY ENTERPRISE CLASS
3 © 2018 Proofpoint, Inc.CONFIDENTIAL
$12.5B+
78,617Incidents worldwide
Direct losses worldwide(Oct 2013 – May 2018)
Source: FBI
99%+Rely on user to run
malicious code
2/3Malicious links are credential
phishingSource: Gartner Survey “Implementing Office 365”
“Email is the most important Office 365
service”
Hybrid integration is important… but also
large source of technical problems
Email fraud is aboard-level issue
Shift to cloud creates new threat vectors,
data exposure
Threats use social engineering, not vulnerabilities
Attacks Increasingly Target People, Not Infrastructure
4 © 2018 Proofpoint, Inc.CONFIDENTIAL
Which is Easier to Fool?
2015 - present1995 - 2015Dawn of time - 1995
Human Computer Human
5 © 2018 Proofpoint, Inc.CONFIDENTIAL
Attack VectorsIT Security Spending
Source: 2018 Verizon DBIRSource: Gartner (2017 forecast)
Network62%
Endpoint18%
Email 8%
Web 12%
93%all breaches are attacks
targeting people, 96% via email
Defenders Don’t Focus on People, Attackers Do
6 © 2018 Proofpoint, Inc.CONFIDENTIAL
The Defender’s POV
DMZ Internal vLANs
File Shares
DatabasesWeb Servers
App and Email Servers
PCs / Printers
InternetInternet
O365?
7 © 2018 Proofpoint, Inc.CONFIDENTIAL
The Attacker’s POV
Laurie Bream • 2nd Financial Advisor at Bank Co500+ connections
Jack Barker Executive at Bank Co500+ connections
Richard Hendricks • 3rd Senior System Administrator
8 © 2018 Proofpoint, Inc.CONFIDENTIAL
Receive highly targeted, very sophisticated, or high volumes of attacks
Clicks on malicious content, fails awareness training, or uses risky
devices/cloud services
Can access or manage critical systems or sensitive data
Who Are Your Very Attacked People (VAPs)?
Access to Valuable DataWork in High Risk Ways
Targeted by Threats
Attack
Vulnerability Privilege
VAPs
9 © 2018 Proofpoint, Inc.CONFIDENTIAL
VAP View: Transportation CompanyAdmin asst
Operations Mgr
Maintenance & reliability Mgr
CEO
Legal counsel
Engineering Mgr
Medical officer
Pilot
Are these users trained to recognize threats?
Have their accounts been compromised?
10 © 2018 Proofpoint, Inc.CONFIDENTIAL
INFORMATION PROTECTION
USER PROTECTION
THREATPROTECTION
PREVENT
Simulate Attacks + Train
Detect Compromised Accounts
Stop Email Fraud
DEFEND
Isolate Web Browsing
Protect Data Access
Stop Email + Cloud Threats
RESPOND
Train Targeted Users
Stop Data Loss
Orchestrate Response
Enterprises Need A People-Centric Approach
Email FraudThe multi-billion dollar problem
12 © 2018 Proofpoint, Inc.
Border Control: Identity & Security Screening
13 © 2018 Proofpoint, Inc.CONFIDENTIAL
Email Fraud Impacts EmployeesEMPLOYEES CUSTOMERS PARTNERS
“Xoom Corp. CFO Resigns After Fraudsters
Steal $30.8M in Corporate Cash”
- Business Times
Xoom Corporation
14 © 2018 Proofpoint, Inc.CONFIDENTIAL
Email Fraud Impacts CustomersEMPLOYEES CUSTOMERS PARTNERS
“I thought I’d bought my first home, but I lost
£67,000 in a conveyancing scam”
- The Guardian
Howard Mollett, charity worker
15 © 2018 Proofpoint, Inc.CONFIDENTIAL
Email Fraud Impacts PartnersEMPLOYEES CUSTOMERS PARTNERS
Stefan De Vrij, Lazio FC
“ Football club Lazio FC loses €2 million by falling
foul of phishing scam”- IT Pro
16 © 2018 Proofpoint, Inc.CONFIDENTIAL
Email Fraud is Growing, Widespread, and Impactful
$12.5B 103% 78,617 150In losses due to BEC and EAC scams since
the FBI started tracking
YoY increase in the number of email fraud
attacks since 2017
Of organizations impacted by email fraud
worldwide
Countries – including all 50 states – impacted by
email fraud
(FBI) (FBI) (FBI)(Proofpoint)
17 © 2018 Proofpoint, Inc.CONFIDENTIAL
Proofpoint Research Slides with 2018 Data
All Organizations– Large and Small All Industries All Functions
25%
13%
8%
5%
47%CFO
HR
FINANCE
PAYROLL
COO
Source: Proofpoint Threat Research
VERTICAL 2018-Q2Real Estate 67Biotechnology/Medical Devices 57Consulting 52Construction 50Telecommunications 46Energy/Utilities 42Technology 42Retail 41Entertainment/Media 41Engineering 40Pharmaceutical 40
Average BEC attack per company targeted
18 © 2018 Proofpoint, Inc.CONFIDENTIAL
Fraudsters Use Multiple Tactics
DOMAIN SPOOFING
proofpoint.com
DISPLAY NAME SPOOFING
<Gary Steele>
LOOK-ALIKE DOMAIN
proofpoirt.com
% of customers targeted by BEC tactic
69%
15%
92%
19 © 2018 Proofpoint, Inc.
Email Fraud: STOP ATTACKERS’ KEY TACTICS
Domain spoofing
Look alike domain
Display name spoofingOther brand
impersonation
Domain Monitoring
EmailAuthentication
Email Gateway:Policy and ML Classifier
Brand impersonation email threat data
proofpoint.com
proofpoirt.com
Gary Steele <[email protected]>
Internal Threats
External Threats
EmailAuthentication
Domain Monitoring
20 © 2018 Proofpoint, Inc.CONFIDENTIAL
Multiple Stakeholders Targeted
EMPLOYEES
Business email compromise or BEC Consumer phishing Supply chain spoofing
PARTNERSCUSTOMERS
21 © 2018 Proofpoint, Inc.CONFIDENTIAL
Full Control Against All Fraud Tactics
Domain Spoofing Look-alike Domain Display NameSpoofing
Domain Monitoring
EmailAuthentication
Machine Learning Classifier & Policy
proofpoint.com proofpoirt.com <Gary Steele>
The Ideal Solution360 degree protection for a 360 degree problem
23 © 2018 Proofpoint, Inc.CONFIDENTIAL
Email Authentication
Threat [email protected]
Inbox
Legitimate Company Email
Legitimate Partner Email
Suspicious Email
24 © 2018 Proofpoint, Inc.CONFIDENTIAL
37.6%
Domain Monitoring
Individual Character Swap
Insert Additional Character
Add or Remove Leading/Trailing Characters
33.5%
12.7%
• Proofp0int.com• Proofpolnt.com
• proofpo1nt.com• proofpoirt.com
• Proofpoints.com• Proofpoint.us.com
DETECT & ANALYZE FLAG SUSPICIOUS TAKE DOWN
25 © 2018 Proofpoint, Inc.CONFIDENTIAL
Machine Learning & Policy
From: Partner <[email protected]>Subject: Account Changes, Action RequiredDate: Oct 9, 2016 8:07 AM PDTTo: order admin<[email protected]>
Hi John, We’re making some structural banking changes ahead of March 2019.
Please update the payment details you use for out international business to the following:China Merchants Bank, H. O. Shenzhen (SWIFT CODE: CMBCCNBSXXX)Account Number: 0020-12345678Account Holder: Partner International Holdings
Thanks,Alice
Sender has a good reputation
Appears to come from a trusted
source
Potentially suspicious content
to analyze
Potentially suspicious subject
Sender/receiver relationship
26 © 2018 Proofpoint, Inc.
Requires Greater Efficacy
Block more threats without risking deliverability of legitimate email
MORE DATAFewer blind spots means
less risk of missing threats or blocking legitimate
FULL CONTROLAcross all fraud tactics from a single provider
INTEGRATIONWith the gateway
provides more flexibility and therefore
less risk
29 © 2018 Proofpoint, Inc.
Summary
▪Email Fraud is a big, growing and costly problem
▪Email Fraud is multi-faceted:▪Multiple assets at stake▪Multiple stakeholders targeted▪Multiple tactics employed
▪You need a solution that addresses the whole problem
30 © 2018 Proofpoint, Inc.
2018 Human Factor Reporthttps://www.proofpoint.com/au/human-factor-2018
Learn More
@proofpoint
31 © 2018 Proofpoint, Inc.