O SlideShare utiliza cookies para otimizar a funcionalidade e o desempenho do site, assim como para apresentar publicidade mais relevante aos nossos usuários. Se você continuar a navegar o site, você aceita o uso de cookies. Leia nosso Contrato do Usuário e nossa Política de Privacidade.
O SlideShare utiliza cookies para otimizar a funcionalidade e o desempenho do site, assim como para apresentar publicidade mais relevante aos nossos usuários. Se você continuar a utilizar o site, você aceita o uso de cookies. Leia nossa Política de Privacidade e nosso Contrato do Usuário para obter mais detalhes.
A history of breaches and why even companies with massive awareness
programs are still getting compromised
Why phishing exercises and user awareness programs are not enough to stop
How to effectively phish for relevant metrics
Learn to analyze the real attack surface of phishing and social engineering
How to stop pouring money on the fire and start empowering employees
Giving the users the tools and protections needed to combat phishing
New metrics to be tracking when trying to understand the likelihood of a phishing campaign compromising your enterprise and EXACTLY what you need to do to stop it.
“If it weren’t for the users we
would be secure”
– Some idiot in infosec who should have taken a job as a used car
“Users are our BIGGEST
– Some Infosec “professional” who diesn’t know what vulnerability
Pure vanilla spoof (forged internal from Internet)
Recipient and Sender
MX, SPF, RBL, Spam
Block known bad senders/Blacklists
Throttle after X in an hour
In line spam detection
Proxy in use
Inspect (Decrypt) SSL
3rd party add-ons/Plugins
Credential theft (SCORING)
Integration with Red Team
AV process protection
File integrity monitoring
System process protection
Can an attacker call home?
What are all the ways?
On Device Vulnerability
Does the user have rights
Can you priv esc
Can you get to the “Mothership”
Is there IP I can take?
Can I pivot and “Go for the gold”
Post Phish Value
Did your IR team catch it?
How long did it take to kick in response
How effective was response
Is there skill gaps
What do you need to do
to close the gaps?
What other metrics do you need to be
tracking to make informed decisions and
ACTUALLY reduce the risk of phishing
User data (Demographics)
Automated Defensive measurements
REAL METRICS REAL DECISIONS
Time for emails to get delivered
Time til first detection
Time til enterprise notification
Time required to create incident team
Time to identify threat vectors
Time required to identify/quarantine threat
Time to analyze indicators accurately
Mean time to incident eradication
REAL METRICS REAL DECISIONS
After we analyze metrics we need to make a REAL plan
to stop this from happening the SAME way again
Increased user training
Increased technology and automated defenses
Process improvement opportunities
Blue team Improvement
IR process review
War boarding advanced threat
Always asking, WHAT IF we didn’t get it ALL!
Please Remember To Fill Out Your
Session Evaluation Forms!