Ntxissacsc5 gold 1--mimecast email resiliency- erez-haimowicz

1. NTXISSA Cyber Security Conference – November 10-11, 2017 @NTXISSA #NTXISSACSC5 Email Security – Growing in threats, quickening in pace Erez Haimowicz Enablement and Security Mimecast 11-10-17

2. NTXISSA Cyber Security Conference – November 10-11, 2017 @NTXISSA #NTXISSACSC5 Email: The Ultimate App With demanding business and user requirements 24 X 7 Email Availability ContinuousMission-critical Mobile .2

3. NTXISSA Cyber Security Conference – November 10-11, 2017 @NTXISSA #NTXISSACSC5 Cyber Resilience The technology that provides the best possible multi-layered protection MULTILAYERED SECURITY A solution that allows you to continue to work while the issue is resolved CONTINUITY The knowledge that no matter what, you can get back to the last known good state REMEDIATION

4. NTXISSA Cyber Security Conference – November 10-11, 2017 @NTXISSA #NTXISSACSC5 Countdown to a breach Verizon 2016 Data Breach Investigations Report (DBIR) 100 Seconds average time-to- first-click

5. NTXISSA Cyber Security Conference – November 10-11, 2017 @NTXISSA #NTXISSACSC5 91% of all incidents start with a phish Wired

6. NTXISSA Cyber Security Conference – November 10-11, 2017 @NTXISSA #NTXISSACSC5 You can no longer stand in front of your board and say that you won’t have an attack. As we all know, it’s now a case of when.

7. NTXISSA Cyber Security Conference – November 10-11, 2017 @NTXISSA #NTXISSACSC5 What those attacking look like

8. NTXISSA Cyber Security Conference – November 10-11, 2017 @NTXISSA #NTXISSACSC5 Your company is at risk if you.. • You have certain letters in your domain name • You accept resumes on your website • You have a team of people in finance • You have a profile • Your life is deemed interesting enough to be on • Your company is at RISK if you…

9. NTXISSA Cyber Security Conference – November 10-11, 2017 @NTXISSA #NTXISSACSC5 Do You Have a Page Like This On Your Website?

10. NTXISSA Cyber Security Conference – November 10-11, 2017 @NTXISSA #NTXISSACSC5

11. NTXISSA Cyber Security Conference – November 10-11, 2017 @NTXISSA #NTXISSACSC5 Real life examples with email

12. NTXISSA Cyber Security Conference – November 10-11, 2017 @NTXISSA #NTXISSACSC5

13. NTXISSA Cyber Security Conference – November 10-11, 2017 @NTXISSA #NTXISSACSC5

14. NTXISSA Cyber Security Conference – November 10-11, 2017 @NTXISSA #NTXISSACSC5 Imagine being able to stop EVERY malicious file We all know the risks Trust your users not to click?

15. NTXISSA Cyber Security Conference – November 10-11, 2017 @NTXISSA #NTXISSACSC5

16. NTXISSA Cyber Security Conference – November 10-11, 2017 @NTXISSA #NTXISSACSC5

17. NTXISSA Cyber Security Conference – November 10-11, 2017 @NTXISSA #NTXISSACSC5 Who Says Attacks Need to Involve Malware?

18. NTXISSA Cyber Security Conference – November 10-11, 2017 @NTXISSA #NTXISSACSC5

19. NTXISSA Cyber Security Conference – November 10-11, 2017 @NTXISSA #NTXISSACSC5 Compromised Accounts Stolen User Credentials Utilize Corp Web mail to spread attack internally or externally to partners/customers Careless Users Sending sensitive data internally such as projects and PII “Oops, sent it to the wrong Michael…” Malicious Insiders Purposely distributing malware or malicious URLs Internal threats!

20. NTXISSA Cyber Security Conference – November 10-11, 2017 @NTXISSA #NTXISSACSC5 Flawed - The technology 23% open the phish & click Confidetial |

21. NTXISSA Cyber Security Conference – November 10-11, 2017 @NTXISSA #NTXISSACSC5 • To run an attack… • You don’t even need to know how to code Source: Forbes.com - "Ransomware As A Service Being Offered For $39 On The Dark Net" 7/15/16

22. NTXISSA Cyber Security Conference – November 10-11, 2017 @NTXISSA #NTXISSACSC5 AND to bypass sandboxes…. FUD (Fully Undetectable) Crypting Services to avoid AV detection • AND to bypass sandboxes… • FUD (Fully Undetectable) Crypting Services to avoid AV Detection

23. NTXISSA Cyber Security Conference – November 10-11, 2017 @NTXISSA #NTXISSACSC5 Confidential | At Risk - The human firewall 11% open the phish & run the attachment

24. NTXISSA Cyber Security Conference – November 10-11, 2017 @NTXISSA #NTXISSACSC5 “HEY STRANGERS - Please send me files”

25. NTXISSA Cyber Security Conference – November 10-11, 2017 @NTXISSA #NTXISSACSC5 ‘Click to View’ Dupe

26. NTXISSA Cyber Security Conference – November 10-11, 2017 @NTXISSA #NTXISSACSC5 You can’t fix stupid

27. NTXISSA Cyber Security Conference – November 10-11, 2017 @NTXISSA #NTXISSACSC5 • Whatever we do, they’re still around and getting ‘creative’

28. NTXISSA Cyber Security Conference – November 10-11, 2017 @NTXISSA #NTXISSACSC5 Your business needs a cyber resilience strategy ARCHIVING SECURITY CONTINUITY

29. NTXISSA Cyber Security Conference – November 10-11, 2017 @NTXISSA #NTXISSACSC5 29 Thank you

Editor's Notes

Interesting beast, email! Beyond its ubiquity, email has several other characteristics that make proper management both demanding and mission-critical: Email has emerged into the predominant business communications medium, eclipsing even the telephone Email is unique in creating a continuous body of business knowledge Businesses demand 24x7 email availability 24x7 availability means anytime, anywhere access
**Countdown to a breach – 100 Seconds? We refer to users as the human firewall and that human firewall is your weakest link. 1M 22 SECONDS THE MEDIAN TIME FOR SOMEONE TO CLICK on a phishing link That’s the Median, imagine what the lower outliers are. And.. 50% of those people who do click the link will do it within the first hour.
WHATS WORSE, WE KNOW… 95% For the purposes of this talk, we’ll use the phrase phish To mean spear-phishing, whaling and phishing But in a business context
How do Attackers get their information? An easy way to find out about a company is visit their website. Most companies have information about their executive teams. What better way to entice a user to open an email than having it look like it’s from the CEO, the CFO or some other senior leader? Remember that it only takes one employee to “click before they think” to compromise an entire organization.
Let’s look at some of the attacks that aw are seeing as part of our service. Phishing attack focused on getting a users password via a random mass-emailing attack. An email from Chase Bank. When you hover over the link you will see that the link is not legit. Using our URL protection service you will also be able to see the User Awareness Page showing you: The link which was automatically re-written The email address that it was sent from (not legitimate) Information on how to recognize a phishing attack. An action to either exit or accept the risk And the fact that your decision will be logged for future audit purposes. Even if you accept the risk it will block access.
Let’s look at some of the attacks that aw are seeing as part of our service. Phishing attack focused on getting a users password via a random mass-emailing attack. An email from Chase Bank. When you hover over the link you will see that the link is not legit. Using our URL protection service you will also be able to see the User Awareness Page showing you: The link which was automatically re-written The email address that it was sent from (not legitimate) Information on how to recognize a phishing attack. An action to either exit or accept the risk And the fact that your decision will be logged for future audit purposes. Even if you accept the risk it will block access.
Let’s look at some of the attacks that aw are seeing as part of our service. Phishing attack focused on getting a users password via a random mass-emailing attack. An email from Chase Bank. When you hover over the link you will see that the link is not legit. Using our URL protection service you will also be able to see the User Awareness Page showing you: The link which was automatically re-written The email address that it was sent from (not legitimate) Information on how to recognize a phishing attack. An action to either exit or accept the risk And the fact that your decision will be logged for future audit purposes. Even if you accept the risk it will block access.
In this case this advanced phishing email with attachment is delivering a document with malicious code. This is a malware attack …very targeted. What you will see from our attachment protect service is that we do both a safe file transfer into a PDF document which is safe to open as well as the ability to request the original file. Once the request is done the file will go through a sandbox threat service prior to it being delivered to the end user.
In this case this advanced phishing email with attachment is delivering a document with malicious code. This is a malware attack …very targeted. What you will see from our attachment protect service is that we do both a safe file transfer into a PDF document which is safe to open as well as the ability to request the original file. Once the request is done the file will go through a sandbox threat service prior to it being delivered to the end user.
In this case this advanced phishing email with attachment is delivering a document with malicious code. This is a malware attack …very targeted. What you will see from our attachment protect service is that we do both a safe file transfer into a PDF document which is safe to open as well as the ability to request the original file. Once the request is done the file will go through a sandbox threat service prior to it being delivered to the end user.
In this case you see a spear phishing attack impersonating a senior staff member. It is targeting an employee with authority. In this case it was send asking for a western union money transfer of $4500. Notice the email?
In this case you see a spear phishing attack impersonating a senior staff member. It is targeting an employee with authority. In this case it was send asking for a western union money transfer of $4500. Notice the email?
Layer one is of course the technology
Attackers don’t have to know how to code, they don’t even have to be smart. They can download TOX, a ransomware construction tool that provides an easy to use graphical interface that allows attackers to track how many folks have been infected and track the ransom paid
If you’re an attacker and can code but don’t know how to evade sandbox detection, that’s not a problem there’s an online service that can help. FUD- fully undetectable crypting services uses obfuscation, encryption and code manipulation.
The second layer of defense is employee awareness and vigilance. The aim here is to a create herd alertness in your organization. The intention is not to make everyone suspicious of everything, or make everyone a security pro, but make them alert enough to linger over a link or attachment. The Mimecast security awareness tools help in this mission to compliment the other tactics you should use like training and perhaps simulated exercises.

Ntxissacsc5 gold 1--mimecast email resiliency- erez-haimowicz

Recommended

Recommended

More Related Content

What's hot

What's hot (19)

Viewers also liked

Viewers also liked (13)

Similar to Ntxissacsc5 gold 1--mimecast email resiliency- erez-haimowicz

Similar to Ntxissacsc5 gold 1--mimecast email resiliency- erez-haimowicz (20)

More from North Texas Chapter of the ISSA

More from North Texas Chapter of the ISSA (11)

Recently uploaded

Recently uploaded (20)

Ntxissacsc5 gold 1--mimecast email resiliency- erez-haimowicz

Editor's Notes