200 likes | 357 Views
Addressing Modern Day Targeted Attacks. <Presenter Name Here> <Presenter Title Here>. Agenda. Proofpoint Overview The Changing Threat Landscape Addressing Modern Day Threats. Proofpoint Overview. Leaders Quadrant , Most Visionary. Fastest Growing Messaging Security. Best Buy.
E N D
Addressing Modern Day Targeted Attacks <Presenter Name Here> <Presenter Title Here>
Agenda • Proofpoint Overview • The Changing Threat Landscape • Addressing Modern Day Threats
Leaders Quadrant, Most Visionary Fastest GrowingMessaging Security Best Buy Proofpoint:Cloud-Enabled Email Solutions 4000Customers Leading email security, compliance & archiving solutions Enterprise-class protection forlowest email risk & cost-of-ownership Fortune 500: Fortune 1 and 2Healthcare: 3 out of the top 6 networksPharmaceutical: 3 out of the top 6Financial and Retail: Largest US orgs
Evolution of Email Borne Threats Reduced Spam Volumes for the first time in history Email borne threats have become more targeted and more malicious Use of phishing attacks in Advanced Persistent Threats 2011+ Threat Level Spam is a Nuisance & Expensive Volumes growing 30% YoY 90+% of all traffic is spam Phishing for account credentials 2004 - 2010 Pre-2003 Spam is an Annoyance Unsophisticated
What is the Value of Corporate Data? “$4 billion worst-case scenario…$225 million in liabilities and $45 million in lost business”
Case Study: Epsilon Data Breach • Who is Epsilon? • A subsidiary of Alliance Data Systems, Epsilon is an online marketing services company that sends more than 40 billion emails a year on behalf of over 2,500 brands. • What happened? • Hackers compromised and gained access into Epsilon’s email system and stole millions of email addresses and names belonging to over 100 brands. • What was the attack vector? • A spear phishing attack on Epsilon’s staff responsible for email operations. The attack emails contained a link to a malicious site that installed malware on the user’s machine that included a keylogger and software to remotely control the compromised system. Epsilon’s staff unknowingly disclosed personal information, including passwords and financial details. • Many major U.S. companies were affected including: • U.S. Bank, Citigroup, Barclays Bank of Delaware, Tivo, Best Buy, Disney, Ritz Carlton, and many more. • What is the danger now? • Customers can expect a tidal wave of highly targeted spear phishing attacks on them now. Companies impacted:
Phishing Attacks are Working Recent Phishing Attacks • RSA: March 2011 • Epsilon: April 2011 • DOE Oak Ridge National Laboratory: April 2011 • International Monetary Fund: June 2011 • DOE Pacific Northwest National Laboratory: July 2011 Phishing attacks are no longer just for user credentials! • Epsilon: Customer email addresses • RSA: SecurID algorithms
Case Study: RSA Data Breach • Who is RSA? • RSA, the Security Division of EMC, is a provider of security, risk, and compliance solution. They are most well known for their SecurID technology that provides two-factor authentication security for users to access network resources. • What happened? • On March 17, 2011, RSA announced that their network had been breached by “an extremely sophisticated cyber attack” and critical information about RSA’s SecurID technology had been stolen. • What was the attack vector? • Phishing emails were sent to two targeted, small groups of employees of RSA. Attached to the email was an Excel file containing malware. When an RSA employee opened the Excel file, the malware exploited a backdoor in Adobe Flash. The exploit allowed the hackers to use Poison Ivy Remote Administration Tool to gain control of machines and access servers in RSA's network. • What is the danger now? • Several defense contractors using RSA SecurID technology have stated that they have been attacked as a result of the RSA compromise including L-3, Lockheed Martin, and Northrop Grumman • How could this have been prevented? • Although the email security solution used by RSA detected the emails as spam, they were placed in a quarantine where end-users still had access to them. End-users should be prevented from accessing phishing emails. Companies impacted:
Mobile Devices are a REAL Risk This threat is only growing with the proliferation and growth of mobile device usage! FAKE!!!!
Why Current Solutions Are NOT Protecting You Compromised Accounts • “Stealing” reputation is easier than building reputation • Preferred by attackers over botnets as a way around reputation systems Evolving payloads • Malware may be contained in the payload or • Payload may contain nothing but an innocuous URL… COMPROMISED? Systems based heavily on reputation are poorly equipped to handle low-volume targeted attacks.
A New Mentality toward Security Must be Adopted • Detection cannot rely on reputation • Reputation is still important – the spam problem still exists • Content analysis must be able to function without reputation • Phishing messages MUST be handled as malicious threats • Every effort must be extended to prevent End-Users from being exposed on the desktop OR mobile devices • End-User training must be continued • You must have a plan in the event that you are attacked • Triage tools • Response Plan
Three Key Requirements • DETECT • Multi-Layered Protection: Reputation and Detailed Content Analysis • Granular Threat Classification: Phishing, Virus, Spam • DEFEND • Separate Quarantines based on classification • Ensure End-Users do not compromise the security of your organization • DECIDE • Outbound scanning prevents repatriation of data • Real-time Message Tracing for immediate triage • Enterprise Class Support Organization
DETECT - Identify and Classify Bulk Spam, DDOS Attacks • Identify Threats • Multi-Layered Threat Detection • Global and Local Reputation • Deep Content Analysis • Classify Threats • Isolate Malicious Threats from Nuisance Spam Viruses Reputation Spam, Phishing Virus Detection Suspected Spam, Phishing, & Viruses Threat Classification Zero-Hour Detection
DEFEND - Ensuring End-Users Do Not Compromise Security Threat Classification • SO WHAT?! • Security is not at hands of your End-Users • Minimize risks from Mobile Users who cannot verify URLs Viruses Spam Phishing X X
DECIDE - Ensure Rapid and Effective Response to an Attack ScanningOutboundTraffic AttackTriage Enterprise Support • ProductSupport • ThreatSupport • Ensurethatsupportcan help youthroughanattack • Outbound Spam Filtering • Ensure infected machines cannot become sources of spam • Protect your domain’s reputation • Data Loss Prevention • Detect and Prevent repatriation and exfiltration • Advanced, Real-Time Message Tracing: • Identify accounts targeted by spear-phishing and phishing attacks for remediation • Search by Sender, Subject, or Attachment
Key Takeaways • Phishing messages MUST be handled uniquely • Phishing messages are malicious • Must be treated differently than Spam or Virus • You must have a plan in the event that you are attacked • Triage tools • Response Plan • Invest and partner with vendors that continue to invest heavily in threat detection • End-user education must continue • Educate users to identify phishing messages • Alert users (even specific departments) when you see phishing attacks