1 / 33

Cyber Resilience for Email in the Cloud

Cyber Resilience for Email in the Cloud. Our Vision and Mission.

resler
Download Presentation

Cyber Resilience for Email in the Cloud

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Cyber Resilience for Email in the Cloud

  2. Our Vision and Mission The Mimecast VisionTo make the world more resilient. The Mimecast MissionTo help customers protect their employees, intellectual property, customer data, and brand reputations by providing security and compliance solutions that mitigate risk and reduce the cost and complexity of creating a cyber-resilient organization.

  3. Cyber Resilience for Email Ensuring predictable outcome through comprehensive security controls before, continuityduring, and automated recoveryafteran attack.

  4. Staying Safe in a Modern World places bad block people things allow good

  5. Security Incidents Skyrocketing • 68% of Breaches Take months or longer to discover * $3.86 Million Average cost of a breach * 90+% of Breaches Involve employee error **

  6. The Landscape: Convergence of Risk for Email End User Fatigue Advanced Threats GDPR Data Archiving @ Impersonation Attacks Ransomware Migration to Office 365

  7. Why we feel like we are failing at Cyber Security Defense Arms Race Evolution of attacks from spamming, viruses, malware, phishing, weaponized attachments, impersonation attacks, inside attacks, supply chain attacks, creating a no win game. Data Recovery Skills Deficiencies The need for recovery when email is damaged, accidentally deleted, or your data is held hostage by ransomware? Lack of people with skills to analyze threats and respond efficiently or adapt technologies. Attacks also happen because users are making choices that expose your business. Business Disruptions You will also need to be prepared to ensure durability of your systems for your organization following a security event.

  8. Defense In Arms Race Why it is a Defense In Arms Race 225B 6.3B 91% Emails sent everyday Email Mailboxes in 2017, growing to 7.7B by 2021 Security Threats Enter Environment through Email

  9. Defense In Arms Race 2001 1988 1992 1999 2001 Antivirus Protection Malware Protection Spam Protection URL Protection Impersonation Protection 1987 – Vienna Virus 1988 – AV technology Today – Signature-less 1988 – Internet Worm 1992 – OS proliferation Today – Ransomware 1987 – Identified 2001 – Threat Use Today – 76% Affected 1994 – Commercial 1999 – Threat Use Today – 66% Email 1994 – Identified 2001 – Threat Use Today – Most advanced

  10. Human Error is involved in over 90+% of all security incidents. We need to reduce risk at the source! “But it looked so real.” “I didn’t send those emails.” “All I did was click.” “That resume was from a friend.” The Consequences • Stolen company/customer data • Loss of revenue/customers • Damage to your brand • Fines, legal fees, etc. • Less productive workforce A significant breach can change your company’s entire trajectory

  11. Improving the Skills Deficiency Where are there deficiencies? 1.5M 1.5Yrs -10% Unfilled IT positions in Technology Field in US Alone Average career term for IT Administrator Role Continuous Decline in STEM candidates meaning reduced pipeline

  12. Improving the Skills Deficiency Education Ensuring that IT team and employees are educated and continuously aware of risk Technology Enforcing security capabilities and driving more automation to the vendors Staffing Optimizing resources to best facilitate network and security operations requirements

  13. Threat Protection A multi‐layered inspection system that is effective against both widely used commodity attacks as well as customized and highly targeted attacks  Recoverability Adaptability Mimecast simplifies and automates the process of recovering email and other data held within your corporate email environment. Leverage third‐party threat intelligence, optimizing and deploying leading technologies, conducting ongoing threat analysis, automating remediation services, and delivering inline user education. Durability Mimecast provides an email system that remains 100% available while ensuring the integrity of the data stored within.

  14. Email Security • Phishing attacks • Ransomware • Malware • Malicious URLs • Anti-spam & virus • Inbound, Internal and Outbound Secure Email Gateway Targeted Threat Protection Internal Email Protect URLProtect Attachment Protect Impersonation Protect Data Leak Protection & Content Control Expanded Security Options Email Continuity Sync & Recover Secure Messaging Large File Send

  15. Email Security Inspection System

  16. Mimecast Targeted Threat Protection URL Protect with URL rewriting and dynamic user awareness Evolving and comprehensive protection, achieved simply in the cloud. Internal Email Protect Detection and remediation of internal security threats Plus inspection of outbound emails Attachment Protect With safe-file conversion, on-demand and pre-emptive sandboxing Impersonation Protect with dedicated detection of email impersonation and malware-less phishing

  17. Would one of your users transfer the money?

  18. Key Indicators

  19. Key Indicators

  20. Key Indicators

  21. Impersonation Identifiers Name is one of my users Domain is like one of my domains Keyword dictionary Newly observed domain Reply-to mismatch Domain reputation services to check on mail flow seen in the last 7 days. VIP user list

  22. Compromised Insider Careless Insider Malicious Insider

  23. Compromised Accounts Attacker uses stolen user credentials to spread attack internally and/or externally Internal Email Threats Careless Users “Oops, I sent it to the wrong person…again.” Malicious Insiders Purposely distributing malware or malicious URLs 60% 59% 61% Of email traffic is internal, employee to employee and outbound. Of organizations will suffer a negative business impact from an email-borne attack this year. Attacks where malicious activity spread from one infected user to other employees via email. Global research from Vanson Bourne, commissioned by Mimecast, 2018.

  24. Mitigating Business Disruption How do you measure uptime? 23Days 27% $3.6M Average time to resolve a ransomware attack Likelihood of a recurring data breach over the next 2 years Average cost of a data breach ($141 of cost per lost data record)

  25. MIMECAST SOLUTION Business Continuity • Seamless always-on access to email via Outlook • Mobile device access • 100% continuity SLA • Recovery time objective = 0 • Security Monitoring & Reporting • Security policies maintained during downtime

  26. Eliminate the impact of downtime Continuous email flow with advanced security • Keep business moving • Continuous access to email from anywhere, on any device • Online authentication ensures employee access even if AD is unavailable • Ensures both inbound and outbound DLP policies are in place during an attack. • Maintain employee productivity • Continued email flow with access to inbox and folders and personal archives • 100% uptime SLA. • Security team can triage attacks while systems remain online. • Monitoring, alerting and response • Out of band notifications for admins and employees • Near-zero recovery time (RTO) and recovery point (RPO) • Contains lateral movement off attacks and remediates threats

  27. Awareness Training • Engaging, proven training • Phish testing • Predictive risk scoring • Individualized training Awareness Training Engaging Training Phish Testing Risk Scoring Targeted Remediation

  28. Mimecast Security Awareness Training Over 35 Training Modules Risk Scoring Dashboard Engaging Training Videos Combines effective, modern video training techniques with predictive analytics to solve for your company's vulnerability to human error. The first complete model for measuring employees' security knowledge, sentiment, and engagement, and using that data to build individual risk profiles Topics ranging from phishing, passwords, PCI Compliance, Ransomware, CEO/Wire Fraud and GDPR. Attack simulations can test employee security efficacy. Human error is involved in 95% of all breaches

  29. And when your employees don’t like it… Don’t Learn The Right Thing To Do Not Engaged Or Paying Attention Dismissive Attitude Towards Security

  30. Cloud Archive Cloud Archive • Multi-purpose solution • Data archive, backup and recovery • E-Discovery, compliance, end user search • Leader in Gartner MQ, four years' running E-Discovery Compliance End User Search Expanded Archiving Options Supervision Sync & Recover Long Term Retention

  31. Compelling Need For Archiving IT COMPLIANCE LEGAL • E-discovery • Investigations • Early case assessment • Regulatory Compliance • Audits • Fines • Backup /Recovery • End-user search • Reduce costs, satisfy • users

  32. Want to learn more about Mimecast? Visit us at: www.Mimecast.com Mimecast Security Blog: https://www.mimecast.com/blog/ Mimecaster Central KB Community: https://community.mimecast.com/

  33. Thank You!

More Related