1 Targeted attacks begin with spearphishing Jasper Evertzen Sales Director Benelux & Nordics Charles Rami SE Manager France Benelux& Nordics threat protection compliance archiving & governance secure communication
2 Proofpoint (NASDAQ: PFPT) Security-as-Service Leader What We Do Protect the Most Sensitive Data of the World s Most Successful Companies Comprehensive Data Protection Portfolio Scalable Security-as-a- Service platform Advanced Threat Protection Key Partners Demonstrated Success 3 of the 5 largest US Retailers 5 of the 5 largest US Banks 3 of the 5 largest US Defense Contractors 2 of the 5 largest Global Pharmaceuticals Companies Select Partners & Customers Accolades Leaders Quadrant: Magic Quadrant for Secure Gateways & Enterprise Information Archive Champions Quadrant & Innovation Award, 2012
3 Leaders in Gartner s 2014 Magic Quadrant for Secure Gateways Gartner, Inc. positions Proofpoint in the Leaders Quadrant in its 2014 Magic Quadrant for Secure Gateways. It clearly has the sharpest focus on security issues, resulting again in one of the highest growth rates in this market. The last pure-player in security Gateway (focused only on security gateway) In the top right of the magic quadrant for the last 6 times This slide for Proofpoint INTERNAL use only.
4 Comprehensive Suite Security-as-a-Service Suite Full-life cycle data protection Big Data Platform Advanced data processing, search, and analytics Cloud Infrastructure Innovative hybrid architecture with global data center footprint Proofpoint, Inc.
5 Proofpoint Protection Proofpoint, Inc. Enterprise Protection Stop SPAM, viruses and other forms of malware Targeted Attack Protection Identify and block advanced threats from penetrating the enterprise Threat Response Automate threat remediation Single pane of glass for security operations Respond in minutes instead of hours
6 Targeted attacks begin with a spear-phishing & it s not a fiction! threat protection compliance archiving & governance secure communication
7 The Industry Challenge Breaches Keep Happening ALL PHISH Proofpoint, Inc.
8 It s also happen here!
9 French TV hacked
10 We Think Malware Attackers Think Monetization EveryPC is valuable to cybercriminals Source: Brian Krebs, Value of a Hacked PC, krebsonsecurity.com
11 Some real examples #1 Banking customer Dridex malware
14 #1 Banking customer Dridex malware Malware not detected by AV
15 #1 Banking customer Dridex malware Malware not detected by AV TAP Msgs Major AV Vendor 379K Msgs
16 Some real examples #2 Credentials seeking How it works To target defense company Academi, the attacker registered two typosquatted domain names: tolonevvs[dot]com (real news domain: tolonews.com (news site about Afghanistan)) academl[dot]com (real company domain: academi.com) When the target opens the through the preview pane of Microsoft Outlook Web Access and clicks on the typosquatted domain, a new tab will be opened which loads the original news site.
17 #2 Credentials seeking Fake Outlook Web Access login pages
19 #2 Credentials seeking Fake Outlook Web Access login pages
20 #3 The human factor
21 #3 The human factor - Who Is Clicking? Executives aren t the problem
22 #3 The human factor - Where Do Users Click? On and off the network 1-in-5 clicks occur off the corporate network
23 #3 The human factor
24 #3 The human factor Louise Bergman is the Human Resources Manager at XXXX
25 Borne Threat Landscape Spear Phishing Handcrafted, social engineered, very low volume Target anyone with access to sensitive data Preferred method for state actors Longlining High volume, mass customized phishing technique High-cost to remediate Opportunistic payloads Watering Hole Compromised trusted content sources Use newsletters to drive traffic Seen across multiple verticals Multi-Variant One campaign serving both spam & malware TDS varies payload based on time, device, geography, other factors Hard to distinguish
28 The Cybercrime Attack Chain High-volume unsolicited Credential phish High-volume to highly targeted
29 Legitimate , Compromised Sites Web marketing to subscribers of a popular healthcare site Compromised site meant that legitimate s carried malicious links
30 The Cybercrime Attack Chain Malicious scripts Malicious redirects Virtually infinite supply: domain and URL reputation cannot keep up
32 The Cybercrime Attack Chain Traffic Distribution System (TDS)
33 Multi-Variant Campaign: TDS in Action
34 The Cybercrime Attack Chain For-hire service Can include 0-days (Angler) Pre-exploit (heap-spray) Exploits chosen based on client apps and patch level Exploits obfuscated and tested for evasiveness
35 The Cybercrime Attack Chain Delivery: Dropper downloads malware Or can have a single-stage where dropper is also malware Can also download other payloads in future Makes file system and registry changes, browser hooking, etc
36 How can we help you? threat protection compliance archiving & governance secure communication
37 New Landscape New Requirements TRADITIONAL ANTI-SPAM Traditional Reputation and Signature Systems 99% effectiveness good enough TODAY S THREATS Mass customization and botnets increasingly by-pass Every message matters Black-box Real-time, end-to-end insight and rich policy are critical
42 Proofpoint Enterprise Protection Robust Delivery & Administration Flexible deployment, scalable performance Cloud, Appliances, Virtual Machines, Hybrid proven ability to scale rapidly from thousands to hundreds of thousands of users Powerful routing Built on top of the commercial version of Sendmail, the world s most widely used MTA Flexible, global administration Granular and delegated administration for complex global organizations
43 Even the Best Protection Has Limits Hand-crafted spear-phish Low Volume Legit IPs and sender addresses Legitimate Watering Hole or Malvertising compromised legit website Leverages existing routine newsletters from the site Nothing to Detect at Delivery Malware not mounted at time of delivery TDS system and obfuscated redirects mask bad IPs No attachments, only URLs with morphing results and some fraction of the time systems will just miss one.
44 Unknown Threats: Targeted Attack Protection Detects today s advanced threats even after delivery Polymorphic & zero-day malware in attachments and URLs Credential phishing Protects on click, even while mobile or remote Click-time defense: validation of URLs when you click Follow-me protection: for users on and off the corporate network Provides end-to-end, real-time, per-user insight User targets, methods and potential exposure
45 Detects Today s Advanced Threats Polymorphic & Zero-Day Advanced, cloud-based dynamic and sandbox analysis Full-attack chain detection: compromised site, TDS, pre-exploit, exploit, malicious payload DETECT URLs and Attachments URLs, URL campaigns, Malicious Ads Weaponized documents (PDF, Office, flash etc.) Malware and Credential-Seeking Rich forensics and IoCs Screen-shots
46 Protects on Click, Even Mobile or Remote Click-time Defense Protects users post delivery Provides end-to-end visibility Follow-me Protection works anywhere Works on any device any location: mobile, home use, hotels, airports Nothing installed on the client Respects Existing Security Layers Leverages industry-standard http redirection; does not proxy, so requests still pass through existing security layers
47 End-to-End Insight Who is being targeted User level insight into who is being targeted with what campaigns Insight into targeted vs. broad-based attacks Who is at risk, from what Who s clicking, when, what they re clicking on Detailed forensics RESPOND In Real-time, back-in-time Continual rescoring of history Real-time alerts Real-time aggregation and summarization
48 Proofpoint Targeted Attack Protection URL Defense Proofpoint URL Analysis Proofpoint BIG DATA ANALYSIS Sandboxing Proofpoint Malware Service External MTA End Users
49 Proofpoint Targeted Attack Protection Attachment Defense SHA256 Hash Sent to Cloud Reputation? Post Scan? UNKNOWN GOOD BAD? PDF No Present? Dynamic GOOD? Content Present GOOD BAD Initiate Deliver Unknown Dynamic Content Scan Proofpoint Attachment Defense API Proofpoint Sandboxing External MTA End Users Admin Quarantine AD Queue Hidden Quarantine
51 https://urldefense.proofpoint.com/v1/url?u=http:/ /onesourceprocess.com/ab3bp5r/index.html&s=ab eb44ac1/&k=cpgdz%... Click to follow link
52 When & Whether you re being attacked When & Whether you ve been compromised By What
53 Who s at risk, when
54 What they re at risk from
57 Summary: Proofpoint Protection BLOCK DETECT Predictively Block more attacks Quickly detect targeted, polymorphic and zero-day attacks RESPOND Full visibility into targets, methods and exposure
58 TAP Who clicked a bad link? TAP What now? Sender IP: Clicked URL:
59 TAP+Threat Response Add: Username Infection history Group Local information Local IP Malicious file check IP/Domain Reputation Geo-location CNC server checks Assign incidents Put user in Penalty box Update Firewalls Update Proxies Document responses Update Threat Response AD IP reputation Geolocation WhoIS Virus Total IOC Verification Threat Verified Network connections: Registry Changes: File changes: Mutexes: Yes Yes Yes Yes AD User: User Group: User Phone: System IP: Sender IP: Clicked URL: User Context Josephsmith Finance Additional Incident Context Sender IP: Known Malware?: New Domain? Domain Reputation? CNC List? Country? Known bad actor Trojan.Turla.A Yes Neutral Y N. Korea
60 Exchange Threat Scanner https://www.proofpoint.com/us/id/scanner Free Tool, Easy To Run Actionable Report
61 Audit or Proof of Concept Deploy Proofpoint behind your current solution Can be deployed to remain passive within mail flow Quickly determine your current risk exposure and effectiveness Results within weeks
62 How Can You Defend Your Organization? Continue to emphasize the importance of security and social media security Deploy defenses that use multiple, contextual big data and threat intelligence-based detection techniques Ensure layered security that incorporates automated threat response systems content control systems as well as next-generation detection... because someone will always click and it only takes one.
63 & threat protection compliance archiving & governance secure communication
Nine Essential Requirements for Web Security Enabling safe, productive access to social media and other web applications Table of Contents Executive Summary...3 Introduction...4 Web Security Concerns....4
Securing Your Journey to the Cloud Trends in Targeted Attacks By Nart Villeneuve A Trend Micro White Paper I October 2011 Table of CONTENTs I. Abstract. 3 II. Introduction 3 Targeted attacks. 6 III. Trends
A Websense White Paper ADVANCED PERSISTENT THREATS AND OTHER ADVANCED ATTACKS: THREAT ANALYSIS AND DEFENSE STRATEGIES FOR SMB, MID-SIZE, AND ENTERPRISE ORGANIZATIONS REV 2 ADVANCED PERSISTENT THREATS AND
The Custom Defense Against Targeted Attacks A Trend Micro White Paper Contents Executive Summary...3 The Anatomy of a Targeted Attack...4 The Reality and Costs of Targeted Attacks...5 Strategic Choices
G00224682 Best Practices for Mitigating Advanced Persistent Threats Published: 18 January 2012 Analyst(s): Lawrence Pingree, Neil MacDonald Many security practitioners see the term "advanced persistent
Network World and Robin Layland present The 2013 Next Generation Firewall Challenge Next Generation Firewalls provide the needed protection against Advance Evasion Techniques 2013 The 2013 Next Generation
Cisco 2014 Annual Security Report 2 Cisco 2014 Annual Security Report Executive Summary The Trust Problem The exploitation of trust is a common mode of operation for online attackers and other malicious
The 2015 Endpoint and Mobile Security Buyer s Guide Version 3.0 Released: July 6, 2014 Securosis, LLC 515 E. Carefree Highway Suite #766 Phoenix, AZ 85085 T 602-412-3051 email@example.com www.securosis.com
1 Cisco: Addressing the Full Attack Continuum A New Security Model for Before, During, and After an Attack 2 3 9 12 Issue 1 Welcome Addressing the Full Attack Continuum: A New Security Model for Before,
APRIL 2015 VOLUME 20 INTERNET SECURITY THREAT REPORT 2 2015 Internet Security Threat Report MOBILE & IOT WEB THREATS SOCIAL MEDIA & SCAMS TARGETED ATTACKS 4 Introduction 5 Executive Summary 9 IN NUMBERS
Continuous Endpoint Threat Detection and Response in a Point-in-Time World A New Model to Protect the Endpoint Sourcefire is not a newcomer to security innovation nor have we been sitting idly by while
The Critical Security Controls for Effective Cyber Defense Version 5.0 1 Introduction... 3 CSC 1: Inventory of Authorized and Unauthorized Devices... 8 CSC 2: Inventory of Authorized and Unauthorized Software...
White Paper Content Security: Protect Your Network with Five Must-Haves What You Will Learn The continually evolving threat landscape is what makes the discovery of threats more relevant than defense as
Real World Enterprise Security Exploit Prevention Test March 2015 1 1 Executive summary...3 2 Certifications...6 3 Test methodology...7 3.1 Source of exploits...9 3.2 False positive test... 10 3.3 0-day
White Paper Addressing the Full Attack Continuum: Before, During, and After an Attack It s Time for a New Security Model Today s threat landscape is nothing like that of just 10 years ago. Simple attacks
Cyber Security Planning Guide The below entities collaborated in the creation of this guide. This does not constitute or imply an endorsement by the FCC of any commercial product, service or enterprise
Unified Security Monitoring Best Practices June 8, 2011 (Revision 1) Copyright 2011. Tenable Network Security, Inc. All rights reserved. Tenable Network Security and Nessus are registered trademarks of
10 Things Your Next Firewall Must Do Introduction Without question, your network is more complex than ever before. Your employees are accessing any application they want, using work or personal devices.
RESELLER BRANDING BEST PRACTICE GUIDE TO MAIL & WEB. CONTENTS 1. INTRODUCTION...2 Page 2. PROTECTING YOUR MAIL SERVER...3 3. ANTI-SPAM + EFFECTIVE ANTI-MALWARE = COMPREHENSIVE SERVER SECURITY... 5 4. PROTECTING
White Paper Dave Marcus, Director of Advanced Research and Threat Intelligence, McAfee Ryan Sherstobitoff, Threat Researcher, Guardian Analytics How the high-tech mantra of automation and innovation helps
A Modern Framework for Network Security in Government 3 A MODERN FRAMEWORK FOR NETWORK SECURITY IN THE FEDERAL GOVERNMENT Government: Securing Your Data, However and Wherever Accessed Governments around
Enterprise Anti-Virus APRIL - JUNE 2013 Dennis Technology Labs www.dennistechnologylabs.com This report aims to compare the effectiveness of anti-malware products provided by well-known security companies.
A Trend Micro Research Paper Suggestions to Help Companies with the Fight Against Targeted Attacks Jim Gogolinski Forward-Looking Threat Research Team Contents Introduction...3 Targeted Attacks...4 Defining