1 FAST, ACCURATE, COST-EFFECTIVE: CHOOSE ALL THREE Big Data and Threat Intelligence for Phishing A Spire Research Report Sponsored by Malcovery Security, LLC 2013 Spire Security, LLC. All rights reserved.
2 Fast, Accurate, Cost-Effective: Choose All Three Executive Summary It is too easy to get caught up in the excitement of "Big Data" simply for its own sake. Even worse, it is common to get bogged down in technical architectures regarding it. But make no mistake - there is strong value in the analytical power associated with the purposeful processing of large amounts of data. New techniques are constantly being developed that can be used for threat intelligence. Sharing information has been beneficial for the security field (e.g., malware samples, breach information, etc.) though none of these techniques has demonstrated overwhelming change. However, they are indicators of how sharing threat intelligence can be useful. Big Data analytics provide broader, more strategic ways to contribute to the growing body of information available by adding specific insight. Phishing attacks provide an excellent opportunity for security professionals to demonstrate the value of analytics. They have been widely studied, so we understand the pieces of the campaign and the corresponding process from creating spoofed websites to sending out s, finally culminating in compromise. In addition, companies are already sharing some information about the problem and can clearly identify the benefits of addressing it. Moreover, there is more data available to analyze that can more accurately identify phishers and create an opportunity for legal action. The old joke about the car mechanic's shop where you can have any two of "speed, low-cost, and high quality" is easily adapted to the Big Data world with one caveat: the promise of Big Data may bring with it an opportunity for choosing all THREE of "fast, accurate, and cost-effective." We will explore these concepts for the rest of this white paper. About Spire Security Spire Security, LLC conducts market research and analysis of information security issues. Spire s objective is to help refine enterprise security strategies by determining the best way to deploy policies, people, process, and platforms in support of an enterprise security management solution. This white paper was commissioned by Malcovery Security, LLC. All content and assertions are the independent work and opinions of Spire Security, reflecting its history of research in security audit, design, and risk management experience Spire Security, LLC. All rights reserved. i
3 Fast, Accurate, Cost-Effective: Choose All Three FAST, ACCURATE, COST-EFFECTIVE: CHOOSE ALL THREE Big Data and Threat Intelligence for Phishing Table of Contents EXECUTIVE SUMMARY I BIG DATA: MEANINGLESS NAME, PROFOUND IMPACT 1 INFORMATION SHARING SETS THE PRECEDENT 2 USING THREAT INTELLIGENCE TO COMBAT PHISHING 3 THE ART OF THE PHISH 4 WHO ARE THE VICTIMS? 4 PHISHING COUNTERMEASURES 5 IDENTIFYING THE SOURCE 5 FAST, ACCURATE, COST-EFFECTIVE - CHOOSE ALL THREE 6 Fast: reacting and responding quickly 6 Accurate: identifying the correct source 7 Cost-Effective: economics of phishing 7 SPIRE VIEWPOINT 8 MALCOVERY'S SEVEN PHASES OF A PHISHING INVESTIGATION 9 ii 2013 Spire Security, LLC. All rights reserved.
4 Fast, Accurate, Cost-Effective: Choose All Three Big Data: Meaningless Name, Profound Impact "The phrase Big Data is now beyond completely meaningless. For those of us who have been in the industry long enough, the mere mention of the phrase is enough to induce a Big Data headache please pass the Big Data Advil." -John de Goes, "Big Data is Dead. What's Next?" Venturebeat.com 1 "...our research suggests that the scale and scope of changes that Big Data are bringing about are at an inflection point, set to expand greatly, as a series of technology trends accelerate and converge. We are already seeing visible changes in the economic landscape as a result of this convergence." - McKinsey Global Institute 2 The meaning of the phrase "Big Data" has become so ambiguous that any conversation involving its use must be qualified simply to be understood. Nowadays, it seems just as likely that people using the words "Big Data" are talking about an IT-nerd rapper than a revolution in information technology. Of course, "usage-creep" for popular memes is not uncommon in technology. Marketers latch onto many phrases - or budget line items - and try to make them their own. Ironically, this often happens when the initial use case is so narrow that it doesn't really fit the words. Such as the "Big Data" case when specific technology like Hadoop or MapReduce is initially "needed" to meet the definition. Superficiality and semantics aside, what really matters is whether the analysis of any data is being leveraged for long-term, profound impact. And one thing that Big Data demonstrates is the opportunity for new insights with the use of powerful analytics. The positive impact of Big Data is becoming apparent. In its 2011 report on Big Data, the McKinsey Global Institute estimates that Big Data may quickly become worth $300 billion per year to the health care industry, will potentially increase operating margins by 60% in the retail sector, and can save over $149 billion in government spending through added efficiencies. 3 There are a growing number of other examples and predictions about how Big Data will contribute to society and industry. In the technology risk management (nee information security) field, Big Data needs are stunningly obvious. In the face of the "low and slow" attacks that pockmark our landscape and the complexity of the control infrastructure, much of the security intelligence we gather is circumspect and requires more contextual information to verify its accuracy. 1 Big Data is dead. What s next? retrieved 4/2/13 (http://venturebeat.com/2013/02/22/big-data-is-deadwhats-next/) 2 Big Data: The next frontier for innovation, competition, and productivity (http://www.mckinsey.com/insights/business_technology/big_data_the_next_frontier_for_innovation) 3 Ibid Spire Security, LLC. All rights reserved. 1
5 Big Data and Threat Intelligence for Phishing Information Sharing Sets the Precedent The Big Data trend brings with it a renewed interest in collaboration and information sharing. What has been an isolationist attitude in the past has turned into one of collaboration with the promise of processing even more data and reaching better conclusions about security. Key players in the security field already share information to gain an upper hand on attackers. For example: Anti-malware companies have traditionally shared malware samples and information through their AVIEN 4 network to ensure that even in competitive environments, they contribute to the safety of the Internet as a whole. Shared (and crowdsourced) websites like VirusTotal 5 allow private individuals to get involved by sharing malware samples with participating anti-malware companies. Managed security monitoring services have demonstrated the value of identifying and sharing attack information for use in protecting multiple organizations as attackers initiate scans and other types of opportunistic "driveby" activities. Anti-spam vendors use "spamtraps" ( honeypots) that impersonate thousands of individuals in order to collect as much unwanted and malicious as possible. Since these are not legitimate accounts, everything that goes to them can be considered unwanted. Verizon's Data Breach Investigation Report (DBIR) shares anonymized information about breaches with the community to provide more insight into the craft of the attacker and breach-related information. This sharing has been replicated by a number of companies, notably Trustwave and Mandiant. The value of these various information sharing activities has already been demonstrated. It is time to operationalize the approaches to take control of the threat. Big Data for Threat Intelligence One of the most exciting opportunities for the use of Big Data analytics in the security field involves threat intelligence, i.e., applying analytical techniques across diverse data sets to identify sources of attacks. For years, enterprises have focused their efforts on finding and fixing the vulnerabilities (part of their "attack surface") throughout their environments, primarily because it was the one aspect in the risk equation that could be readily controlled. Thus, organizations emphasize activities such as turning off services, adding more restrictive access control lists, patching known vulnerabilities, and reconfiguring systems htto://www.virustotal.com/ Spire Security, LLC. All rights reserved.
6 Fast, Accurate, Cost-Effective: Choose All Three The challenge with a vulnerability-oriented approach is that the supply exceeds demand. There are simply too many ways that attackers can compromise an IT environment. So, despite the often valiant efforts by security professionals to maintain a high level of protection, the odds remain against them. Furthermore, the costs associated with a vulnerability-oriented approach can be extensive and have reached a point of diminishing marginal returns for many organizations. Big Data capabilities create an opportunity to look at another part of the risk puzzle: the part involving the threat. It is crucial to understand that the capacity of the bad intelligent adversary to attack one or more organizations has significant impact on the likelihood that any individual organization will be attacked. Since many organizations have been collecting data for a number of years now, the records can be useful in identifying patterns and even sources of malicious activity that are pertinent today. Collecting and aggregating this data over time provides future opportunities for even more benefits. Threat Intelligence Analytics Discussions around Big Data tend to focus on the haystack and not on the process of extracting the needle. While it is obvious that Big Data requires a large volume of data, the analytical techniques drive the success or failure of this trend for organizations. There are a handful of key Big Data analytical techniques that can serve the information security field's ability to conduct a useful threat intelligence operation. Two key techniques are: Network and Cluster Analysis: Showing the relationships among certain attributes of the data set can provide important insight into the nature of a threat and their impact on the Internet. Inferential Analysis: Making judgment calls in a world of Big Data can lead to useful conclusions that can be vetted out by other information or otherwise confirmed. As these techniques become integrated into tools and procedures, the value proposition for threat intelligence becomes real. One opportunity is to significantly hinder phishing attacks. Using Threat Intelligence to Combat Phishing Phishing is not a new problem. Since its 1996 beginning as a nuisance to America Online subscribers 6, the practice of impersonating a trusted brand via to trick naive or unsuspecting recipients into visiting malicious websites is still going strong. This approach, which essentially automates social engineering, brings with it unprecedented economies of scale. Phishers can send out millions of s, so even a tiny response rate is very lucrative. Moreover, phishing s are becoming more sophisticated and more successful Spire Security, LLC. All rights reserved. 3
7 Big Data and Threat Intelligence for Phishing Phishing provides an obvious opportunity for threat intelligence. It is a well-known problem that has been around for a number of years, yet attempts to thwart attacks always seem to be one step behind the attackers and their innovations. Since there is an abundance of data that has been collected, new analytical techniques can make a significant impact. To further illustrate the use of Big Data analytics to address phishing, it is worth diving deeper into the attack process itself. The Art of the Phish The phisher's goal is to lure individuals to malicious but realistic-looking websites in order to steal their legitimate credentials. A typical process looks like this: Phisher creates a fake website by registering domains at an Internet Service Provider or by compromising an existing site. Phisher creates the fake to be used as a "lure" to convince victims to connect to the site. Phisher sends to tens or hundreds of thousands of Internet users, pretending to be a trusted brand. recipients click on embedded links that go to a fake website and then input their real credentials. A script on the fake website collects the credentials and saves them to a database or sends them via to a "dropbox" account owned by the attacking phisher. The phisher uses the credentials to connect to the legitimate website and perform actions e.g. transferring funds unbeknownst to the legitimate user. Who are the victims? We all are, really. Indirectly, we all suffer from the scourge of phishers, even when we know better. Perhaps the biggest effect of phishing is the erosion of trust in the process and infrastructure. We can never take for granted that those helpful notices and statements are real; we must keep our guard up. This has long-term economic consequences. In the short term, the phished users and brands have the most to lose. Unsuspecting Internet Users The clearest loser in the phishing world is the Internet user who falls for the scam. Since these scams are looking for targets with liquid assets, victims often lose money from bank accounts or other financial service accounts. Observers might think, "If they are stupid enough to fall for it, it is their own fault." However, blaming the victim rarely serves the community. Phished Brands The 400 or so brands that get phished can also be direct victims if they have regulatory requirements or a policy to credit lost funds back to a victim simply to keep their business. Indirectly, of course, there is even more potential for harm as the loss of confidence in a brand could lead to slower growth in future revenue when unsettled customers take their business elsewhere Spire Security, LLC. All rights reserved.
8 Fast, Accurate, Cost-Effective: Choose All Three It is easy to see that there are ample opportunities for identifying and protecting against attacks throughout this process. Phishing Countermeasures As soon as one of the billions of users receives the first of a new phishing campaign, a "race condition" is initiated. The goal of the phisher, of course, is to trick as many consumers as possible to visit an impersonated malicious website and input their credentials for some popular brand. The goal of the brand manager is to keep that from happening. This cycle occurs over and over again. A defender must try to address the economies of scale that the attacker gains by being online. It is simply too easy for phishers to play the numbers game when they create websites, initiate campaigns, react to countermeasures, and create a new campaign. The costs of getting into the business are extremely low, and attackers quickly become proficient at moving around in the shadows of the Internet. Brand managers employ a number of options in their countermeasures: Anti-spam solutions have long employed the use of hundreds or thousands of decoy accounts for the sole purpose of identifying spam and phishing s. These repositories are the key element to protection as they parse an and analyze the details for malicious URLs or binaries. Site takedowns are performed against phisher websites that pop up. More often than not, this is a whack-a-mole challenge between the phisher and defender where the numbers overwhelmingly favor the attacker. On the brand's site, authentication and connection source validation efforts help to reduce risk by attempting to identify anomalous connection attempts using various risk-based authentication techniques. All of these techniques enjoy some modicum of success, but none are sufficient to address the phishing problem. This is where Big Data analytics are poised to help address this problem. Identifying the Source The most prolific phishers are constantly creating new phishing campaigns that employ new brands and target different customers. At the same time, they are also looking for ways to make money in the most efficient way possible. Through this process, they provide telltale phishing clues such as: Using the same content patterns across campaigns Using the same website addresses across campaigns Using the same web scripts across campaigns Using the same addresses and dropboxes across campaigns 2013 Spire Security, LLC. All rights reserved. 5
9 Big Data and Threat Intelligence for Phishing These elements create opportunities to identify a phisher, determine his or her potential to become a repeat attacker against a brand, and assess his or her true impact on the fraud environment. Fast, Accurate, Cost-effective - Choose All Three It's an old truism that out of fast, high-quality, and cheap service, you can have any two. But the two-out-of-three constraint doesn't hold when considering Big Data for threat intelligence. The promise of the Big Data architecture and its accompanying economies of scale provide opportunities to get all three benefits. The following discussion highlights the expectations of Big Data and how to assess new opportunities for threat intelligence in phishing countermeasures. Fast: reacting and responding quickly Phishing campaigns are time-sensitive: the phisher is used to a "smash-and-grab" style campaign that occurs within hours and days rather than weeks or months. One study estimated that 66% of phishing sites had a campaign lasting less than 24 hours 7. Another study showed an average of 62 hours with a median of 20 hours 8. The same study estimated that there is an average of 18 victims on the first day which reduces to 8 by the second day. The good news about this phishing speed is that it demonstrates the success of takedown efforts. Phishers move quickly, because they know the reactive controls are good enough to warrant it. As new techniques are learned on the attacker side, the defender must get even faster with takedowns. Consider the complexity of the challenge to take down a website: First, the site must be identified by analyzing s after the campaign begins. Then, the applicable website ISP must be notified of a phishing site. Finally, priorities and timeframes must be matched with the ISP in order for them to take the site down. After one takedown cycle is complete, it starts all over again. With some phishing architectures, a simple command change can point prospects to a new site within minutes. The benefit of Big Data techniques is that they can perform analytics on mountains of data. As more and more data become available, learning techniques become quicker, since the level of confidence increases. This ensures that the evidence needed to get a site taken down can be gathered more quickly. Furthermore, as more information is provided from multiple sources, the most prolific phishers can be more readily identified. In the same way that the McColo 7 An Empirical Analysis of Phishing Blacklists, Sheng, Wardman, Warner, et al. 8 Examining the impact of website take-down on phishing, Clayton and Moore Spire Security, LLC. All rights reserved.
10 Fast, Accurate, Cost-Effective: Choose All Three takedown reduced the world's spam by 75% in , removing the world's phishers could be just as beneficial. Accurate: identifying the correct source There is a well-known problem in statistics called the "base-rate fallacy 10 " that often confounds threat intelligence efforts. The base-rate problem occurs when there are a disproportionate number of one outcome population than another. For example, a control that can detect attackers 99% of the time in a situation where 1 in 10,000 connections are attacks will likely find that one attacker but will also falsely identify 100 attackers so the likelihood that an alert is an actual attacker is 1 in 100 or 1%. These types of scenarios cause people to ignore the alerts (in the same way we often ignore car alarms and store-theft sensors). While it is reasonable to consider the issue of the base-rate problem, the data associated with phishing are already well-vetted. Two separate studies found very low rates of false positives in existing blacklist products 11. The key differentiator here is that the data often comes from "spamtrap" accounts where it is unwanted by definition. The next step in addressing the phishing problem is to trace the campaigns back to the unique phishers themselves. The objective is to combine analytics across multiple phishing campaigns and look for commonalities that link them together. With enough data, these linkages become apparent and provide even more insight into the campaigner's identity. This kind of accuracy, backed by data, provides an opportunity to actually put the phishers out of business rather than interrupting a single campaign. Cost-Effective: economics of phishing Any security solution should be carefully evaluated for its cost-effectiveness. This means assessing the costs and deciding whether it is worth spending the money. Often, this decision is an ad hoc judgment call an approach that doesn't provide much confidence. With phishing, however, a number of studies have published useful numbers and estimates that allow customers to determine whether particular control measures are cost-effective. A recent study on phishing estimated the global losses from phishing attacks at $320 million annually, "at an absolute minimum." 12 As defenders conduct their costbenefit analyses, they can compare their spending on anti-phishing solutions to the amount of losses that are allocated to them Evaluating the wisdom of crowds in assessing phishing websites, Moore and Clayton 12 Examining the impact of website takedown on phishing. Clayton and Moore 2013 Spire Security, LLC. All rights reserved. 7
11 Big Data and Threat Intelligence for Phishing Trustwave estimates that phishing comprises 0.17% of all spam 13. At first glance, this seems like a very low number. But considering that there are 140 billion s sent each day, 75% (105 billion) of which are spam, phishing s still amount to 178 million messages per day. It's no wonder that another study estimated that 0.4% of Internet users - nearing 8 million - get phished annually. 14 As with all financial estimates, numbers can vary. However, it is useful to compare the costs In economic analysis, a truly rational decision incorporates the cost of taking some action and compares it to the benefits. If the benefits are higher than the costs, then the decision-maker may elect to take the action. Spire ViewPoint There is no need to jump through "Hadoops" simply to define the term Big Data. Regardless of what technical architecture is used, the intent is clear - there is power and scale in analyzing large volumes of data, i.e. the ability to process millions and billions of records in pursuit of objectives. From a threat intelligence perspective, evolving the analytical approach to phishing by incorporating newer techniques associated with Big Data has already been beneficial to frequently-phished organizations and shows great promise in accomplishing the objective of reducing the amount of phishing activity worldwide. The phishing problem is a perfect place to leverage analytics since the campaigns occur frequently and require fast response, the large volume of data available results in very few false positives, and there is great opportunity for demonstrable costeffectiveness. 13 Trustwave 2013 Global Security Report 14 Evaluating a Trial Deployment of Password Re-Use for Phishing Prevention, Florencio and Herley Spire Security, LLC. All rights reserved.
12 Fast, Accurate, Cost-Effective: Choose All Three Malcovery's Seven Phases of a Phishing Investigation Malcovery leverages Big Data techniques to combat phishing and phishers. It has developed a seven-phase process to evaluate all aspects of a set of campaigns and identify the phishers behind them. Malcovery's Seven Phases of a Phishing Investigation: 1. Spam Analysis - The first step is to review the actual messages for similarities - URLs, addresses, etc. 2. Site Analysis - Next, Malcovery reviews individual websites to pull out elements that can be catalogued and associated with specific phishers. 3. Kit Analysis - Phishers often use the same kit of tools as they create new campaigns. Malcovery reviews the components of the tools and identifies similar pieces across campaigns. 4. Cluster Analysis - As the information develops, Malcovery evaluates the bigger picture, looking for campaign similarities and tying them back to individuals. 5. Log Analysis - As more information becomes available on the site itself, Malcovery factors in log information from all available sources, including hacked servers, victim log files, etc. to build the complete picture. 6. Search Warrant Analysis - Malcovery assists with the search warrant process as investigations about individual phishers develop, preparing affidavits and, upon law enforcement request, processing results data. 7. Open Source Intelligence - All pertinent information that is publicly available is gathered to provide support for investigations and further legal action. The Malcovery approach provides a complete cross-campaign analytical process to drive investigations to the phishers themselves. This effectively eliminates the economies of scale that usually benefit the phishers Spire Security, LLC. All rights reserved. 9
14 Contact Spire Security To provide feedback on this white paper or contact Spire Security, LLC about other security topics, please visit our website at This white paper was commissioned by Malcovery Security, LLC. All content and assertions are the independent work and opinions of Spire Security, reflecting its history of research in security audit, design, and consulting activities. Spire Security, LLC I P.O. Box 152 I Malvern, PA
Protecting Against Online Fraud with F5 Fraud is a relentless threat to financial services organizations that offer online banking. The F5 Web Fraud Protection solution defends against malware, phishing
The Cost of Phishing Understanding the True Cost Dynamics Behind Phishing Attacks A CYVEILLANCE WHITE PAPER MAY 2015 Executive Summary.... 3 The Costs... 4 How To Estimate the Cost of an Attack.... 5 Table
Anti-Phishing Best Practices for ISPs and Mailbox Providers Version 2.01, June 2015 A document jointly produced by the Messaging, Malware and Mobile Anti-Abuse Working Group (M 3 AAWG) and the Anti-Phishing
Symantec Cyber Threat Analysis Program Symantec Cyber Threat Analysis Program Team White Paper: Symantec Security Intelligence Services Symantec Cyber Threat Analysis Program Contents Overview...............................................................................................
Fraud Investigation and Education FIS www.fisglobal.com Phishing What is it? Phishing is a technique used to gain personal information for purposes of identity theft, using fraudulent e mail messages that
BEST PRACTICES IN WEB CONFERENCING SECURITY A Spire Research Report April 2003 By Pete Lindstrom, Research Director Sponsored By: www.cisco.com BEST PRACTICES IN WEB CONFERENCING SECURITY A Spire Research
Anti-Phishing Best Practices: Keys to Aggressively and Effectively Protecting Your Organization from Phishing Attacks Prepared by James Brooks, Senior Product Manager Cyveillance, Inc. Overview Phishing
White Paper Targeted Phishing Email is the medium most organizations have come to rely on for communication. Unfortunately, most incoming email is unwanted or even malicious. Today s modern spam-blocking
- 2 - Malware & Botnets The Internet is a powerful and useful tool, but in the same way that you shouldn t drive without buckling your seat belt or ride a bike without a helmet, you shouldn t venture online
LASTLINE WHITEPAPER Using Passive DNS Analysis to Automatically Detect Malicious Domains Abstract The domain name service (DNS) plays an important role in the operation of the Internet, providing a two-way
A Phishnix White Paper Shield Your Business - Combat Phishing Attacks Aujas Information Risk Services 19925 Steven s Creek Blvd, Suite 100, Cupertino, CA 95014-2358 Phone: 1.855.PHISHNX Fax : +1 408 973
SPEAR PHISHING TESTING METHODOLOGY From An article on our Spear Phishing Testing which can be used in social engineering exercise to determine organization wide susceptibility to an APT style attack. Document
Security Trends Overview Targeted Phishing SECURITY TRENDS Overview Email is the communication medium most organizations have come to rely on. Unfortunately, most incoming email is unwanted or even malicious.
Phishing: Facing the Challenge of Email Identity Theft with Proper Tools and Practices A Leadfusion White Paper 2012 Leadfusion, Inc. All rights reserved. The Threat of Phishing Email is an indispensable
A BUSINESS CASE FOR BEHAVIORAL ANALYTICS White Paper Introduction What is Behavioral 1 In a world in which web applications and websites are becoming ever more diverse and complicated, running them effectively
White Paper THE FOUR ATTACK VECTORS TO PREVENT OR DETECT RETAILER BREACHES By James Christiansen, VP, Information Risk Management Executive Summary Security breaches in the retail sector are becoming more
Top five strategies for combating modern threats Is anti-virus dead? Today s fast, targeted, silent threats take advantage of the open network and new technologies that support an increasingly mobile workforce.
White paper Phishing, Vishing and Smishing: Old Threats Present New Risks How much do you really know about phishing, vishing and smishing? Phishing, vishing, and smishing are not new threats. They have
WHITE PAPER The Cost of Phishing: Understanding the True Cost Dynamics Behind Phishing Attacks A Cyveillance Report October 2008 EXECUTIVE SUMMARY How much do phishing attacks really cost organizations?
Provided by: December 2014 Oliver James Enterprise DON T BE FOOLED BY EMAIL SPAM FREE GUIDE 1 This guide will teach you: How to spot fraudulent and spam e-mails How spammers obtain your email address How
Addressing Big Data Security Challenges: The Right Tools for Smart Protection Trend Micro, Incorporated A Trend Micro White Paper September 2012 EXECUTIVE SUMMARY Managing big data and navigating today
Kaseya White Paper What Do You Mean My Cloud Data Isn t Secure? Understanding Your Level of Data Protection www.kaseya.com As today s businesses transition more critical applications to the cloud, there
SESSION ID: SPO2-T09 Separating Signal from Noise: Taking Threat Intelligence to the Next Level Doron Shiloach X-Force Product Manager IBM @doronshiloach Agenda Threat Intelligence Overview Current Challenges
INTRUSION PREVENTION SYSTEMS (IPS): NEXT GENERATION FIREWALLS A Spire Research Report March 2004 By Pete Lindstrom, Research Director SP i RE security Spire Security, LLC P.O. Box 152 Malvern, PA 19355
Web Security Discovering, Analyzing and Mitigating Web Security Threats Expectations and Outcomes Mitigation strategies from an infrastructure, architecture, and coding perspective Real-world implementations
Contributors Rod Rasmussen, Internet Identity Patrick Cain, Anti-Phishing Working Group Laura Mather, Anti-Phishing Working Group Ihab Shraim, MarkMonitor Summary Given fundamental policy changes regarding
White Paper Spear Phishing Attacks Why They are Successful and How to Stop Them Combating the Attack of Choice for Cybercriminals White Paper Contents Executive Summary 3 Introduction: The Rise of Spear
10 Quick Tips to Mobile Security 10 Quick Tips to Mobile Security contents 03 Introduction 05 Mobile Threats and Consequences 06 Important Mobile Statistics 07 Top 10 Mobile Safety Tips 19 Resources 22
Evaluating DMARC Effectiveness for the Financial Services Industry by Robert Holmes General Manager, Email Fraud Protection Return Path Executive Summary Email spoofing steadily increases annually. DMARC
I D C A N A L Y S T C O N N E C T I O N Robert Westervelt Research Manager, Security Products T h e R o l e a nd Value of Continuous Security M o nitoring August 2015 Continuous security monitoring (CSM)
WHITE PAPER: SYMANTEC GLOBAL INTELLIGENCE NETWORK 2.0.... ARCHITECTURE.................................... Symantec Global Intelligence Network 2.0 Architecture: Staying Ahead of the Evolving Threat Who
ESG Solution Showcase Data- centric Security: A New Information Security Perimeter Date: March 2015 Author: Jon Oltsik, Senior Principal Analyst Abstract: Information security practices are in the midst
13/09/2014 Unified Security Management and Open Threat Exchange RICHARD KIRK SENIOR VICE PRESIDENT 11 SEPTEMBER 2014 Agenda! A quick intro to AlienVault Unified Security Management (USM)! Overview of the
OEM URL Categorization Database and Real-time Web Categorization Technology Data Sheet: Security Intelligence OVERVIEW A major challenge today is ensuring a safe web environment for users and companies
Who Drives Cybersecurity in Your Business? Milan Patel, K2 Intelligence AIBA Quarterly Meeting September 10, 2015 The Answer 2 Everyone The relationship between the board, C-suite, IT, and compliance leaders
GETTING REAL ABOUT SECURITY MANAGEMENT AND "BIG DATA" A Roadmap for "Big Data" in Security Analytics ESSENTIALS This paper examines: Escalating complexity of the security management environment, from threats
Threat Intelligence Pty Ltd firstname.lastname@example.org 1300 809 437 Specialist Security Training Catalogue Did you know that the faster you detect a security breach, the lesser the impact to the organisation?
Bad Ads Trend Alert: Shining a Light on Tech Support Advertising Scams May 2014 TrustInAds.org Keeping people safe from bad online ads OVERVIEW Today, even the most tech savvy individuals can find themselves
Conducting an Email Phishing Campaign WMISACA/Lansing IIA Joint Seminar May 26, 2016 William J. Papanikolas, CISA, CFSA Sparrow Health System Estimated cost of cybercrime to the world economy in 2015 was
Advanced Threat Hunting with Carbon Black TABLE OF CONTENTS Overview Threat Hunting Defined Existing Challenges and Solutions Prioritize Endpoint Data Collection Over Detection Leverage Comprehensive Threat
December 2010 Report #48 With the holidays in full gear, Symantec observed an increase of 30 percent in the product spam category as spammers try to push Christmas gifts and other products. While the increase
WHITE PAPER Moving Beyond the FFIEC Guidelines How Device Reputation Offers Protection Against Future Security Threats Table of Contents Introduction 1 The FFIEC Guidelines 2 Why Move Beyond Complex Device
Stay ahead of insiderthreats with predictive,intelligent security Sarah Cucuz email@example.com IBM Security White Paper Executive Summary Stay ahead of insider threats with predictive, intelligent
May 2011 Report #53 The unexpected raid and resulting death of Osama Bin Laden shocked the world. As always, spammers were quick to jump on this headline, and send a variety of spam messages leveraging
WHITE PAPER SPEAR PHISHING ATTACKS WHY THEY ARE SUCCESSFUL AND HOW TO STOP THEM Why Automated Analysis Tools are not Created Equal SECURITY REIMAGINED CONTENTS Executive Summary...3 Introduction: The Rise
ENABLING FAST RESPONSES TO Security INCIDENTS WITH THREAT MONITORING Executive Summary As threats evolve and the effectiveness of signaturebased web security declines, IT departments need to play a bigger,
Defending Against Data Beaches: Internal Controls for Cybersecurity Presented by: Michael Walter, Managing Director and Chris Manning, Associate Director Protiviti Atlanta Office Agenda Defining Cybersecurity
Symantec Cyber Security Services: DeepSight Intelligence Actionable intelligence to get ahead of emerging threats Overview: Security Intelligence Companies face a rapidly evolving threat environment with
ebook Top 10 Anti-fraud Tips: The Cybersecurity Breach Aftermath Protecting against downstream fraud attacks in the wake of large-scale security breaches. Digital companies can no longer trust static login
2016 Trends in Cybersecurity: A Quick Guide to the Most Important Insights in Security For 10 years, Microsoft has been studying and analyzing the threat landscape of exploits, vulnerabilities, and malware.
The risks borne by one are shared by all: web site compromises Having your company web site hacked or compromised can be a costly experience for your organisation. There are immediate costs in responding
White Paper Securing Cloud-Based Email A Guide for Government Agencies White Paper Contents Executive Summary 3 Introduction 3 The Risks Posed to Agencies Running Email in the Cloud 4 How FireEye Secures
Top Cyber Threats Of 2009 Who were the top 5 riskiest celebrities in 2009? Did spammers really know who killed Michael Jackson? Data from Symantec Security Response November 2009 Top 5 Riskiest Celebrities
Cybersecurity Services Combating a new generation of cybercriminal with in-depth security monitoring 1 st Advanced Data Analysis Security Operation Center The Challenge Don t leave your systems unmonitored.
1 Layered security in authentication. An effective defense against Phishing and Pharming The most widely used authentication method is the username and password. The advantages in usability for users offered
y The Growing Problem of Outbound Spam An Osterman Research Survey Report Published June 2010 SPONSORED BY! #$!#%&'()*(!!!!"#$!#%&'()*( Osterman Research, Inc. P.O. Box 1058 Black Diamond, Washington 98010-1058
WHITE PAPER: FINDING EMAIL SECURITY IN THE CLOUD Finding Email Security in the Cloud CONTENTS Introduction 3 I. Why Good Enough Security is Never Good Enough 3 Mind your security gaps 4 II. Symantec Email
2012 Payment Card Threat Report The second annual study of unencrypted payment card storage Automated Attacks and Card Data Handling In 2011, data breaches increased 42% and as such, last year was reported
International Journal of Information and Computation Technology. ISSN 0974-2239 Volume 3, Number 7 (2013), pp. 655-662 International Research Publications House http://www. irphouse.com /ijict.htm Data
Introduction The threat is real Phishing continues to pose a growing threat to the security of industries of every kind from financial organizations to government contractors to healthcare firms. Though
WHITEPAPER Endpoint Threat Detection without the Pain Contents Motivated Adversaries, Too Many Alerts, Not Enough Actionable Information: Incident Response is Getting Harder... 1 A New Solution, with a
Ten Tips for Managing Risks on Convergent Networks The Risk Management Group April 2012 Sponsored by: Lavastorm Analytics is a global business performance analytics company that enables companies to analyze,
Best Practices for Implementing Global IoT Initiatives Key Considerations for Launching a Connected Devices Service White Paper Jasper Technologies, Inc. 02 For more information about becoming a service
THE 2014 THREAT DETECTION CHECKLIST Six ways to tell a criminal from a customer. Telling criminals from customers online isn t getting any easier. Attackers target the entire online user lifecycle from
Putting Web Threat Protection and Content Filtering in the Cloud Why secure web gateways belong in the cloud and not on appliances Contents The Cloud Can Lower Costs Can It Improve Security Too?. 1 The
ESG Brief Webroot Delivers Enterprise-Class Threat Intelligence to Security Technology Providers and Large Organizations Date: September 2014 Author: Jon Oltsik, Senior Principal Analyst; Kyle Prigmore,
Embedding Analytics in Decision Management Systems In-database analytics offer a powerful tool for embedding advanced analytics in a critical component of IT infrastructure. James Taylor CEO CONTENTS Introducing
February/2014 Process Intelligence: An Exciting New Frontier for Business Intelligence Claudia Imhoff, Ph.D. Sponsored by Altosoft, A Kofax Company Table of Contents Introduction... 1 Use Cases... 2 Business
Who will win the battle - Spammers or Service Providers? Pranaya Krishna. E* Spam Analyst and Digital Evidence Analyst, TATA Consultancy Services Ltd. (firstname.lastname@example.org) Abstract Spam is abuse
Why Smart Data is Superior for Most Business Decisions written by Tyler G Page The big data phenomenon and how you can get better ROI out of Smart Data. Table of Contents Introduction 3 A Business Rule
Solving Your Big Data Problems with Fast Data (Better Decisions and Instant Action) Does your company s integration strategy support your mobility, big data, and loyalty projects today and are you prepared
White paper How to choose a Certificate Authority for safer web security Executive summary Trust is the cornerstone of the web. Without it, no website or online service can succeed in the competitive online
Managed Security Monitoring: Network Security for the 21st Century Introduction The importance of Security The Internet is critical to business. Companies have no choice but to connect their internal networks
: INCIDENT RESPONSE FIVE KEY RECOMMENDATIONS 1 FIVE KEY RECOMMENDATIONS During 2014, NTT Group supported response efforts for a variety of incidents. Review of these engagements revealed some observations
Information Security Field Guide to Identifying Phishing and Scams 010001010100101010001010011010101010101010101 01000101010011010010100101001010 1 Contents Introduction Phishing Spear Phishing Scams Reporting
Can Your Organization Brave The New World of Advanced Cyber Attacks? www.websense.com/apx Overview: When it comes to defending against cyber attacks, the global business community faces a dangerous new
Applying Internal Traffic Models to Improve Identification of High Fidelity Cyber Security Events Abstract Effective Security Operations throughout both DoD and industry are requiring and consuming unprecedented
Seven Things To Consider When Evaluating Privileged Account Security Solutions Contents Introduction 1 Seven questions to ask every privileged account security provider 4 1. Is the solution really secure?
Sponsored by IT and Business Professionals Say Website Attacks are Persistent and Varied EXECUTIVE BRIEF In this Paper Thirty percent of IT and business professionals say their organization was attacked
Towards Threat Wisdom Duncan Brown email@example.com @duncanwbrown What our world looks like Incidents Threats 48% 1 1mpd 2 Infections x14 3 Sources: 1. PwC, The Global State of Information Security Survey
ESG Brief Addressing APTs and Modern Malware with Security Intelligence Date: September 2013 Author: Jon Oltsik, Senior Principal Analyst Abstract: APTs first came on the scene in 2010, creating a wave