Securing Cloud-Based Email



Similar documents
Spear Phishing Attacks Why They are Successful and How to Stop Them

Protecting Your Data, Intellectual Property, and Brand from Cyber Attacks

White Paper. Why Next-Generation Firewalls Don t Stop Advanced Malware and Targeted APT Attacks

SECURITY REIMAGINED SPEAR PHISHING ATTACKS WHY THEY ARE SUCCESSFUL AND HOW TO STOP THEM. Why Automated Analysis Tools are not Created Equal

White Paper. Advantage FireEye. Debunking the Myth of Sandbox Security

The Advanced Cyber Attack Landscape

Fighting Advanced Threats

Advanced Targeted Attacks

SPEAR-PHISHING ATTACKS

CISO Guide to Next Generation Threats

Modular Network Security. Tyler Carter, McAfee Network Security

The Ostrich Effect In Search Of A Realistic Model For Cybersecurity

Today s New Breed of -based Cyber Attacks and What it Takes to Defend Against Them

The Dirty Secret Behind the UTM: What Security Vendors Don t Want You to Know

24/7 Visibility into Advanced Malware on Networks and Endpoints

SPEAR PHISHING AN ENTRY POINT FOR APTS

REVOLUTIONIZING ADVANCED THREAT PROTECTION

WHITE PAPER ADVANCED TARGETED ATTACKS: How to Protect Against the New Generation of Cyber Attacks SECURITY REIMAGINED

Big Threats for Small Businesses

WEBTHREATS. Constantly Evolving Web Threats Require Revolutionary Security. Securing Your Web World

Stop advanced targeted attacks, identify high risk users and control Insider Threats

Symantec Protection Suite Add-On for Hosted and Web Security

The Hillstone and Trend Micro Joint Solution

5 Design Principles for Advanced Malware Protection

WEBSENSE SECURITY SOLUTIONS OVERVIEW

Breaking the Cyber Attack Lifecycle

IBM Security QRadar Vulnerability Manager

Advanced Persistent Threats

RSA Enterprise Compromise Assessment Tool (ECAT) Date: January 2014 Authors: Jon Oltsik, Senior Principal Analyst and Tony Palmer, Senior Lab Analyst

Extreme Networks Security Analytics G2 Vulnerability Manager

SECURITY REIMAGINED. FireEye Network Threat Prevention Platform. Threat Prevention Platform that Combats Web-based Cyber Attacks

Report. Bromium: Endpoint Protection Attitudes & Trends Increasing Concerns Around Securing End Users

Networking for Caribbean Development

Why Device Fingerprinting Provides Better Network Security than IP Blocking. How to transform the economics of hacking in your favor

The Custom Defense Against Targeted Attacks. A Trend Micro White Paper

DEFENSE THROUGHOUT THE VULNERABILITY LIFE CYCLE WITH ALERT LOGIC THREAT AND LOG MANAGER

Top 10 Reasons Enterprises are Moving Security to the Cloud

Next Generation IPS and Reputation Services

Why a Network-based Security Solution is Better than Using Point Solutions Architectures

White Paper. Intelligent DDoS Protection Use cases for applying DDoS Intelligence to improve preparation, detection and mitigation

isheriff CLOUD SECURITY

Advanced Persistent Threats

AppGuard. Defeats Malware

Finding Security in the Cloud

Data Center security trends

IBM Internet Security Systems

TRITON APX. Websense TRITON APX

Modern Cyber Threats. how yesterday s mind set gets in the way of securing tomorrow s critical infrastructure. Axel Wirth

Security Services. 30 years of experience in IT business

Websense Messaging Security Solutions. Websense Security Websense Hosted Security Websense Hybrid Security

Advanced Cyber Threats in State and Local Government

Symantec Cyber Threat Analysis Program Program Overview. Symantec Cyber Threat Analysis Program Team

Analyzing HTTP/HTTPS Traffic Logs

By John Pirc. THREAT DETECTION HAS moved beyond signature-based firewalls EDITOR S DESK SECURITY 7 AWARD WINNERS ENHANCED THREAT DETECTION

Security Intelligence Services.

Technology Blueprint. Protect Your Servers. Guard the data and availability that enable business-critical communications

Secure Web Gateways Buyer s Guide >

SECURITY ANALYTICS MOVES TO REAL-TIME PROTECTION

IBM Security re-defines enterprise endpoint protection against advanced malware

INTRODUCING isheriff CLOUD SECURITY

Advanced Threat Detection: Necessary but Not Sufficient The First Installment in the Blinded By the Hype Series

ENABLING FAST RESPONSES THREAT MONITORING

McAfee Endpoint Protection for SMB. You grow your business. We keep it secure.

Streamlining Web and Security

WHAT EVERY CEO, CIO AND CFO NEEDS TO KNOW ABOUT CYBER SECURITY.

Addressing APTs and Modern Malware with Security Intelligence Date: September 2013 Author: Jon Oltsik, Senior Principal Analyst

Addressing the Full Attack Continuum: Before, During, and After an Attack. It s Time for a New Security Model

Persistence Mechanisms as Indicators of Compromise

Security Intelligence

Session 9: Changing Paradigms and Challenges Tools for Space Systems Cyber Situational Awareness

Reduce Your Network's Attack Surface

SECURE SHARING AND COMMUNICATION. Protection for servers, and collaboration

Preempting Business Risk with RSA SIEM and CORE Security Predictive Security Intelligence Solutions

Advanced Threat Protection with Dell SecureWorks Security Services

McAfee Total Protection Reduce the Complexity of Managing Security

End-user Security Analytics Strengthens Protection with ArcSight

INFORMATION PROTECTED

A Modern Framework for Network Security in the Federal Government

How Attackers are Targeting Your Mobile Devices. Wade Williamson

Transcription:

White Paper Securing Cloud-Based Email A Guide for Government Agencies

White Paper Contents Executive Summary 3 Introduction 3 The Risks Posed to Agencies Running Email in the Cloud 4 How FireEye Secures Cloud-Based Email Against APTs 5 FireEye Deployment Overview 6 Conclusion 7 FireEye, Inc. Securing Cloud-Based Email 2

Executive Summary Today, email-based threats represent significant and persistent risks for government agencies, and those dangers are only exacerbated by the move to cloud delivery models. This paper shows how government agencies can capitalize on the benefits of the cloud, while addressing their critical security gaps. The paper reveals how by inspecting and detecting email-based attacks both those that leverage malicious URLs and attachments FireEye enables government agencies to mitigate the risks posed by cloud-based email services. Introduction In just a few years, the advancement of cloud computing models has fundamentally changed the technology landscape, and ushered in significant opportunities for government agencies. As Richard A. Spires, CIO, Department of Homeland Security, stated, Cloud computing and the continual evolution of mobile devices, collaboration tools, computing power advances, and social media expansion are revolutionizing Information Technology (IT). These advances are changing the way business is conducted inside and outside the U.S. federal government. Not only is this an exciting and novel transformation, it also brings a true opportunity to deliver real innovation with less. 1 Today, CIOs at government agencies worldwide have an array of options to choose from, including private, community, and public cloud offerings. When it comes to the services being migrated to the cloud, government agencies can also leverage a broad array of options; however, one of the most prominent examples is email. In fact, CIOs from 15 agencies committed to moving to cloud-based email solutions before the end of 2011. 2 Following are just a few of the reasons government agencies are being compelled to migrate email to the cloud: Cost savings. By some estimates, cloud-based email can be three times cheaper than internally-hosted email. Operational benefits. By enabling internal IT teams to offload the deployment and ongoing maintenance of internal infrastructures, cloud-delivery models provide government agencies with a range of operational benefits, including saving staff time, improving team efficiency, and more. Mandates. In the FY 2011 U.S. federal government budget, the Obama administration instituted budget freezes for many departments, and in some cases reductions of 5% in budgets 3, pointing to the adoption of cloud computing as a major part of the strategy to achieve efficient and effective IT. 4 However, in addition to a number of prospective benefits, the move to cloud-based email also presents some significant risks, as outlined below. 1 CIO.gov, Creating a Future-Ready, Digital Government Today, Richard Spires, June 20, 2012 http://www.cio.gov/pages.cfm/page/creating-a-futureready-digital-government-today 2 Forbes, Implementation of Cloud Computing Solutions in Federal Agencies: Part 2 - Challenges of Cloud Computing, Kevin L. Jackson, August 28, 2011, http://www.forbes.com/sites/kevinjackson/2011/08/28/implementation-of-cloud-computing-solutions-in-federal-agenciespart-2-challenges-of-cloud-computing/ 3 Forbes, Implementation of Cloud Computing Solutions in Federal Agencies: Part 2 - Challenges of Cloud Computing, Kevin L. Jackson, August 28, 2011, http://www.forbes.com/sites/kevinjackson/2011/08/28/implementation-of-cloud-computing-solutions-in-federal-agenciespart-2-challenges-of-cloud-computing/ 4 Google Public Policy Blog, Cloud computing in the President s 2011 budget, February 1, 2010, Harry Wingo, http://googlepublicpolicy. blogspot.com/2010/02/cloud-computing-in-presidents-2011.html FireEye, Inc. Securing Cloud-Based Email 3

The Risks Posed to Agencies Running Email in the Cloud When assessing the risks of cloud-based email, it is important to start with the threat landscape government agencies are operating in today. Government agencies are frequently the victims of advanced persistent threats (APTs), often comprised of multi-stage, coordinated attacks. In spite of massive investments in security infrastructure, over 95% of organizations have at least 10 malicious infections bypass traditional security mechanisms and enter their network on a weekly basis. Further, 80% experience more than 100 new infections each week. 5 Email is a favored channel for the criminals waging these attacks. The majority of APT attacks targeting government agencies originate with targeted spear phishing emails. There s a simple reason why criminals are using this tactic: it works. Why are these email-based attacks so effective? In large part, it s because the defenses government agencies have in place today cannot stop them. The reality is that no traditional signature-based technology directly addresses techniques like spear phishing. The spam filters used in most organizations are ill-equipped to detect the personal, low-volume emails sent by spear phishers. These spam filters are too general in nature, typically looking for the hallmarks of traditional spam, i.e., large volume, mass mailings from a single, disreputable server. In addition, Web filtering tools are too indirect in nature, and miss malicious attachments that a spear phisher may send. Further, while firewalls, next-generation firewalls, Intrusion Prevention Systems (IPS), Anti-Virus (AV), and gateways remain important security defenses, they continue to be ineffective at stopping targeted email attacks. These technologies rely on approaches like URL blacklists and signatures. By definition, these approaches don t work against dynamic attacks that exploit zero-day vulnerabilities. If an IPS or AV program doesn t recognize the signature of a new exploit, it won t stop it. When highly dynamic malicious URLs are employed, URL blacklists don t cut it. Quite simply, traditional defenses stop known attacks, but are rendered defenseless against unknown advanced targeted attacks. These challenges are plenty daunting in their own right, but when you introduce cloud-based delivery models, security teams in government agencies are truly in a bind. Beyond the challenges outlined above, cloud-based email, whether public or private, adds the following complexities to the mix: When government agencies leverage multi-tenant cloud environments, there s a very real threat that if another tenant s defenses are compromised by malware, their defenses may also be at risk. Given the shared security models of many cloud-based email deployments, security teams have to navigate a host of questions concerning the cloud provider s controls, and how they are verified and audited. 5 FireEye, FireEye Advanced Threat Report 2H 2011, http://www.fireeye.com/resources/pdfs/fireeye_advanced_threat_report_2h2011.pdf FireEye, Inc. Securing Cloud-Based Email 4

When attacks are discovered, security teams have to manage the hand-off of threat intelligence in order to mitigate risks most quickly and effectively. Sensitive information related to spear phishing attacks on government executives is now being made available online. Because government agencies aren t continuously monitoring for these types of attacks, they lack visibility into when attacks happen and who is being targeted. Consequently, government agencies aren t in compliance with U.S. federal government policies and guidance. To comply with internal security policies and security mandates, for example, the continuous monitoring requirements of the Federal Risk Authorization and Management Program (FedRAMP), U.S. federal government agencies will need to address the risks present when utilizing cloud-based email. How FireEye Secures Cloud-Based Email Against APTs FireEye delivers solutions that have been proven to protect government agencies using cloud-based email services. Consequently, FireEye enables government agencies to move forward with their cloudbased email initiatives, while effectively safeguarding their networks and assets. The FireEye Malware Protection System (MPS) fills the security gap that exists in government agencies networks today. The FireEye MPS solution features appliances that sit behind traditional gateways and concentrate on the hardest security problems: advanced malware, zero-day exploits, and targeted APT attacks. With the FireEye Email Malware Protection System (Email MPS), government agencies can leverage the following capabilities: Real-time analysis. The FireEye Email MPS inspects both URLs in emails and attachments in real time. Consequently, the solution can guard against attacks that use both email and Web, such as a spear phishing email that attempts to lure users into clicking on a malicious URL. Real-time blocking. Once malware is detected, the FireEye Email MPS quarantines malicious emails and attachments, ensuring they don t contaminate other systems in the network. Dynamic analysis. Rather than relying on signatures, the FireEye Email MPS takes the signature-less, dynamic analysis approach that is required to guard against attacks that exploit zero-day vulnerabilities. FireEye, Inc. Securing Cloud-Based Email 5

FireEye Deployment Overview When deploying the FireEye Email MPS solution, government agencies have a couple of options. First, they can deploy the solution on premise. In this scenario, organizations deploy the FireEye Email MPS within their data center, employing the solution to inspect traffic between cloud-hosted email control points, such as anti-spam gateways, and the cloud-hosted email service. The benefit of this approach is that organizations keep threat information on premise, where it can be readily accessible for analysis and remediation. Second, government agencies can deploy the FireEye Email MPS within the email service provider s cloud infrastructure. In some cases, those agencies may still retain responsibility for managing the FireEye Email MPS solution. In other cases, that responsibility may be assigned to the service provider s security team. Internet Cloud Service (email) Anti-Spam Gateway Mail Servers Egress Router Firewall CMS Web MPS (Check URLs for malicious content) Core Switch Email MPS (Scans email attachments for APTs) Users SIEM Zero-day malware found in attachments or URLs gets reported to agency Security Information and Event Management (SIEM) device FireEye, Inc. Securing Cloud-Based Email 6

Conclusion Before migrating to cloud-based email services, government agencies must be able to thwart the targeted email attacks being waged. With its dynamic, real-time, and intelligent solutions, FireEye can help government agencies guard against targeted email attacks that seek to exploit zero-day vulnerabilities. With FireEye, agencies can fully leverage the cost and operational benefits of cloudbased services and address their most pressing security challenges. About FireEye FireEye is the leader in stopping advanced targeted attacks that use advanced malware, zero-day exploits, and APT tactics. The FireEye solutions supplement traditional and next-generation firewalls, IPS, anti-virus, and gateways, which cannot stop advanced threats, leaving security holes in networks. FireEye offers the industry s only solution that detects and blocks attacks across both Web and email threat vectors as well as latent malware resident on file shares. It addresses all stages of an attack lifecycle with a signature-less engine utilizing stateful attack analysis to detect zero-day threats. Based in Milpitas, California, FireEye is backed by premier financial partners including Sequoia Capital, Norwest Venture Partners, and Juniper Networks. 2012 FireEye, Inc. All rights reserved. FireEye is a trademark of FireEye, Inc. All other brands, products, or service names are or may be trademarks or service marks of their respective owners. WP.CE.GOVT.US-EN.082012 FireEye, Inc. Securing Cloud-Based Email 7 FireEye, Inc. 1440 McCarthy Blvd. Milpitas, CA 95035 408.321.6300 877.FIREEYE (347.3393) info@fireeye.com www.fireeye.com

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information