THE THREE Es OF MODERN EMAIL SECURITY FOR PHISHING

Similar documents
White Paper THE FOUR ATTACK VECTORS TO PREVENT OR DETECT RETAILER BREACHES. By James Christiansen, VP, Information Risk Management

Finding Security in the Cloud

SIMULATED ATTACKS. Evaluate Susceptibility Using PhishGuru, SmishGuru, and USBGuru MEASURE ASSESS

SECURITY REIMAGINED SPEAR PHISHING ATTACKS WHY THEY ARE SUCCESSFUL AND HOW TO STOP THEM. Why Automated Analysis Tools are not Created Equal

Threat Intelligence: What is it, and How Can it Protect You from Today s Advanced Cyber-Attacks A Webroot publication featuring analyst research

INCREASINGLY, ORGANIZATIONS ARE ASKING WHAT CAN T GO TO THE CLOUD, RATHER THAN WHAT CAN. Albin Penič Technical Team Leader Eastern Europe

Defending Against. Phishing Attacks

Preparing for a Cyber Attack PROTECT YOUR PEOPLE AND INFORMATION WITH SYMANTEC SECURITY SOLUTIONS

Spear Phishing Attacks Why They are Successful and How to Stop Them

WEBSENSE TRITON SOLUTIONS

Content Security: Protect Your Network with Five Must-Haves

White Paper. Why Next-Generation Firewalls Don t Stop Advanced Malware and Targeted APT Attacks

McAfee Phishing Quiz. Partner Enablement Guide

White Paper THE FIVE STEPS TO MANAGING THIRD-PARTY RISK. By James Christiansen, VP, Information Risk Management

Stop advanced targeted attacks, identify high risk users and control Insider Threats

Symantec Cyber Threat Analysis Program Program Overview. Symantec Cyber Threat Analysis Program Team

WHAT S NEW IN WEBSENSE TRITON RELEASE 7.8

ENABLING FAST RESPONSES THREAT MONITORING

Symantec Cyber Security Services: DeepSight Intelligence

Comprehensive real-time protection against Advanced Threats and data theft

Addressing Big Data Security Challenges: The Right Tools for Smart Protection

Anti-Phishing Training Modules Teach employees to recognize and avoid phishing and spear phishing attacks

SPEAR PHISHING UNDERSTANDING THE THREAT

Advanced Threat Detection: Necessary but Not Sufficient The First Installment in the Blinded By the Hype Series

Technology Blueprint. Protect Your . Get strong security despite increasing volumes, threats, and green requirements

The Importance of Cybersecurity Monitoring for Utilities

Training Employees to Recognise & Avoid Advanced Threats

Cisco Cloud Web Security Key Functionality [NOTE: Place caption above figure.]

TRITON APX. Websense TRITON APX

WEBSENSE SECURITY SOLUTIONS OVERVIEW

The Symantec Approach to Defeating Advanced Threats

Anti-Phishing Best Practices for ISPs and Mailbox Providers

Advanced Threat Protection with Dell SecureWorks Security Services

Symantec Global Intelligence Network 2.0 Architecture: Staying Ahead of the Evolving Threat Landscape

5 Reasons Why Your Security Education Program isn t Working (and how to fix it)

Carbon Black and Palo Alto Networks

Websense Messaging Security Solutions. Websense Security Websense Hosted Security Websense Hybrid Security

Securing Cloud-Based

SPEAR PHISHING AN ENTRY POINT FOR APTS

Sophistication of attacks will keep improving, especially APT and zero-day exploits

overview Enterprise Security Solutions

Securing Office 365 with Symantec

How To Integrate Hosted Security With Office 365 And Microsoft Mail Flow Security With Microsoft Security (Hes)

QUARTERLY REPORT 2015 INFOBLOX DNS THREAT INDEX POWERED BY

Top five strategies for combating modern threats Is anti-virus dead?

1. For each of the 25 questions, multiply each question response risk value (1-5) by the number of times it was chosen by the survey takers.

10 Smart Ideas for. Keeping Data Safe. From Hackers

The Dirty Secret Behind the UTM: What Security Vendors Don t Want You to Know

CYBER4SIGHT TM THREAT INTELLIGENCE SERVICES ANTICIPATORY AND ACTIONABLE INTELLIGENCE TO FIGHT ADVANCED CYBER THREATS

Scott Lucas: I m Scott Lucas. I m the Director of Product Marketing for the Branch Solutions Business Unit.

Commtouch RPD Technology. Network Based Protection Against -Borne Threats

Reduce Your Network's Attack Surface

MANAGED SECURITY SERVICES (MSS)

Developing a Successful Security Awareness Training Program. Shea Garber, Sr. Account Executive Wombat Security Technologies, Inc.

Top 10 Reasons Enterprises are Moving Security to the Cloud

Integrating MSS, SEP and NGFW to catch targeted APTs

Cloud Services Prevent Zero-day and Targeted Attacks

INTRODUCING isheriff CLOUD SECURITY

Uncover security risks on your enterprise network

Cloud App Security. Tiberio Molino Sales Engineer

Cyber Security Solutions for Small Businesses Comparison Report: A Sampling of Cyber Security Solutions Designed for the Small Business Community

THE SECURITY EXECUTIVE S GUIDE TO A SECURE INBOX. How to create a thriving business through trust

OVERVIEW. Enterprise Security Solutions

The Advanced Cyber Attack Landscape

Applying machine learning techniques to achieve resilient, accurate, high-speed malware detection

Breaking the Cyber Attack Lifecycle

Cisco Advanced Malware Protection

Building a Business Case:

SPEAR-PHISHING ATTACKS

Cyber4sight TM Threat. Anticipatory and Actionable Intelligence to Fight Advanced Cyber Threats

Session 9: Changing Paradigms and Challenges Tools for Space Systems Cyber Situational Awareness

INFORMATION PROTECTED

End-user Security Analytics Strengthens Protection with ArcSight

Addressing APTs and Modern Malware with Security Intelligence Date: September 2013 Author: Jon Oltsik, Senior Principal Analyst

CyberArk Privileged Threat Analytics. Solution Brief

2012 Endpoint Security Best Practices Survey

Cyber Security Solutions:

TRITON AP-WEB COMPREHENSIVE REAL-TIME PROTECTION AGAINST ADVANCED THREATS & DATA THEFT

MANAGED SECURITY SERVICES (MSS)

Security for Financial Services: Addressing the Perception Gaps in a Dynamic Landscape

Transcription:

THE THREE Es OF MODERN EMAIL SECURITY FOR PHISHING AN ACCUVANT VIEWPOINT By James Robinson, Director, Office of the CISO Attempting to keep up with the ever-changing world of cyber security threats can be daunting. When you have an entire organization of hundreds or even thousands of employees as well as a vast ecosystem of freelancers, contractors, suppliers, affiliated third parties, among others who could unintentionally let an attacker into your environment, the problem becomes even more challenging. Each day, more than a billion emails are sent containing malicious links and attachments, tempting users to take the bait and effectively launch an attack on your organization. Phishing emails are nothing new, but according to the Anti-Phishing Working Group, 2013 was one of the most active years for phishing. Because attackers are disguising and delivering these emails in more sophisticated ways than ever, most users aren t able to recognize a phishing attempt and many companies lack an effective strategy to address the issue. Waiting until an attack occurs is not a good option. Consider using a three-pronged approach that combines in-depth defense, reduced attack surface and incident response plans. These three options make up our three Es of modern email security for phishing: enhanced technology, employee focus and enterprise visibility. By using this recipe, you can help prevent the financial fallout and loss of sensitive information for your organization. The Three Es of Modern Email Security Attachment Sandboxing URL Sandboxing URL Wrapping for On-Click Analysis Hybrid Delivery via Cloud/On-Premise Enhanced Technology Enterprise Visibility Know Your Entry Points Enable Incident Response Capabilities Operationalize Data from Attacks Employee Focus General Education and User Awareness Incentive Programs Continuous Testing 1

Enhanced Technology Employee Focus The first of our three Es is Enhanced technology. This methodology offers improved protection and works to limit the delivery of phishing emails to users within your organization to reduce your attack surface. Most organizations I work with are trying to use spam filters as the primary means to block email phishing attacks. But they are only effective when an email is sent from a questionable source, and many times in spear-phishing the email is coming from a reputable source and bypasses the spam filter. New email security technologies are utilizing innovative features, designed to limit the delivery of phishing emails to users, and leverage concepts from Forrester s zero trust model. Attachment Sandboxing New technologies are able to determine if an inbound email contains a malicious attachment by using a sandbox to open the file. This allows the file to be tested in a separate environment to ensure that it doesn t contain a virus or malware, without causing harm to the host computer. URL Sandboxing If there are any links in an inbound email, the technology is able to follow the link (in a sandbox) to determine if the destination is malicious. It is able to detect hidden iframes and other elements that can direct the user to an environment containing an exploit or malware. URL Wrapping for On-Click Analysis Another tactic email security technologies use is changing and redirecting the URL. If a URL appears suspicious, it rewrites the URL and will do an analysis if and when a user clicks the link. Following enhanced technology is our second E component, Employee focus. It is important that your employees are educated, aware and engaged in preventing a phishing attack. Relying on enhanced technology alone will never make you 100% successful in blocking phishing emails. Individuals need to know how to identify and react appropriately to a phishing email when they are targeted. The more people you have defending your environment, the better chance you can thwart an attack. General Education and User Awareness On-click education awareness is a great tactic to employ. Here s how it works: your organization sends a fake phishing email to its employees, and if they take the bait (e.g. click a link, download a file, enter information, etc.) they receive just-in-time education. Think about it the same way you would teach young children when they misbehave, you can t punish them a few days later; you have to discipline them at that time so they understand what they did wrong. I m not saying employees are children, but in our busy lives we all make mistakes, and the same principal applies. If an employee clicks on a malicious link, education should be delivered right away, so they can take the time to learn from the mistake, and then get on with their job. I have found this approach is much more effective than bringing employees into a room for an hour, telling them that they should worry about phishing, and providing information about some things they should do. In this second instance, the message doesn t resonate because it isn t top of mind. In fact, most of the time the employees glaze over the presentation and are more focused on the free coffee and doughnuts. Hybrid Delivery via Cloud/On-Premise An email is first delivered to a cloud environment, where the technology is able to examine it before it is delivered to an onpremise set of servers or appliances, after it has been deemed safe. This allows you to keep the malware and the malicious emails off your environment entirely. The hybrid approach also allows URL wrapping to work from anywhere, on or off of your network. Make it part of your job to explore new technologies, understand how threats are evolving, and innovate your approach to security. When you catch employees in the act, it tends to make a greater impact and stick with them, curbing the behavior in the future. Incentive Programs Creating programs that incentivize your employees can be a fun and effective way to get them involved in securing your organization s environment. They turn every employee into security personnel, and provide an avenue to escalate events for incident response. 2

Catch of the Day is an email bounty program where employees are encouraged to send any suspicious emails they receive to the IT security response team. The emails are then analyzed by the team and every month, the best one from across the organization is chosen. The winning employee is recognized and rewarded for their efforts in identifying the phishing attack. The prize can be something as simple as a $100 gift card a small investment for your organization, but enough to get employees excited and motivated to participate. Continuous Testing Once you have put training and educational programs in place, it is important to test their level of success on an ongoing basis. You should send out different types of phishing emails to your employees and capture the results of these tests. The aggregated results can help you understand the effectiveness of the programs you have in place and make any necessary changes to improve them. If you notice that people are more susceptible to download a file versus enter sensitive information in a form, you can use that data to tailor your education efforts. Enable Incident Response Capabilities When a phishing attack is identified, it is critical that your organization has a process in place for proper notification and issue handling. Incident response plans should be mapped out for different attacks from employee reports, to executive and public notification. You cannot wait until an attack has occurred, you must be ahead of the game with a plan. Being prepared makes a huge difference in how an attack impacts your organization. Operationalize Data from Attacks Every failed and successful attack should serve as a learning experience to your organization, and provide useful metrics and statistics. Use the data from attacks and incidents that were prevented to deliver insight into the return on your security investment by measuring impact and results. Use the data from successful attacks to understand the changes you need to make and how to prevent the exploit in the future. Enterprise Visibility Our last E in this three-pronged approach is Enterprise visibility. While the primary vulnerability exploited in a phishing attack is people, all sorts of factors within the enterprise can contribute to greater risk. Understanding and correcting your vulnerabilities is critical. Know Your Entry Points It is important to map out your vulnerabilities, regularly conduct a gap analysis, and aggressively test your systems to understand the entry points attackers can exploit. These entry points are constantly changing and evolving. For example, I was working with a company that merged with another organization that turned out to be wide open, without many security controls in place. This became a new entry point that wasn t being monitored, and the new, combined organization was hit with a phishing attack. Can you be sure your employee won t take the phishing bait and click on a link, successfully installing malware on their laptop and infecting your network? 3

Conclusion There s a chance a phishing email is sitting in one of your employee s inbox right now. Can you be sure they won t take the bait and click on a link, successfully installing malware on their laptop and infecting your network? This may be a scary thought, but by using the three Es of modern email security to address phishing, you can effectively reduce the chance that a user will make that mistake. Starting with a focus on technologies from attachment sandboxing to URL wrapping for on-click analysis, you can do more than simply hope phishing email gets caught in a spam folder. On the off chance that an email slips through your protections, people are your second line of defense. Educate your employees and others in your ecosystem about the risks, and provide on-click awareness to more effectively change behaviors. Put incentive programs into place to increase the chance of employees taking a productive part in securing your environment. Finally, knowing your environment top-to-bottom and understanding your entry points is vital to email security. If a phishing attack occurs, and the odds are that at some point it will, you must have an incident response plan in place. Gather data from both failed and successful phishing attacks to understand why they did or did not happen, and what you can do to improve your security posture. By understanding and putting these three Es of email security to work, you can help prevent your employees from opening the door to risk and prevent these attacks from doing significant damage to your organization. James Robinson Director, Office of the CISO James Robinson is a seasoned professional with nearly 15 years of experience in security engineering, architecture and strategy. As director of information security and member of the Office of the CISO for Accuvant, Robinson uses real world experiences to help enterprise-level organizations to solve their security and related business issues. He also develops and delivers a comprehensive suite of strategic services and solutions that help CXO executives change their security strategies through innovation. He ensures security executive success while aligning to business goals, bringing value to the community. Before joining Accuvant, Robinson was the security architecture and strategy officer for Websense. In that role, he was accountable for internal security strategy development, innovation and implementation. He has held positions of increasing responsibilities with other Fortune 500 companies such as Anheuser-Busch and State Farm insurance where he ran one of the most successful penetration testing engagements in the company s history. 4

1125 17th Street Suite 1700 Denver, CO 80202 800.574.0896 www.accuvant.com Accuvant, a Blackstone (NYSE: BX) portfolio company, is the leading provider of information security services and solutions serving enterpriseclass organizations across North America. The company offers a full suite of service capabilities to help businesses, governments and educational institutions define their security strategies, identify and remediate threats and risks, select and deploy the right technology, and achieve operational readiness to protect their organizations from malicious attack. Founded in 2002, Accuvant has been named to the Inc. 500 5000 list of fastest growing companies for the last eight consecutive years. The company is headquartered in Denver, Colo., with offices across the United States and Canada. Further information is available at www. accuvant.com. 2014 Accuvant, Inc. All Rights Reserved. Accuvant is a registered trademark of Accuvant, Inc. 10.14 F1.1

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information