Curbing Email Threats & Spear Phishing The Promise & Results with DMARC



Similar documents
2015 Online Trust Audit & Honor Roll Practices Deep Dive July 7, All rights reserved. Online Trust Alliance (OTA) Slide 1

Walking The Security & Privacy Talk Moving from Compliance to Stewardship

THE DMARC GUIDE. Understanding DMARC for Securing

Protect your brand from phishing s by implementing DMARC 1

Migrating to.bank A step-by-step roadmap for migrating to.bank

2014 INTEGRITY AUDIT

Internet Standards. Sam Silberman, Constant Contact

JP Morgan Chase Trusted Registry - Review

Protect Outbound Mail with DMARC

A New Way For ers To Defend Themselves Against Fraud

DMARC and your.bank Domain. September 2015 v

THE SECURITY EXECUTIVE S GUIDE TO A SECURE INBOX. How to create a thriving business through trust

This user guide provides guidelines and recommendations for setting up your business s domain authentication to improve your deliverability rating.

e-shot Unique Deliverability

ftld Registry Services Security Requirements December 2014

Anti-Phishing Best Practices for ISPs and Mailbox Providers

Authentication Policy and Deployment Strategy for Financial Services Firms

Leveraging DMARC as a Key Component of a Comprehensive Fraud Program

DomainKeys Identified Mail (DKIM) Murray Kucherawy The Trusted Domain Project

SPAM, VIRUSES AND PHISHING, OH MY! Michael Starks, CISSP, CISA ISSA Fellow 10/08/2015

Overview An Evolution. Improving Trust, Confidence & Safety working together to fight the beast. Microsoft's online safety strategy

SCORECARD MARKETING. Find Out How Much You Are Really Getting Out of Your Marketing

Security - DMARC ed Encryption

DMA s Authentication Requirement: FAQs and Best Practices

Evaluating DMARC Effectiveness for the Financial Services Industry

Making the Business Case for Authentication

DMARC. How. is Saving . The New Authentication Standard Putting an End to Abuse

AntiSpam. Administrator Guide and Spam Manager Deployment Guide

Sender Authentication Technology Deployment and Authentication Identifiers

Activating Your.BANK Domain Name

2016 Security Requirements: What Service Providers Need to Know. June 9, 2016

Who Drives Cybersecurity in Your Business? Milan Patel, K2 Intelligence. AIBA Quarterly Meeting September 10, 2015

Malicious Mitigation Strategy Guide

Messaging, Malware and Mobile Anti-Abuse Working Group. December 2013

BitSight Insights Global View. Revealing Security Performance Metrics Across Major World Economies

Marketing Workshop

RLI PROFESSIONAL SERVICES GROUP PROFESSIONAL LEARNING EVENT PSGLE 123. Cybersecurity: A Growing Concern for Small Businesses

Spear Phishing. October 12, 2015 TLP: WHITE.

OIS. Update on the anti spam system at CERN. Pawel Grzywaczewski, CERN IT/OIS HEPIX fall 2010

THE TRUSTED GATEWAY. A simple strategy for managing trust in a diverse portfolio of domains. Author: Gunter Ollmann, CTO

The What, Why, and How of Authentication

Threat Spotlight: Angler Lurking in the Domain Shadows

Marketing 201. How a SPAM Filter Works. Craig Stouffer Pinpointe On-Demand cstouffer@pinpointe.com (408) x125

THREAT VISIBILITY & VULNERABILITY ASSESSMENT

The Anti-Phishing/Anti-Spoofing Guide: What Every Marketer Should Know About Brand Protection and Securing the Channel GET MORE INFO

Using Security to Protect Against Phishing, Spam, and Targeted Attacks: Combining Features for Higher Education

How To Secure A Website With A Password Protected Login Process (

Advanced Security Methods for efraud and Messaging

DST . Product FAQs. Thank you for using our products. DST UK

Secure Your Mobile Workplace

CHAPTER 2: CASE STUDY SPEAR-PHISHING CAMPAIGN GLOBAL THREAT INTELLIGENCE REPORT 2015 :: COPYRIGHT 2015 NTT INNOVATION INSTITUTE 1 LLC

FY15 Quarter 1 Chief Information Officer Federal Information Security Management Act Reporting Metrics V1.0

DKIM Enabled Two Factor Authenticated Secure Mail Client

MDaemon Vs. Microsoft Exchange Server 2013 Standard

I N T E L L I G E N C E A S S E S S M E N T

DomainKeys Identified Mail DKIM authenticates senders, message content

Data Security. The dominant business communication tool

BITS SECURITY TOOLKIT:

Reputation Metrics Troubleshooter. Share it!

How To Prevent Hacker Attacks With Network Behavior Analysis

Preempting Business Risk with RSA SIEM and CORE Security Predictive Security Intelligence Solutions

Making Your Enterprise SSL Security Less of a Gamble

Advice from the Trenches: Preparing for the Challenges and Pressures of a Security Incident Investigation

DRAFT NIST Special Publication Trustworthy

Cybersecurity: A Growing Concern for All Businesses. RLI Design Professionals Design Professionals Learning Event DPLE 160 October 7, 2015

Cyber Security for your Connected Health Device

2011 Forrester Research, Inc. Reproduction Prohibited

CSUF Tech Day Security Awareness Overview Dale Coddington, Information Security Office

Migration Project Plan for Cisco Cloud Security

How to Build an Effective Mail Server Defense

How To Protect Your Organization From Insider Threats

Protecting Your Organisation from Targeted Cyber Intrusion

. Daniel Zappala. CS 460 Computer Networking Brigham Young University

Authenticating and policing the internet for consumer confidence and security

Webinar: Reputation Services The first line of defense. July 26, 2005

DDoS ATTACKS: MOTIVES, MECHANISMS AND MITIGATION

Next Generation Security. Jamie de Guerre Chief Technology Officer, Cloudmark Inc.

IronPort Authentication

Rebuilding Customer Trust in Breach Response: A plan for secure communications post breach

Information Security Field Guide to Identifying Phishing and Scams

Deliverability Counts

Do not forget the basics!!!!!

How Shared Security Intelligence Can Better Stop Targeted Attacks

DNS Firewalls with BIND: ISC RPZ and the IID Approach. Tuesday, 26 June 2012

The basic groups of components are described below. Fig X- 1 shows the relationship between components on a network.

Preparing for a Cyber Attack PROTECT YOUR PEOPLE AND INFORMATION WITH SYMANTEC SECURITY SOLUTIONS

Jim Bray, Cyber Security Adviser InfoSight, Inc.

Table of Contents. Introduction. Audience. At Course Completion

Quick Heal Exchange Protection 4.0

Configuration Information

The data which you put into our systems is yours, and we believe it should stay that way. We think that means three key things.

SIP Security Controllers. Product Overview

Gain a New Level of Trust with Extended Validation SSL Certificates

Security 8.0 Administrator s Guide

E-Banking Regulatory Update

Dell SonicWALL Hosted Security. Administration Guide

Instructions for Configuring Microsoft Exchange 2007/2010 for smarshencrypt

Emerging Network Security Threats and what they mean for internal auditors. December 11, 2013 John Gagne, CISSP, CISA

BOARD OF GOVERNORS MEETING JUNE 25, 2014

Transcription:

SESSION ID: TECH-W03 Curbing Email Threats & Spear Phishing The Promise & Results with DMARC MODERATOR: Craig Spiezle Executive Director & President Online Trust Alliance @otalliance PANELISTS: Pat Peterson Chief Executive Officer, Agari J. Trent Adams Sr. Internet Security Advisor, PayPal John Scarrow General Manager, Online Security Services Microsoft Corporation

Overview Problem & challenge Email as a threat vector Email Authentication Overview All Published RFC s SPF Authorizing the servers DKIM Authenticating the message DMARC Policy and Reporting Case Studies; Where Are we Today? Apply What You have Learned 2

Problem 3

Attack Impact Anthem Data Breach 80M Consumer Records Compromised THE 1-2 PUNCH 18% success rate of phishing 14.5 Million Victims 25 th February - ATTORNEY GENERALS ISSUES WARNING IN 10 STATES 400 Brands, 50% New Targeted by Malicious Email Every Quarter 4

What is DMARC? Domain-based Message Authentication, Reporting & Conformance Specification to help reduce the potential for email-based abuse by solving a couple of long-standing operational, deployment, and reporting issues related to email authentication protocols. Standardizes how email receivers perform email authentication using the well-known SPF and DKIM mechanisms 5

6 Email Authentication Overview SPF DKIM Authenticates Message Path Authorized senders in DNS Authenticates Message Content Public encryption keys in DNS DMARC Consistency A method to leverage the best of SPF and DKIM Policy Senders can declare how to process unauthenticate d email Visibility Reports on how receivers process received email Aggregated Insights Telemetry into your mail streams (RUA) Failure & Spoofed email reports (RUF)

DMARC Who should care 83% CISO CMO 42% of CISO s that agree brand protection is their responsibility. Secure Protect Respond Acquire Retain Monetize of consumers less likely to do business with you following an email attack Cloudmark Study CSO magazine's annual State of the CSO survey Loyal Brand Advocate

DMARC Solving the problem Success criteria reduce hijacked accounts Reject policies on 35 active and 3000+ defensive domains Rejected 30M emails within days the majority of them having Cryptolocker

Activity Case Study These truths are self-evident: Email must be protected as a trusted channel of communication. Email protection extends beyond our direct control. No single solution to protect email. Failing to protect email results in measurable losses. Activity Drops After Phishing Incident Incident Time

Proof Points PayPal noticed 70% drop in reported phishing within the US following the publication of the DMARC specification. 1 DMARC drove a 14% reduction in detected phishing in 2014 vs. 2013 as measured against organizations within the Financial Sector. 2 DMARC effectively protects ~80% of PayPal customers from spoofed domain email. 3 1. PayPal data for 2012-2014 2. Kaspersky Lab Report: http://bit.ly/kaspersky-financial_cyberthreats_2014 3. PayPal data as of March, 2015

Where Are We Today? 2013 2014 2015 DMARC R/Q DMARC R/Q DMARC R/Q FDIC 100 13.0% 2.0% 21.0% 2.0% 24.0% 6.0% IR 500 3.0% 0.1% 6.2% 2.0% 9.4% 2.4% Federal 50 4.0% 0.0% 6.0% 0.0% 12.0% 2.0% Social 50 22.0% 14.0% 36.0% 18.0% 46.0% 26.0% Source: OTA Analysis as of April 9, 2015. IR 500 (Internet Retailer Top 500, Social (gaming, social, dating, storage and other top visited sites excluding content, banking and commerce) sites. DNS validator tool https://otalliance.org/resources/spf-dmarc-record-validator R/Q Reject or quarantine policy Lists updated as of April 9, 2015 based on current rankings. See https://otalliance.org/honorroll for details. 11

But DMARC Coverage Varies DMARC protection requires mailbox provider adoption to be effective. Coverage varies by region, driven by the top 5 regional mailbox providers. US coverage is the strongest: ~85% Global average: ~63% Germany has the lowest: ~30%

Apply What You Have Learned Today Within 1 week Publish a DMARC p=none Policy (aka. monitor only ) Within 30 days Compete a audit of all domains Evaluate Email Flows + Threats Lock Down Defensive & Parked Domains Pressure MTA / enterprise vendors to support email authentication Within 90 days Implement SPF & DKIM on all domains and subdomains SPF -all Record Move to DMARC p=reject if / when necessary

Resources Email Security & Integrity Resources https://otalliance.org/resources/email-security https://otalliance.org/dmarc Agari http://agari.com/ Online Trust Audit & Honor Roll https://otalliance.org/honorroll Symantec http://www.symantec.com/email-security-cloud/?fid=symantec-cloud

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information