McAfee Phishing Quiz. Partner Enablement Guide



Similar documents
McAfee Endpoint Protection for SMB. You grow your business. We keep it secure.

SPEAR PHISHING AN ENTRY POINT FOR APTS

McAfee Security Architectures for the Public Sector

Technology Blueprint. Protect Your Servers. Guard the data and availability that enable business-critical communications

Seven Requirements for Hybrid Web Delivery Getting the best of both on-premises and SaaS

McAfee Global Threat Intelligence File Reputation Service. Best Practices Guide for McAfee VirusScan Enterprise Software

Anti-Phishing Training Modules Teach employees to recognize and avoid phishing and spear phishing attacks

SIMULATED ATTACKS. Evaluate Susceptibility Using PhishGuru, SmishGuru, and USBGuru MEASURE ASSESS

How McAfee Endpoint Security Intelligently Collaborates to Protect and Perform

Total Protection for Compliance: Unified IT Policy Auditing

White Paper. Emergency Incident Response: 10 Common Mistakes of Incident Responders

McAfee Network Security Platform Administration Course

THE THREE Es OF MODERN SECURITY FOR PHISHING

McAfee Application Control / Change Control Administration Intel Security Education Services Administration Course

Fighting Advanced Threats

Securing Cloud-Based

Technology Blueprint. Secure Your Virtual Desktop Infrastructure. Optimize your virtual desktop infrastructure for performance and protection

Technology Blueprint. Protect Your . Get strong security despite increasing volumes, threats, and green requirements

Stop advanced targeted attacks, identify high risk users and control Insider Threats

Secure Your Success. Intel Security Partner Program

Single-Vendor Security Ecosystems Offer Concrete Benefits Over Point Solutions

McAfee Web Gateway Administration Intel Security Education Services Administration Course Training

10 Quick Tips to Mobile Security

GOOD PRACTICE GUIDE 13 (GPG13)

Defending Against. Phishing Attacks

Integrating MSS, SEP and NGFW to catch targeted APTs

Encryption Made Simple

Solutions Brochure. Security that. Security Connected for Financial Services

Threat Intelligence: The More You Know the Less Damage They Can Do. Charles Kolodgy Research VP, Security Products

Modern Cyber Threats. how yesterday s mind set gets in the way of securing tomorrow s critical infrastructure. Axel Wirth

McAfee Web Reporter Turning volumes of data into actionable intelligence

Encryption Made Simple

McAfee Server Security

Technology Blueprint. Protecting Intellectual Property in . Guarding against information-stealing malware and outbound data loss

Intel Security Certified Product Specialist Security Information Event Management (SIEM)

Spear Phishing Attacks Why They are Successful and How to Stop Them

McAfee Security Information Event Management (SIEM) Administration Course 101

White Paper. Why Next-Generation Firewalls Don t Stop Advanced Malware and Targeted APT Attacks

Trend Micro Cloud App Security for Office 365. October 27, 2015 Trevor Richmond

Modular Network Security. Tyler Carter, McAfee Network Security

5 Reasons Why Your Security Education Program isn t Working (and how to fix it)

McAfee Network Security Platform Services solutions for Managed Service Providers (MSPs)

The Advanced Attack Challenge. Creating a Government Private Threat Intelligence Cloud

McAfee Certified Product Specialist McAfee epolicy Orchestrator

WEBSENSE SECURITY SOLUTIONS OVERVIEW

BAE Systems Cyber Security Survey Report

Correlation and Phishing

Perspectives on Cybersecurity in Healthcare June 2015

Advanced Threat Protection with Dell SecureWorks Security Services

AppGuard. Defeats Malware

White Paper THE FOUR ATTACK VECTORS TO PREVENT OR DETECT RETAILER BREACHES. By James Christiansen, VP, Information Risk Management

SECURITY ANALYTICS MOVES TO REAL-TIME PROTECTION

INCREASINGLY, ORGANIZATIONS ARE ASKING WHAT CAN T GO TO THE CLOUD, RATHER THAN WHAT CAN. Albin Penič Technical Team Leader Eastern Europe

The webinar will begin shortly

Top 10 Tips to Keep Your Small Business Safe

How To Buy Nitro Security

Database Security in Virtualization and Cloud Computing Environments

Zscaler Cloud Web Gateway Test

Office 365 Cloud App Security MARKO DJORDJEVIC CLOUD BUSINESS LEAD EE TREND MICRO EMEA LTD.

White Paper. McAfee Multi-Link. Always-on connectivity with significant savings

ENABLING FAST RESPONSES THREAT MONITORING

SECURITY REIMAGINED SPEAR PHISHING ATTACKS WHY THEY ARE SUCCESSFUL AND HOW TO STOP THEM. Why Automated Analysis Tools are not Created Equal

Symantec Protection Suite Small Business Edition A simple, effective and affordable solution designed for small businesses

Cybersecurity Awareness for Executives

Secure Web Gateways Buyer s Guide >

KASPERSKY PRIVATE SECURITY NETWORK: REAL-TIME THREAT INTELLIGENCE INSIDE THE CORPORATE INFRASTRUCTURE

Zak Khan Director, Advanced Cyber Defence

CYBER SECURITY, A GROWING CIO PRIORITY

Endpoint Security for DeltaV Systems

MSSP Advanced Threat Protection Service

White Paper. Network Management and Operational Efficiency

By John Pirc. THREAT DETECTION HAS moved beyond signature-based firewalls EDITOR S DESK SECURITY 7 AWARD WINNERS ENHANCED THREAT DETECTION

McAfee Network Data Loss Prevention Administration Intel Security Education Services Administration Course

Internet Explorer Exploit Protection ENTERPRISE BRIEFING REPORT

Power, Patch, and Endpoint Managers Expand McAfee epo Platform Capabilities While Cutting Endpoint Costs

INDEPENDENT VALIDATION OF FORTINET SOLUTIONS. NSS Labs Real-World Group Tests

Transcription:

McAfee Phishing Quiz Partner Enablement Guide

Use the Phishing Quiz to educate your own organization, prospects, and existing customers about phishing and how McAfee security solutions can help. This guide will walk you through how to plan and run an outreach initiative step by step. Activity Summary Find prospects with a desire to assess their organization s vulnerability to phishing attacks Provide a custom URL to the customer contact for their internal distribution of the phishing quiz Work with your McAfee Account Manager to analyze results Follow up with customer to present results and discuss how McAfee solutions can provide better protection Technologies to Position as Anti-Phishing Solutions McAfee Email Protection with scan-time and click-time protection Anti-malware engines (reputation services, antivirus, emulation, and sandboxing/ static code analysis via Advanced Threat Defense) Step 1: Plan Your Activity Contact Customers/ Prospects To run this campaign, begin by reaching out to a customer or prospect and propose having them distribute the Phishing Quiz in their organization as an exercise in security education. Typically a CSO or other role responsible for educating the organization overall or specifically on cyber threats will be an ideal contact to gain buy-in. Often, organizations are either required to build education tools like this on their own, or contract with a third-party to come in and run them. The Phishing Quiz is being provided as a free tool, which immediately adds value to your engagement. Begin the conversation with an introduction such as this: Email Phishing is a major threat to the security of every business. Did you know that over 95% of attacks on organizations like yours are the result of successful spear phishing? I bring this up because awareness around this topic is extremely important to keeping you safe. We have a tool we d like to share with you that can gauge your organization s ability to detect phishing attacks. Your employees can take our quiz, and we ll analyze the data with you to see how susceptible your business is. It s as simple as sending out one URL to everyone you want to take the quiz. Would you like to give it a shot? Create a Custom URL To track results for a specific organization or group taking the quiz, you will need to create a custom URL. If you do not desire to track results, simply use: https://phishingquiz.mcafee.com/ Steps to create custom URL 1. Create a unique identifier using [Last Name+Date] i.e. [Smith10May2014] 2. Append to https://phishingquiz.mcafee.com/home/ ie. https://phishingquiz.mcafee.com/home/smith10may2014 3. Do not use the same URL for more than one organization or group. Character limitations for custom URLs Can use: Upper case letters, lower case letters, and numbers (i.e. ABCDEFGHIJKLMNOPQRSTUVWXYZ abcdefghijklmnopqrstuvwxyz 0123456789) Cannot use: spaces, special characters or symbols, including, but not limited to, $ & +, / : ; =? @ < > # % { } \ ^ ~ [ ] `

Step 2: Run the Quiz Provide Email Template to Customer Contact Provide the following template or similar as an example of the email your customer contact can send to their internal employees: Subject Line: Test Your Skills Learn How to Detect Email Phishing Attacks Targeted email attacks are a major threat. It only takes one email, sent to the right target at the right time to be successful. So successful, that the SANS Institute claims that most cyber-attacks are started with this methodology: 95% of all attacks on enterprise networks are the result of successful spear phishing. -Allen Paller, Director of Research, SANS Institute, 2013 We want to help you better prepare for dealing with malicious email attacks by understanding your skill level in spotting them, and teach you how to steer clear of some of the highly-effective phishing techniques currently being used. McAfee, part of Intel Security, has provided us with a tool to test out our skills in detecting phishing emails. Use the link below to take the quiz! [Insert custom URL] [Sign off] Confirm Distribution and Completion of Quiz Confirm with the customer contact that the email has been sent out within their organization. After about 3-5 days, the majority of responses will be in, and you can move on to the next step. Step 3: Gather and Interpret Results Pull Data from Phishing Quiz Contact your McAfee Account Manager and share your unique URL. They will pull the quiz data, and provide a spreadsheet of the results for you to analyze and calculate metrics as outlined below. Average Score o =sum(column F) /total count of respondents Score Frequency (i.e. how many score 90%) o Sort column F, and total each score level (0-100) by count o Divide each score level count by total count of respondents to determine, for example, X% of employees scored 90%. Individual Question Difficulty o =sum(question column)/ total count of respondents o Note that this will provide Percentage Correct. Simply input =1-[your result] to calculate Percentage Incorrect. Percentage who missed at least 1 phishing email (failed) o Filter all phishing question columns to read 1 (H, I, J, L, N, O, P) to reveal count for all phishing correct. o Subtract this from total count of respondents. Divide this by the total count of respondents for % who missed at least one phishing email. By Country, Company Size, Job Role o Sort either column Q, R, or S and total each category. For country, aggregate into GEOs (NA. EMEA, APAC/ JPN, LTAM) o Divide each category by total count of respondents to determine, for example, HR scored an average of 70%

Step 4: Follow up and Creating a Sales Opportunity After you have run your campaign, gathered your data and interpreted it, you should now schedule a follow up meeting with your customer. Here are some key topics to cover: Quiz Results Participants rarely score a perfect 100 on the quiz. This provides ample opportunity to highlight key emails which were the most difficult, and the tactics used in each. Share performance by job role for additional insight. In many instances we see varying performance across departments. Even security professionals score an average of 70% on this quiz. If you start at the quiz summary page (https://phishingquiz.mcafee.com/summary) you can click on the most missed emails and review the questions with the customer. You can also go through 7 Tips to Avoid Being Phished, also available via the summary page. McAfee Products and Anti-Phishing Differentiation To turn this campaign from an educational exercise into a sales opportunity, begin by discussing the current state of email security your customer has deployed, especially the aspects of their existing solutions that are geared towards anti-phishing. The key turning point in these discussions should come from uncovering that a customer is doing X to stop phishing attacks, but that is not enough, because these attacks are using tactics such as delayed URL infection and advanced malware. McAfee is the only vendor to combine click-time scanning and advanced malware detection to protect businesses from attacks using these tactics. These are the strongest points of differentiation from competitive products in relation to phishing. There are several examples in the phishing quiz that can guide the conversation towards the key anti-phishing technologies from McAfee that use these technologies: ClickProtect, a feature of McAfee Email Protection, and McAfee Advanced Threat Defense. ClickProtect To guide the conversation towards the value of click-time malware scanning, navigate from the summary page to Question 4: efax, and question 7: Wells Fargo. These two examples show the end-user experience when ClickProtect is turned on, for a malicious and safe email respectively. Make the point that without this technology in place, simply scanning for malware behind email links as they enter the network will not stop attacks that change the content behind URLs from safe to malicious after an email is sent. Many other vendors fail to protect past the point an email is initially scanned. Without click-time scanning, you have a ticking time bomb scenario where an email is sitting in an end-users inbox, waiting for a link to be clicked. McAfee runs a GTI URL reputation check and Gateway Anti-Malware scan on all links when they are clicked, which has been proven to stop over 95% of zeroday malware (AV-Test). Use this as a key differentiator to convey the value of McAfee Email Protection over existing solutions. Demonstration videos can be found on the Learn About Anti-Phishing Tech page as well. Advanced Threat Defense To guide the conversation towards McAfee Advanced Threat Defense, navigate from the summary page to Learn How McAfee Can Help, where you will find a basic primer on ATD and its integration with McAfee Email Gateway. Use this as a starting point. Discuss with the prospect how in-depth their current anti-malware capabilities go when detecting malicious files in email. Likely none will match the analysis performed by ATD and Email Gateway, which uses a process of down-selection to first remove the bulk of malware with Global Threat Intelligence reputations and signatures, multiple anti-virus engines including a third party, then emulation by the Gateway Anti-Malware Engine, and finally static code and dynamic (sandbox) analysis. Emails containing malware will be blocked before they ever reach an inbox. If a customer is not scanning files with static code and dynamic analysis (sandboxing), the core functionality of ATD, they are not going to stop advanced targeted attacks using highly sophisticated malware. Pull assets from www.mcafee.com/atd to supplement the discussion.

At any point during or after these conversations, do not hesitate to involve your McAfee Account Manager who can assist with conveying the value proposition of these solutions, and help with tailoring an offering that best fits your customer. 2821 Mission College Boulevard Santa Clara, CA 95054 888 847 8766 www.mcafee.com McAfee and the McAfee logo are registered trademarks or trademarks of McAfee, Inc. or its subsidiaries in the United States and other countries. Other marks and brands may be claimed as the property of others. The product plans, specifications and descriptions herein are provided for information only and subject to change without notice, and are provided without warranty of any kind, express or implied. Copyright 2014 McAfee, Inc.

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information