the current state of modern email security€¦ · ©2020 arctic wolf networks, inc. all rights...
Post on 08-Jul-2020
0 Views
Preview:
TRANSCRIPT
©2020 Arctic Wolf Networks, Inc. All rights reserved. ©2020 Arctic Wolf Networks, Inc. All rights reserved.
The Current State of Modern Email Security
©2020 Arctic Wolf Networks, Inc. All rights reserved. ©2020 Arctic Wolf Networks, Inc. All rights reserved.
Agenda
2
1. Email numbers and facts2. Email history and trends3. Detecting a phishing attack4. Cybersecurity Using the CIS
Controls Framework
Classification: Public
©2020 Arctic Wolf Networks, Inc. All rights reserved. ©2020 Arctic Wolf Networks, Inc. All rights reserved. 3Classification: Public
Email numbers and factsThis presentation is worth your attention because…
Classification: Public
©2020 Arctic Wolf Networks, Inc. All rights reserved. Classification: Public
Email numbers and facts
4
Based on the 2019 DBIR:
©2020 Arctic Wolf Networks, Inc. All rights reserved. Classification: Public
Email numbers and facts
5
Email continues to represent the bear’s share of top malware vectors by incident.
Chart:Top malware
action vectors in incidents
(2019 DBIR)
©2020 Arctic Wolf Networks, Inc. All rights reserved. ©2020 Arctic Wolf Networks, Inc. All rights reserved. 6Classification: Public
Email history and trendsPhishing, blacklists, ILOVEYOU worm, Gmail/O365, and encryption
Classification: Public
©2020 Arctic Wolf Networks, Inc. All rights reserved. Classification: Public
Email history and trends
7
1996 – The term ”phishing” was coined on an AOL
message board.
1997 – Paul Vixie created the first blacklist of known
spam email servers.
2000 – The infamous ILOVEYOU worm ravaged the
internet, spread by email.
2003 – Email security firm Mimecast was formed to
combat increasing email threats.
©2020 Arctic Wolf Networks, Inc. All rights reserved. Classification: Public
Email history and trends
8
2007 – Google released the Gmail cloud-based email
platform to the public.
2011 – Microsoft introduced Office 365 cloud services.
2012 – Arctic Wolf Networks was formed to detect and
respond to cyberattacks.
2018 – Office 365 had ~150 million users and Gmail had
~1.5 billion users.
2019 – Nearly 4.7 billion phishing emails were sent
every day.
©2020 Arctic Wolf Networks, Inc. All rights reserved. ©2020 Arctic Wolf Networks, Inc. All rights reserved. 9Classification: Public
Detecting a phishing attackFrom bad decision to investigation to customer notification
Classification: Public
©2020 Arctic Wolf Networks, Inc. All rights reserved. Classification: Public
Bad decision
10
©2020 Arctic Wolf Networks, Inc. All rights reserved. Classification: Public
Initial red flag
11
©2020 Arctic Wolf Networks, Inc. All rights reserved. Classification: Public
Ensuing investigation
12
©2020 Arctic Wolf Networks, Inc. All rights reserved. Classification: Public
Ensuing investigation
13
©2020 Arctic Wolf Networks, Inc. All rights reserved. Classification: Public
Customer notification
14
©2020 Arctic Wolf Networks, Inc. All rights reserved. ©2020 Arctic Wolf Networks, Inc. All rights reserved. 15Classification: Public
Cybersecurity Using the CIS Controls
Classification: Public
©2020 Arctic Wolf Networks, Inc. All rights reserved. Classification: Public
Industry Cybersecurity ChallengesLower your cost by speeding up the time to identify and remediate cyberattacks
Source: 2019 Ponemon Cost of Data Breach Incident Report
314 Days84 Days Mean Time to Contain (MTTC)
230 Days Mean Time to Identify (MTTI)
Organizations unable to process +60% of their security data
1.5MThe security
skills gap through 2020
$1.22MAverage Cost
if detection and response
is more than 200 days
Source: Gartner Source: Gartner Source: 2019 Ponemon Cost of Data Breach Incident Report
70%
16
©2020 Arctic Wolf Networks, Inc. All rights reserved.
8CIS Controls + Implementation Groups
Classification: Public
2
5
0
1
0
0
4
2
5
6
4
7
2
3
2
2
1
1
1
0
1
0
0
7
5
3
1
6
2
3
1
4
1
4
4
4
3
1
6
2
4
5
9
2
3
1
2
3
0
1
1
2
3
10
3
6
6
0
4
0
8
10
7
9
5
8
10
8
5
5
7
12
9
9
10
13
9
11
8
8
43
98
30
17
©2020 Arctic Wolf Networks, Inc. All rights reserved.
Mind the Gap
1.1.4 - Maintain Detailed Asset Inventory20.20.7 – Ensure Results from Penetration Test are Documented Using Open, Machine-readable Standards
26% 57% 17%
83% 100%
Classification: Public 18
©2020 Arctic Wolf Networks, Inc. All rights reserved.
CIS + Arctic Wolf
68, 40%
33, 19%
70, 41%
Control Coverage
Avg. CustomerArctic Wolf PrimaryRemaining Controls
• Endpoint Prevention• Firewalls• Screen Lockouts• Web Filtering• Email Security• Data Protection (backups)4, 6%
66, 94%
Nothing
Arctic WolfCompliments
Classification: Public 19
©2020 Arctic Wolf Networks, Inc. All rights reserved.
Managed Detection and Response Architecture
20
SaaS
Cloud Monitoring
FW/UTM Logs
Flow Data
IDS Alerts
DNS Logs
HTTP & TLS
ADOther Logs Server
LogsEmail
GatewayWireless
AP
On Premises Arctic Wolf Cloud Connectors
SecaaSIaaS
Arctic Wolf Physical Sensor Arctic Wolf Agent
WirelessNetworks
Windows Event Logs Asset
InformationRootkit /
Compromise Alerts
Process Tables
Installed Patches
Commercial Feeds
Malware/Domain Lookup
IP Location/Reputation
Arctic Wolf SOC-as-a-ServiceNotifications
Custom Reports
Trouble Tickets
Trusted AdviceConcierge Security Team (CST)
ActionableResults
ThreatIntelligence
Secure Transport Secure Transport
©2020 Arctic Wolf Networks, Inc. All rights reserved. ©2020 Arctic Wolf Networks, Inc. All rights reserved.
Questions & Answers
Classification: Public
top related