exposure- email blocks · 2018-11-13 · talos threat intelligence research response esa/wsa/cws...
TRANSCRIPT
[
[[[[
[ Exposure- email blocks
[
[ Today’s cyber-threat reality
Hackers will likely
command and control
your environment via web
You’ll most likely be
infected via email
Your environment
will get breached
[ Attack surface - email
A growing appetite
to leverage
targeted phishing
campaigns
Example: Snowshoe SPAM attack
SPAM up
250%
[ Attack surface – web browser
More than
85% of the companies studied were affected each month by malicious browser extensions
[ Sample attacking: Joe CFO
Meet Joe. He is heading home for a well deserved vacation.
He’s catching up on email using the airport Wi-Fi while he waits for his flight.
[ Sample attacking: Joe CFO
Joe just got an email from his vacation resort.
Your Tropical Getaway
Joe,
Thank you for choosing us. We look forward to seeing you.
Before your arrival, please verify your information here: www.vacationresort.com
Best,Resort Team
[ Sample attacking: Joe CFO
No problem, right? Everything looks normal.
The site may even be a trusted site, or maybe a site that is newly minted.
Your Tropical Getaway
Joe,
Thank you for choosing us. We look forward to seeing you.
Before your arrival, please verify your information here: www.vacationresort.com
Best,Resort Team
[ Sample attacking: Joe CFO
Joe opens the link and the resort video plays.
Although he doesn’t know it, Joe’s machine has been compromised by a Silverlight based video exploit.
The malware now starts to harvest Joe’s confidential information:
• Passwords
• Credentials
• Company access authorizations
[ Talos: before, during and after
1.1 million file samples per day
AMP community
Advanced Microsoft
and industry disclosures
Snort and ClamAV open source
communities
AMP TG Intelligence
AEGIS™ program
Private and public threat feeds
10 million files per month - AMP
TG Dynamic analysis
10I000 0II0 00 0III000 II1010011 101 1100001 110
110000III000III0 I00I II0I III0011 0110011 101000 0110 00
I00I III0I III00II 0II00II I0I000 0110 00
101000 0II0 00 0III000 III0I00II II II0000I II0
1100001110001III0 I00I II0I III00II 0II00II 101000 0110 00
100I II0I III00II 0II00II I0I000 0II0 00
Cisco®
Talos
Threat
IntelligenceResearch
Response
ESA/WSA/CWS
Email Endpoints Web Networks IPS Devices
WWW
1.6 millionglobal sensors
100 TBof data received per day
150 million+ deployed endpoints
600+engineers, technicians,
and researchers
35% worldwide email traffic
13 billionweb requests
24x7x365 operations
40+languages
[ Cisco Email Security
Reporting
Message Track
Management
Allow Warn
AdminHQ
Anti-Spam
and
Anti-Virus
Mail Flow
PoliciesData Loss
ProtectionEncryption
BeforeDuringX XX
X
Inbound Email
Outbound Email
Cisco
Appliance Virtual
Talos
BlockPartial
Block
Outbound Liability
BeforeAfterDuring
Tracking
User click Activity
(Anti-Phish)
File
Sandboxing & Retrospection
X X XXX
Cloud
Content
Controls
X
Reputation
Acceptance
ControlsFile
Reputation
Anti-Spam
Anti-Virus Outbreak
Filters
X
Mail Flow
PoliciesGraymail
Management
Safe Unsubscribe
X
Anti-PhishThreatGrid URL Rep & Cat
[ Demo
[ Graymail management
Threat Defense Security Graymail Detection
BulkSocial
Network Marketing
Quarantine
• Whitelist – Allow Sender
• Blacklist – Block Sender
• Release – Safe unsubscribe
Block
Add Safe Unsubscribe Link
Verdict
RequestReputation
Filter
Anti-spam
Anti-virus
AdvancedMalwareProtection
[ Cisco AMP
[ SecureMail 4.0 Design
• End User Policy
• End User Content Filter
• End User / Admin Spam Quarantine
• PMM Mail (1 Click)
• LDAP Sync & Import (Web Portal)
• Signature und Encryption
[ SecureMail 4.0