OCTOBER 1 – 4, 2018 | WASHINGTON, D.C.

Phishing, Impersonation, and MalwareDefending Email Against Today’s Advanced Threats

DISCLOSUREAny future offering, feature, or related specification that may be referenced in this presentation is for information purposes only, is not a commitment to deliver any offering, technology, functionality or enhancement, and should not be relied on in making purchasing decisions. We reserve the right to modify future product and service plans at any time.

©2018 FireEye

Agenda

3

Email Threat Landscape

FireEye Email Security Progression

Demos• Cloud Edition • FireProof – Email Threat Analysis

Customer Reference

©2018 FireEye

Evolving Email Threat Trends

Phishing Sites

Shift to URLs over malware90% blocked attacks were

malware-less1

Go live after passing email security

Spear Phishing

Continued sophistication of

social engineering

ImpersonationSender spoofed attacks

such as CEO fraud17% of all blocked attacks

utilized impersonation tactics1

Malware-less emails may lead to malware1 Source: Internal data January - June 2018

4

©2018 FireEye

Malware-Less versus Malware Attacks

Source: Internal data January - June 2018

5

JANUARY FEBRUARY MARCH APRIL MAY JUNE

MALWARE MALWARE-LESS

of attacks blocked were malware-less90%

▷ Impersonation ▷ CEO fraud ▷ Whaling

▷ Spear phishing ▷ W2 fraud

of attacks blocked contained malware10%

▷ Viruses ▷ Ransomware ▷ Worms

▷ Spyware ▷ Trojan horses

©2018 FireEye

Customer Email Security Pain Points

URLs

Multi-StageImpersonation or Imposter

Attachments

6

©2018 FireEye

How Impersonation Attacks Have Evolved

mike.smith@example.com <ceofraud71286@gmail.com>

mike.smith@example.com

7

©2018 FireEye

Impersonation Detectionaka Business Email Compromise threats

Techniques Used to Stop Evolving Inline Attacks

Newly Existing Domains

Looks-Like & Sounds-Like Domains

Reply-to-Address & Message Header Analysis

Friendly Display Name & Username Matching

CEO Fraud Algorithms

8

©2018 FireEye

9

Impersonation Detections Are Growing

©2018 FireEye

On the Roadmap – Outbound Detection

§ Scan outgoing email

– Filter spam and viruses (AVAS)– Detect advanced threats– Apply Smart Rules

§ Detect compromised email accounts

– Prevent domain blacklisting

§ Detect advanced threats

– Stop threats coming from network via outgoing email

§ Strengthen inbound filtering

Internet

FireEye Email Security Service

Cloud Email Service/O365

Inbound detection Outbound detection

10

©2018 FireEye

Increased Detections Over Time

Advanced URL Defense v3.0 Release(May 2017)

PhishVision & Skyfeed v3.6 Release(Feb 2018)

11

©2018 FireEye

ThreadKit Exploit Campaign

FireEye Threat Intelligence

identified large volumes

of phishing emails

FireEye threat researchers

analyzed and tested

ThreadKIt

Reported to FireEye Labs

FireEye Email Security

detections in place

12

1

23

4

©2018 FireEye

One Source CommunicationsCustomer and Partner Reference

§ Full solution suite including FireEye Email Security and FireEye Helix

§ Increased malware-less threat detection and blocking

– URL rewrites provide better visibility into environment

– Retroactive URL alerts

– Reduced reliance on end user making a choice

§ MSSP with 800 clients – value Cloud Edition portal enhancements

– Create complex policies for message analysis and for multiple domains

§ O365 migrations – won’t implement w/out email security solution

– More is better – MS ATP and other solutions aren’t good enough

– FireEye Threat Intelligence & Email Security – unmatched for stopping evolving threats

13

©2018 FireEye

1

2

3

Cloud Edition Demo

Dashboard

Advanced Threats

Smart Rules (Advanced Custom Rules)

15

FireProof

©2018 FireEye

FireProof - Email Threat Analysis

20

Research shows FireEye Email Security deployed behind Microsoft O365 with ATP can improve email threat detection by at least 25%.

Enhance your Office O365 email protection with an easy to set up process that analyzes your delivered email and surfaces threats undetected by your current email security solutions.

Receive a summary and discuss the detailed findings with FireEye’s Office 365 experts.

1

2

3

Stop by the Solution Expo to participate and request your analysis today.4

©2018 FireEye

Email Threat Analysis (Overview)

§ Set up

– Specify delivered email timeframe– Select email count – Designate mailboxes (optional)

§ Authorize Office 365 access – admin credentials needed

§ Receive status emails

§ Get analysis summary

§ Request detailed report discussion with SE

21

©2018 FireEye

Setting up Evaluation (Customer)

22

§ Press “Accept”

©2018 FireEye

Tracking Progress (Customer)

23

§ When the process is completed, the customer receives an email update.

©2018 FireEye

Tracking Progress (Sales and Customer)

24

§ After the Evaluation has been completed, the report is sent to the Sales team in a PDF file.

§ FireEye SE follows up and goes over report.

©2018 FireEye

Recap

§ Continue investment and innovation to protect users against email threats

§ Our focus

– Be the best at detecting advanced threats, including phishing and impersonation

– Position as a leader in the Secure Email Gateway market§ Visit the CDS Solutions Expo

– Request a FireProof evaluation. Discover enhanced Office 365 email protection.– Questions? … ask our email security experts

§ Contact your account manager to organize a roadmap session

25

Thank You