©2020 Arctic Wolf Networks, Inc. All rights reserved. ©2020 Arctic Wolf Networks, Inc. All rights reserved.

The Current State of Modern Email Security

©2020 Arctic Wolf Networks, Inc. All rights reserved. ©2020 Arctic Wolf Networks, Inc. All rights reserved.

Agenda

2

1. Email numbers and facts2. Email history and trends3. Detecting a phishing attack4. Cybersecurity Using the CIS

Controls Framework

Classification: Public

©2020 Arctic Wolf Networks, Inc. All rights reserved. ©2020 Arctic Wolf Networks, Inc. All rights reserved. 3Classification: Public

Email numbers and factsThis presentation is worth your attention because…

Classification: Public

©2020 Arctic Wolf Networks, Inc. All rights reserved. Classification: Public

Email numbers and facts

4

Based on the 2019 DBIR:

©2020 Arctic Wolf Networks, Inc. All rights reserved. Classification: Public

Email numbers and facts

5

Email continues to represent the bear’s share of top malware vectors by incident.

Chart:Top malware

action vectors in incidents

(2019 DBIR)

©2020 Arctic Wolf Networks, Inc. All rights reserved. ©2020 Arctic Wolf Networks, Inc. All rights reserved. 6Classification: Public

Email history and trendsPhishing, blacklists, ILOVEYOU worm, Gmail/O365, and encryption

Classification: Public

©2020 Arctic Wolf Networks, Inc. All rights reserved. Classification: Public

Email history and trends

7

1996 – The term ”phishing” was coined on an AOL

message board.

1997 – Paul Vixie created the first blacklist of known

spam email servers.

2000 – The infamous ILOVEYOU worm ravaged the

internet, spread by email.

2003 – Email security firm Mimecast was formed to

combat increasing email threats.

©2020 Arctic Wolf Networks, Inc. All rights reserved. Classification: Public

Email history and trends

8

2007 – Google released the Gmail cloud-based email

platform to the public.

2011 – Microsoft introduced Office 365 cloud services.

2012 – Arctic Wolf Networks was formed to detect and

respond to cyberattacks.

2018 – Office 365 had ~150 million users and Gmail had

~1.5 billion users.

2019 – Nearly 4.7 billion phishing emails were sent

every day.

©2020 Arctic Wolf Networks, Inc. All rights reserved. ©2020 Arctic Wolf Networks, Inc. All rights reserved. 9Classification: Public

Detecting a phishing attackFrom bad decision to investigation to customer notification

Classification: Public

©2020 Arctic Wolf Networks, Inc. All rights reserved. Classification: Public

Bad decision

10

©2020 Arctic Wolf Networks, Inc. All rights reserved. Classification: Public

Initial red flag

11

©2020 Arctic Wolf Networks, Inc. All rights reserved. Classification: Public

Ensuing investigation

12

©2020 Arctic Wolf Networks, Inc. All rights reserved. Classification: Public

Ensuing investigation

13

©2020 Arctic Wolf Networks, Inc. All rights reserved. Classification: Public

Customer notification

14

©2020 Arctic Wolf Networks, Inc. All rights reserved. ©2020 Arctic Wolf Networks, Inc. All rights reserved. 15Classification: Public

Cybersecurity Using the CIS Controls

Classification: Public

©2020 Arctic Wolf Networks, Inc. All rights reserved. Classification: Public

Industry Cybersecurity ChallengesLower your cost by speeding up the time to identify and remediate cyberattacks

Source: 2019 Ponemon Cost of Data Breach Incident Report

314 Days84 Days Mean Time to Contain (MTTC)

230 Days Mean Time to Identify (MTTI)

Organizations unable to process +60% of their security data

1.5MThe security

skills gap through 2020

$1.22MAverage Cost

if detection and response

is more than 200 days

Source: Gartner Source: Gartner Source: 2019 Ponemon Cost of Data Breach Incident Report

70%

16

©2020 Arctic Wolf Networks, Inc. All rights reserved.

8CIS Controls + Implementation Groups

Classification: Public

2

5

0

1

0

0

4

2

5

6

4

7

2

3

2

2

1

1

1

0

1

0

0

7

5

3

1

6

2

3

1

4

1

4

4

4

3

1

6

2

4

5

9

2

3

1

2

3

0

1

1

2

3

10

3

6

6

0

4

0

8

10

7

9

5

8

10

8

5

5

7

12

9

9

10

13

9

11

8

8

43

98

30

17

©2020 Arctic Wolf Networks, Inc. All rights reserved.

Mind the Gap

1.1.4 - Maintain Detailed Asset Inventory20.20.7 – Ensure Results from Penetration Test are Documented Using Open, Machine-readable Standards

26% 57% 17%

83% 100%

Classification: Public 18

©2020 Arctic Wolf Networks, Inc. All rights reserved.

CIS + Arctic Wolf

68, 40%

33, 19%

70, 41%

Control Coverage

Avg. CustomerArctic Wolf PrimaryRemaining Controls

• Endpoint Prevention• Firewalls• Screen Lockouts• Web Filtering• Email Security• Data Protection (backups)4, 6%

66, 94%

Nothing

Arctic WolfCompliments

Classification: Public 19

©2020 Arctic Wolf Networks, Inc. All rights reserved.

Managed Detection and Response Architecture

20

SaaS

Cloud Monitoring

FW/UTM Logs

Flow Data

IDS Alerts

DNS Logs

HTTP & TLS

ADOther Logs Server

LogsEmail

GatewayWireless

AP

On Premises Arctic Wolf Cloud Connectors

SecaaSIaaS

Arctic Wolf Physical Sensor Arctic Wolf Agent

WirelessNetworks

Windows Event Logs Asset

InformationRootkit /

Compromise Alerts

Process Tables

Installed Patches

Commercial Feeds

Malware/Domain Lookup

IP Location/Reputation

Arctic Wolf SOC-as-a-ServiceNotifications

Custom Reports

Trouble Tickets

Trusted AdviceConcierge Security Team (CST)

ActionableResults

ThreatIntelligence

Secure Transport Secure Transport

©2020 Arctic Wolf Networks, Inc. All rights reserved. ©2020 Arctic Wolf Networks, Inc. All rights reserved.

Questions & Answers

Classification: Public