the email anti-impersonation company date: may 2 · 2017-05-12 · the email anti-impersonation...

©2017 ValiMail. All Rights Reserved. Confidential and Proprietary. www.valimail.com

The Email Anti-Impersonation Company

Date: May 2nd, 2017

©2017 ValiMail. All Rights Reserved. Confidential and Proprietary. www.valimail.com 3

Email: “I need you, but I don’t trust you”


90%+ of cyber attacks start with a phish

4


Anyone can send email in your name

Most organizations neither see nor control who sends email on their behalf

Your Company Impersonators

From: YourCompany.com

Authorized Senders

Shadow Email

Employees, Customers, Partners

3rd-Party Senders (10,000++)

Phish

5


Email Authentication has reached an inflection point

SENDERS

Source: Farsight

Unfortunately, “adoption” does not mean “success”

>2.7 billion inboxes covered by DMARC

March 2017 - FTC recommends DMARC

RECEIVERS & SEGs

(Note: Google reports over 500K

domains with DMARC)

6


~70% of DMARC implementations fail, for any company size

Company Size

Source: ValiMail

Failure = no enforcement/unprotected

Attempted Authentication Failure Rate

NASDAQ 100

FTSE 100

S&P 500

Fortune 1000

Alexa 10,000

Alexa 100,000

Alexa 1 million

43.0%

25.0%

23.8%

16.2%

14.2%

5.9%

2.3%

72.1%

80.0%

74.4%

76.5%

62.3%

71.1%

74.6%

7


Even the big email security players get it wrong


Email Authentication at CSO50

20% have tried, with a 75% failure rate

9

Industry Sample Size Attempted SuccessfulEnforcement

Of Attempted, success rate

All 250 48 (19%) 12 (5%) 25%

Finance 39 13 (33%) 5 (13%) 39%

Media/Tech 69 19 (28%) 4 (6%) 21%

Retail/Industrial 49 7 (14%) 2 (4%) 29%

Gov’t/Edu 47 5 (11%) 0 (0%) 0%

Healthcare 46 4 (8%) 1 (2%) 25%

Source: ValiMail


What keeps companies from enforcing authentication?

IT’S HARD TO GET RIGHT MISTAKES ARE VERY COSTLY

Auto-identifying & configuring sending services is hard

Dozens-hundreds of DNS changes – manual, slow, painful and dangerous

Standards are brittle, restrictive & unforgiving

Ongoing changes to cloud services require active monitoring & updates

Legitimate email from your domain is quarantined or blocked

X

10

✓


Industry evolution

<30% after 12 months

DIY

REPORTS & RECOMMENDATIONS

APPROACH

WHAT YOU PAY

WHAT YOU DO

ENFORCEMENT (SUCCESS) RATE

Get to enforcement fast, and stay there

CONSULTANTS

<40% after 9 months

Email Authentication as a Service (EAaaS)

$$

FULLY AUTOMATED, CLOUD-BASED SERVICE

MORE REPORTS & CONSULTING

CLICK

>90% after 3 months

WHAT YOU GET

11

IDENTIFY SENDERS, RECONFIGURE DNSSKIRT LIMITATIONS

IDENTIFY SENDERS, RECONFIGURE DNSSKIRT LIMITATIONS

$$$ + $$$ + $$

Manual effort becomes automated over time


ValiMail invented Email Authentication as a Service™

Email Anti-Impersonation: Customers include:

• Completely stops impersonation

attacks (#1 phishing attack vector)

• Fully automated cloud solution

with 1-click control

• Complete visibility & control over

shadow email services

• Mission-critical infrastructure vs

consulting services

12


A services-driven approach and automated cloud infrastructure are game-changers

1. Identify all email services

2. Find SPF & DKIM configurations

3. Log into DNS console

4. Update DNS TXT records

5. ERROR! SPF over 10 lookup limit

6. Wait 24 hours: what’s broken?

7. Fix newly identified services

8. Monitor, Repeat ValiMail goes beyond configuration with a service that “Just Works"

Existing Process

• Identifies shadow email services

• Enables or blocks senders with one click

• Eliminates need to reconfigure or touch DNS

• Fixes standards limitations

13


Customers and partners are seeing great results

“Visibility and control while detecting and blocking phishing attacks –incredible!”

Chris CravensHead of Technology Services

“Allowed me to see and manage my email services, while preventing phishing attacks.”

Steve FridakisCISO

“Quickly & efficiently provided us with visibility and control of our email services.”

Chris PorterCISO

“Officially coolest thing since sliced bread.”

Nomi ConwayProduct Manager, Risk & Security

“Setup, configuration, and on-going maintenance of SPF, DKIM, and DMARC records can be so challenging,…ValiMail addresses the limitations of these standards through unique technology…all from an intuitive interface.”

Microsoft Field Note to Global Sales

14


Our CISOs see value across the enterprise

15


Demand more than “reports & configs”

ValiMail EAaaSCloud

A dynamic, 24x7x365, services-driven authentication infrastructure

Email Sender Database(>10K services)

Purpose-BuiltDNS Cloud (>10M queries/day)

Services Management Portal(One click)

Real-time map of email sending services & configuration requirements

Hosts & serves only the DMARC/DKIM/SPF portion of your DNS

Dynamically generates perfect SPF records for every request

Instantly updates enforcement for services sending in your name (without touching DNS)

16

DMARC

SPF DKIM


Are you being phished right now?

Complementary visibility report • Find out who’s sending email on your behalf – (legitimate and malicious)

• Who’s impersonating you?

• What shadow email services are sending as you?

• No cost, no risk, no change to email flow, no exposure of PII

Protect your employees, customers, partners, prospects, and brand

Check your domain at: www.valimail.com

the email anti-impersonation company date: may 2 · 2017-05-12 · the email anti-impersonation...

Documents