trusted pathfinders for your unique digital … · • header to: [email protected] 0.8% ->...
TRANSCRIPT
T R U S T E D PAT H F I N D E R S F O R Y O U R U N I Q U E D I G I TA L T R A N S F O R M AT I O N J O U R N E Y
A u g u s t 2 2 , 2 0 1 8
© 2018 Candoris
Attacks are changing with the times:
90% of sophisticated attacks target people, largely via email
Threats use social engineering, not vulnerabilities
BEC/imposter email fraud has become a board-level issue:
$3.1B in direct losses since January 2015, up 1,300% year over year
22,143 organizations victimized in the US alone
Industry is not aligned with the threats
Why are we talking about Email Security?
© 2018 Candoris
62% -> Reply-To Spoofing• Header From: “Joe User” [email protected]• Header To: [email protected] • Header Reply To: [email protected] 37.1% -> Display Name Spoofing• Header From: “Joe User” [email protected] • Header To: [email protected] 0.8% -> Lookalike Domain• Header From: “Joe User” [email protected] • Header To: [email protected] <0.1% -> Business Partner Spoofing• Header From: “Trusted Vendor” [email protected] • Header To: [email protected]
What are the BEC tactics in use?
© 2018 Candoris
BEC concerns are bi-directionalInbound Outbound
© 2018 Candoris
•Sender Polify Framework (SPF)
•DomainKeys Identified Mail (DKIM)
•Domain-based Message Authentication, Reporting & Conformance (DMARC)
Industry-Standard Email Authentication Protocols
•Policy
•Classification
•Authentication
•Advanced Data Loss Prevention (DLP)
Advanced Email Security Solutions
•Bite-sized lessons
•Provide feedback
•Learn by doing
•Create teachable moments
End-User Training/Education
© 2018 Candoris
Email Authentication Protocols OverviewWhiteboard Session
© 2018 Candoris
•Sender Polify Framework (SPF)
•DomainKeys Identified Mail (DKIM)
•Domain-based Message Authentication, Reporting & Conformance (DMARC)
Industry-Standard Email Authentication Protocols
•Policy
•Classification
•Authentication
•Advanced Data Loss Prevention (DLP)
Advanced Email Security Solutions
•Bite-sized lessons
•Provide feedback
•Learn by doing
•Create teachable moments
End-User Training/Education
© 2018 Candoris
DIGITAL RISK LEADERSEG MQ LEADER
Proofpoint Overview
Top 5 public
cybersecurity and
compliance
company
(NASDAQ: PFPT)*
Complete suite of
solutions to
protect the way
people work from
security,
compliance, and
digital risks
Deep expertise in
enterprise class
solutions for
every aspect of
email, the #1
threat vector
Dedicated to
leading in
effectiveness
against the
changing threat
landscape
SILICON VALLEY HQ ARCHIVE MQ LEADER
* by market cap
GLOBAL PRESENCE
© 2018 Candoris
9
© 2018 Candoris
10
© 2018 Candoris
© 2018 Candoris
•Sender Polify Framework (SPF)
•DomainKeys Identified Mail (DKIM)
•Domain-based Message Authentication, Reporting & Conformance (DMARC)
Industry-Standard Email Authentication Protocols
•Policy
•Classification
•Authentication
•Advanced Data Loss Prevention (DLP)
Advanced Email Security Solutions
•Bite-sized lessons
•Provide feedback
•Learn by doing
•Create teachable moments
End-User Training/Education
13
14
15
16
Mike Shellenberger
End User Computing, Solution Architect
Candoris Technologies
(717) 256-3485
Thank you for
attending!