vade secure meet & greet - cloudmarket.com€¦ · meet & greet account manager giacom...

Vade Secure Meet & Greet

____________________

Product Manager

____________________

VP Sales EMEA

____________________

Chief Solution Architect

____________________

CTO

Giacom Welcome

Vade Secure Overview

Coffee Break

Vade Secure Demo

Networking and Lunch

Meet & Greet Account Manager

Giacom Close

Reselling Native Office 365 Email Security

Adrien Gendre, Chief Solution Architect, Vade Secure

©2018 – Vade Secure

Vade Secure is a global leader in predictive email defense

Predictive Email Defense

600 millionmailboxes protected

End Customers Telcos

* One Commercial Partner (OCP) Program

MSP

10 Billion DatasetA day


AI-based threat detection solutions for email


Core Filter

EngineHeuristics for behavioral analysis

AI / Machine learning models fed by data

from 600M mailboxes

Real-time URL exploration

In-message spear phishing banners

Real-time attachment code interpreter

Native, API-based

add-on for Office 365


Can you identify the real Office 365 login page?


Can you identify the real Office 365 login page? (2019 edition)


Hacker techniques


Content randomization

“The path of the righteous man is beset on all sides by the Inequities of the selfish and the tyranny of evil men blessed is he who, in the name of charity and good will shepherds the weak through the valley of

darkness for he is truly his brother's keeper and the finder of lost children and I will strike down upon thee with great vengeance and furious anger those who attempt to poison and destroy my brothers and you will know

my name is the Lord when I lay my vengeance upon thee”



Make each email unique by changing content, not behavior

• Insert random or invisible text

• Encode random characters

• Random values for HTML attributes (IDs, Class, etc.)

• Insert whitespaces

• Use similar colors



<a onmouseDown="alert('Try it a couple of times')"><font color="#2188D7">

Similar colors, but different color codes:

<a onmouseDown="alert('Try it a couple of times')"><font color=“#1F88D8">


Dynamic URL redirection

1. Clean Shortners: bit.ly/mylink1234 > https://login.microsoft.com

2. Malicious Shortners:

https://hackedlegitimate.com.au/ch/share/verificationAttempt.ph

p?sf58gfd1s689sxd2sdf8angf264s...

https://login.microsoft.com/


Abuse of redirection mechanisms / subdomains

http://wmxemail.walmart.com/track?type=click&mailingid=94z_6-0-0-0-optcr_201707007&userid=-

0225249577&extra=&&&http://ec2-54-212-231-1.us-west-

2.compute.amazonaws.com/?NzM1NTk4NzM9NjcwNSY0OTQyNjc9MjUmMzQ9Y2xpY2smMWo3emYzPTEmbGlkPTI1MjQ=

https://ddeabt.weebly.com/

https://u2inbox.weebly.com/

…

Redirection abuse (Walmart example):

Abuse of free hosting websites:


Cousin domain spoofing

SPF, DKIM and DMARC have made it difficult to spoof a known domain:

But they don’t prevent hackers from sending emails from cousin domains:

Your domain: mycompany.com

Cousin domains: my-company.co, mycompanyglobal.com, mycornpany.com, etc.


User alias spoofing

Mobile email clients display only the user alias, not the email address

iPhone Outlook


Spear phishing attacks are evolving

• Legitimate compromised account > cousin domain > exact domain

• No request in the first email

• Evolving CTAs: wire transfer, ransom, gift cards

• Past data breaches used to personalized spear phishing


Hackers’s business opportunity becomes the MSP’s business opportunity


Office 365 is the #1 target of phishing


Source: Vade Secure, ”Phishers’ Favorites”

• 4 new malware samples are created everysecond.

• Phishing remains one of the most successfulattack vectors due to its speed, as most phishingsites stay online for just 4 to 5 hours.

• Users only report 17% of phishing attacks, and itis seen as a low-risk type of activity.

• As a result, today only 65% of all URLs are considered trustworthy.

https://www.av-test.org/en/statistics/malware/

https://www-cdn.webroot.com/6715/2122/9225/2018-Threat-Report-Infographic-sm.pdf

https://enterprise.verizon.com/resources/reports/dbir/

https://www-cdn.webroot.com/9315/2354/6488/2018-Webroot-Threat-Report_US-ONLINE.pdf


Why Office 365 is so lucrative to cybercriminals

One target: 155 million corporate users

Single entry point: to the entire suite

Legitimate accounts: harder to detect


The rise of multi-phased attacks

Step #1:

Phishing

Step #2: Insider attack

Company B

Goal:

Credentials

Colleague

Business

partner

Target(s)

Goal: $$$

(wire transfer, ransom, gift cards)

Step #3: Spear phishing

Company A perimeter


The current state of the email security market


EOP blocks known threats using traditional techniques


Known spam

Known malware

Known phishing

Office 365

Infrastructure

EOP

Spear phishing(exact domain)


Additional protection is needed for unknown threats

Office 365

Infrastructure

EOPEOP

Dynamic phishing

Polymorphic malware

Graymail, unknown SPAMKnown spam

Known malware

Known phishing

Advanced spear phishingSpear phishing

(exact domain)


But email gateways aren’t sufficient for cloud environments


Secure

email gateway

EOP

Disables EOP

Office 365

infrastructure

Complex to configure

(MX record)MX

Complexity for End Users

(separate quarantine)

Does not filter

internal email flow

MX bypass trick for Office 365


We need a solution that...


Cloud security

email gateway

EOP

Office 365

infrastructure

MXNeeds 0 redirection MX

Layers with EOP for

additional security

EOP

Native Office 365 interface

(No separate quarantine)Filters internal

email flow


Needs 0 redirection MX

This is Vade Secure for Office 365Native API-based add-on provides simplicity for partners and their clients


Office 365

infrastructure

Activates as an API

in a few clicks

Layers with EOP for

additional security

EOP

Native Office 365 interface

(Requires no quarantine)

Filters internal

email flow


360° protection against all email threats


Comprehensive approach: protection before, during and after the attack

Decimate

Remediate

AnticipatePredictive approach to unknown threats Real-time response to new attacks

Post-delivery mitigation using humans and AI


Provisioning clients is as easy as 1-2-3


1 2 3

Create an Account in the Giacom

CloudMarket

Activate journaling in Office 365

Log in to Vade Secure with O365 admin

credentials

Questions?


Demo Time


Layering Vade Secure for Office 365 on top of EOP delivers significant incremental protection


• Mail flow for a sample of 33 Vade Secure for Office 365 production instances

• Representing roughly 5,000 mailboxes• Timeframe: September 2018

Context:

• 39% improvement in phishing detection: 249 of the 643 phishing emails detected by Vade were marked clean by EOP

• 56% improvement in malware detection: 46 of the 82 malwares detected by Vade were marked clean by EOP

Results:

Phishing Detection against EOP

39%

Improvement

Malware Detection against EOP

56%

Improvement


MSP sees enhanced threat detection with Vade Secure compared to Microsoft ATP


• UK-based MSP with 47 employees• Using Office 365 with EOP and ATP• 1-month PoC for Vade Secure for Office 365

Context:

• 17% improvement in phishing detection: 43 of the 254 phishing emails detected by Vade were marked clean by ATP

• 30% improvement in malware detection: Vade identified additional 14 malwares on top of the 46 identified by ATP

Results:

Phishing Detection against ATP

17%

Improvement

Malware Detection against ATP

30%

Improvement


A fast, easy way to run POCs and generate business

Activate instantly

Run a risk-free PoC in

transparent mode

Offer your clients the

best protection on

the market

Vade Secure activates in a

few clicks.

No MX record change.

Nothing to install.

Vade Secure analyzes

emails, but doesn’t touch

them. Evaluate the efficacy

of the filter on your internal

email or a test account.

Resell Vade Secure’s best-

in-class predictive email

defense as an additional

security layer for Office 365

clients.


Why Partner with Vade Secure


Aligned with Microsoft cloud strategy Easy activation & management

Minimal upfront investmentHigh retention (99%) =

long-term growth


#5. Why Vade Secure for Office 365


1. No MX change

2. No UX change

3. No external quarantine

4. EoP will work 100% capacity

5. Bad guys will not see who is protecting your organization

6. Protection against insider attacks

Thank you

[email protected]

Questions?

From battlecards, microsites and email templates to social media copy blocks, brochures and

business presentations – discover the materials we have available in our Academy.

Tell us what products you need materials for, and send your logo and business contact details to

[email protected] and we will brand the marketing materials free of charge on request.

Visit the cloud.market portal to find out more.

Each new customer added for O365 Email Security will have a Free Period from the point of addition to the next billing date allowing partners to offer a Proof of Concept before committing

Solution can run either in monitoring or protection mode

Monitoring analyses all emails, but takes no action

Switching to Protection only takes one click

POC best practices: 2 days in monitoring, 3 days in protection.

Increase your own security whilst protecting your customers!

Add 150 or more Vade Secure licences between 1st October – 26th December 2019 and

you could qualify for a “Ring” Video Doorbell.

For any additional questions or a personal tailored demo please feel

free to reach out to your Giacom representative.

vade secure meet & greet - cloudmarket.com€¦ · meet & greet account manager giacom...

Documents