SlideShare a Scribd company logo

Email Security: The Threat Landscape

Download as PPTX, PDF
Nuspire Networks
Nuspire Networks

Nuspire Networks Webinar Slideshow on Enterprise Email Security and the evolving threat landscape. Protect your Enterprise with Nuspire's Managed Enterprise Email Security. www.nuspire.com

Technology
1 of 14
Email Security: The Threat Landscape
OVERVIEW & AGENDA With the onslaught of recent attacks, email security has been thrust to the forefront of cyber security discussions. Organizations both large and small struggle with understanding the threat landscape and appropriate actions to mitigate risks that stem from email attacks. AGENDA • Email security statistics • The threat landscape • Enterprise email concerns • Technologies and methods to mitigate concerns • Email security solutions for enterprise organizations
STATISTICS & LANDSCAPE The spear phishing technique is, by far, the most successful method of hacking on the internet today, accounting for 91% of attacks. ​https://heimdalsecurity.com/blog/10-surprising-cyber-security-facts-that-may-affect-your-online-safety/ 93% of all malicious emails contain encryption ransomware. http://www.csoonline.com/article/3077434/security/93-of-phishing-emails-are-now-ransomware.html Unsolicited junk mail accounts for 86% of the world’s email traffic, with about 400 billion spam messages sent each day. https://www.bloomberg.com/news/articles/2016-01-19/e-mail-spam-goes-artisanal 112 billion business emails are sent daily. http://www.radicati.com/wp/wp-content/uploads/2015/02/Email-Statistics-Report-2015-2019-Executive- Summary.pdf
STATISTICS & LANDSCAPE Email Message Types: Email Message Types Spam Not Spam Newsletter Malware Spam 84% Not Spam 13% Newsletter 2% Malware 1% WM 46% JS 38% HTML 10% W32 4% Multiple 2% Top Malware 5 Delivery Methods Top 5 SPAM subject lines: Top 5 SPAM subject lines Govt Plan to Use Obscure Loophole to Issue 'Retirement Blackout'. Watch Everything On Cable, Netflix, Amazon, Hulu, HBO WITHOUT Fees. End Embarrassing Nail Fungus In As Little As 10 Days. Make Dinner Happen! Quick and Easy. $30 Off Your First Order. Lose 10 Lbs. In Your First Month Plus An Additional $100 Off Your Order! Top Malware Delivery Methods: From the NuSecure Threat Labs
 Sender Validation  Verification of the sender’s source organization/domain  Spam Protection  Decreased productivity  Increased resources & bandwidth on email servers, management, & administration  Email address harvesting  Phishing Protection  Phishing (randomized)  Spear phishing (targeted)  Whale phishing “whaling” (targets company executives)  CBE (Compromised Business Email)  Targeted at businesses to typically perform fraudulent wire transfers  Targeted at businesses working with foreign suppliers, regularly perform wire transfers  Typically uses spoofed email to individuals responsible for handling wire transfers with extremely targeted content specific to the business  Malware, Ransomware, & Zero days  Malware & virus attachments  New malware/zero days that do not match existing signatures ENTERPRISE EMAIL CONCERNS
 Message Link Content/Security  Hyperlinks in messages to objectionable content  Message hyperlinks to malware downloaders, zero day exploits, or malicious websites  Message Content  Objectionable language or images  Content file/mime types (encrypted zips/executables/vba)  DLP – Data Leak Prevention  Credit card numbers  Bank account information  Social security information  Document digital watermarking/hashes  Other proprietary information  Secure Message Delivery  Ensure message has been validated as from the sender’s organization/domain  Network Transport Encryption  Email Encryption  Confidential or sensitive information  Compliance concerns  Domain based and identity based encryption options ENTERPRISE EMAIL CONCERNS
 Sender Validation  Domain-based message Authentication, Reporting, & Conformance (DMARC)  Sender Policy Framework (SPF)  Domain Keys Identified Mail (DKIM)  Sender Policy Framework (SPF)  Sender Policy Framework without the use of DKIM  Call back verification  SMTP to validate email addresses  Use with care – multiple known issues exist and may not always work/conform to RFCs  Bounce address tag validation  Method to verify bounced messages to forged return addresses (Backscatter spam) TECHNOLOGIES & METHODS TO MITIGATE CONCERNS
 Malware, Ransomware, & Zero days  One or more anti-malware/antivirus engines for identification of known malicious attachments – but not enough on it own  Web categorization filtering engine analysis of links in message – systems can have difficulty with shortened URLs and HTML tags  A must-have component included with the above is sandboxing (Advanced Threat Protection)  File attachment & URI analysis with detailed behavioral analysis  Code emulation  Virtual runtime environment  Monitoring of system activity, exploit efforts, web traffic, subsequent downloads, and communication attempts  System should be designed to deal with advanced malware that attempts to avoid detection through VM detection & time bomb techniques  High performance is a must to ensure timely analysis & delivery of clean messages TECHNOLOGIES & METHODS TO MITIGATE CONCERNS
 Message Content & Included Link Content  Integrated link categorization to block objectionable/security risk message content (porn, malicious websites, phishing)  Ability to block/quarantine messages based upon Regulatory Compliance terms/regex such as SOX, GLBA, HIPAA, PCI  Ability to block/quarantine messages based upon Corporate Content Policies such as offensive words and file types  Have a process and procedure to respond to detected data leaks TECHNOLOGIES & METHODS TO MITIGATE CONCERNS
 DLP – Data Leak Prevention  Utilize DLP technology to detect violations of your content security policy or email policies  Have a process and procedure to respond to detected data leaks such as centralized quarantine review  Pre-built identification of common sensitive data types (SOX/GLBA/HIPAA/Credit card/Bank details  File fingerprinting/hashing of files & block/quarantine review  File watermarking of files and block/quarantine delivery  Secure Message Delivery  Outbound email uses properly configured Sender Policy Framework configuration (SPF)  Outbound email uses properly configured Domain Keys Identified Message (DKIM)  Transport Layer Security (TLS) approach to protect sensitive data when sent beyond the corporate borders  TLS authentication of sender/recipient domains (trading partner-based configuration)  TLS encryption between sender/recipient domains (trading partner-based configuration & opportunistic)  Properly sign outgoing messages and use DMARC reporting  Utilize Identity Based Encryption (IBE)  Email Encryption  Transport Layer Security (TLS) – organization/domain based authentication without the complexity of traditional key management  Identity Based Encryption (IBE) – full message encryption without the complexity of traditional key management  Simplistic key management technique for end to end message encryption in transport & at rest  Content based automatic encryption of email based upon content & key words  Rule based encryption of email controlled by sender/recipient TECHNOLOGIES & METHODS TO MITIGATE CONCERNS
EMAIL SECURITY FROM NUSPIRE NETWORKS
EMAIL SECURITY FROM NUSPIRE NETWORKS
• Founded in 1999 with 4 employees with 2 private owners • Commerce Michigan • To Serve the emerging trend of leveraging the public internet for data transport. • Privately held 2 (voting) Owners HQ Commerce MI, Walled MI & Cincinnati OH • Staff of approx. 105 full time employees operating 24/7/365 • Almost two Decades Serving the world ‘s largest and most distinctive companies • Dedicated R&D core “NuSecure Labs” Services supported by in-house IP • Global Monitoring and Onsite Capabilities Globally • SOC II Certified (formerly SAS 70) | Operational SOC (tri lingual) • Gartner Magic Quadrant –Managed Security Service Provider • INC. Magazine’s “Fastest Growing Companies” • Frost & Sullivan “Entrepreneurial Company of the Year 2011” • Multiple Service & Product awards as well as Employer awards. History Today Experienced Capable Stable Some of our recognition: Some Nuspire Customers nuspire networks
www.nuspire.com

Recommended

Email Security and Awareness
Email Security and AwarenessEmail Security and Awareness
Email Security and AwarenessSanjiv Arora
 
Email security
Email securityEmail security
Email securityBaliram Yadav
 
Cyber security and emails presentation
Cyber security and emails presentationCyber security and emails presentation
Cyber security and emails presentationWan Solo
 
Email security
Email securityEmail security
Email securityMohammed Hilal
 
Cybersecurity Awareness Training
Cybersecurity Awareness TrainingCybersecurity Awareness Training
Cybersecurity Awareness TrainingDave Monahan
 
Email security presentation
Email security presentationEmail security presentation
Email security presentationSubhradeepMaji
 
Email security
Email securityEmail security
Email securityIndrajit Sreemany
 
Cybersecurity Attack Vectors: How to Protect Your Organization
Cybersecurity Attack Vectors: How to Protect Your OrganizationCybersecurity Attack Vectors: How to Protect Your Organization
Cybersecurity Attack Vectors: How to Protect Your OrganizationTriCorps Technologies
 

Recommended

Email Security and Awareness
Email Security and AwarenessEmail Security and Awareness
Email Security and AwarenessSanjiv Arora
 
Email security
Email securityEmail security
Email securityBaliram Yadav
 
Cyber security and emails presentation
Cyber security and emails presentationCyber security and emails presentation
Cyber security and emails presentationWan Solo
 
Email security
Email securityEmail security
Email securityMohammed Hilal
 
Cybersecurity Awareness Training
Cybersecurity Awareness TrainingCybersecurity Awareness Training
Cybersecurity Awareness TrainingDave Monahan
 
Email security presentation
Email security presentationEmail security presentation
Email security presentationSubhradeepMaji
 
Email security
Email securityEmail security
Email securityIndrajit Sreemany
 
Cybersecurity Attack Vectors: How to Protect Your Organization
Cybersecurity Attack Vectors: How to Protect Your OrganizationCybersecurity Attack Vectors: How to Protect Your Organization
Cybersecurity Attack Vectors: How to Protect Your OrganizationTriCorps Technologies
 
Security Awareness Training by Fortinet
Security Awareness Training by FortinetSecurity Awareness Training by Fortinet
Security Awareness Training by FortinetAtlantic Training, LLC.
 
Email security
Email securityEmail security
Email securitySultanErbo
 
Phishing attacks ppt
Phishing attacks pptPhishing attacks ppt
Phishing attacks pptAryan Ragu
 
PPT on Phishing
PPT on PhishingPPT on Phishing
PPT on PhishingPankaj Yadav
 
Cybersecurity Awareness Training Presentation v1.3
Cybersecurity Awareness Training Presentation v1.3Cybersecurity Awareness Training Presentation v1.3
Cybersecurity Awareness Training Presentation v1.3DallasHaselhorst
 
Social Engineering new.pptx
Social Engineering new.pptxSocial Engineering new.pptx
Social Engineering new.pptxSanthosh Prabhu
 
Phishing
PhishingPhishing
PhishingSagar Rai
 
Email security
Email securityEmail security
Email securitykumarviji
 
Information Security Awareness Training Open
Information Security Awareness Training OpenInformation Security Awareness Training Open
Information Security Awareness Training OpenFred Beck MBA, CPA
 
Email Security Presentation
Email Security PresentationEmail Security Presentation
Email Security PresentationYosef Gamble
 
Spam
Spam Spam
Spam Senchu Thomas
 
Phishing ppt
Phishing pptPhishing ppt
Phishing pptshindept123
 
Email phishing and countermeasures
Email phishing and countermeasuresEmail phishing and countermeasures
Email phishing and countermeasuresJorge Sebastiao
 
Employee Security Awareness Program
Employee Security Awareness ProgramEmployee Security Awareness Program
Employee Security Awareness Programdavidcurriecia
 
Security threats
Security threatsSecurity threats
Security threatsQamar Farooq
 
Email Security Awareness
Email Security AwarenessEmail Security Awareness
Email Security AwarenessDale Rapp
 
Email security
Email securityEmail security
Email securityAhmed EL-KOSAIRY
 
Phishing ppt
Phishing pptPhishing ppt
Phishing pptSanjay Kumar
 
Security in e commerce
Security in e commerceSecurity in e commerce
Security in e commerceakhand Akhandenator
 
Encryption
Encryption Encryption
Encryption Adnan Malak
 
Borderware Security Platform
Borderware Security PlatformBorderware Security Platform
Borderware Security Platformcostigaj
 
Email: still the favourite route of attack
Email: still the favourite route of attackEmail: still the favourite route of attack
Email: still the favourite route of attackClaranet UK
 

More Related Content

What's hot

Email security
Email securityEmail security
Email securitySultanErbo
 
Phishing attacks ppt
Phishing attacks pptPhishing attacks ppt
Phishing attacks pptAryan Ragu
 
Cybersecurity Awareness Training Presentation v1.3
Cybersecurity Awareness Training Presentation v1.3Cybersecurity Awareness Training Presentation v1.3
Cybersecurity Awareness Training Presentation v1.3DallasHaselhorst
 
Social Engineering new.pptx
Social Engineering new.pptxSocial Engineering new.pptx
Social Engineering new.pptxSanthosh Prabhu
 
Email security
Email securityEmail security
Email securitykumarviji
 
Information Security Awareness Training Open
Information Security Awareness Training OpenInformation Security Awareness Training Open
Information Security Awareness Training OpenFred Beck MBA, CPA
 
Email Security Presentation
Email Security PresentationEmail Security Presentation
Email Security PresentationYosef Gamble
 
Email phishing and countermeasures
Email phishing and countermeasuresEmail phishing and countermeasures
Email phishing and countermeasuresJorge Sebastiao
 
Employee Security Awareness Program
Employee Security Awareness ProgramEmployee Security Awareness Program
Employee Security Awareness Programdavidcurriecia
 
Email Security Awareness
Email Security AwarenessEmail Security Awareness
Email Security AwarenessDale Rapp
 

What's hot (20)

Security Awareness Training by Fortinet
Security Awareness Training by FortinetSecurity Awareness Training by Fortinet
Security Awareness Training by Fortinet
 
Email security
Email securityEmail security
Email security
 
Phishing attacks ppt
Phishing attacks pptPhishing attacks ppt
Phishing attacks ppt
 
PPT on Phishing
PPT on PhishingPPT on Phishing
PPT on Phishing
 
Cybersecurity Awareness Training Presentation v1.3
Cybersecurity Awareness Training Presentation v1.3Cybersecurity Awareness Training Presentation v1.3
Cybersecurity Awareness Training Presentation v1.3
 
Social Engineering new.pptx
Social Engineering new.pptxSocial Engineering new.pptx
Social Engineering new.pptx
 
Phishing
PhishingPhishing
Phishing
 
Email security
Email securityEmail security
Email security
 
Information Security Awareness Training Open
Information Security Awareness Training OpenInformation Security Awareness Training Open
Information Security Awareness Training Open
 
Email Security Presentation
Email Security PresentationEmail Security Presentation
Email Security Presentation
 
Spam
Spam Spam
Spam
 
Phishing ppt
Phishing pptPhishing ppt
Phishing ppt
 
Email phishing and countermeasures
Email phishing and countermeasuresEmail phishing and countermeasures
Email phishing and countermeasures
 
Employee Security Awareness Program
Employee Security Awareness ProgramEmployee Security Awareness Program
Employee Security Awareness Program
 
Security threats
Security threatsSecurity threats
Security threats
 
Email Security Awareness
Email Security AwarenessEmail Security Awareness
Email Security Awareness
 
Email security
Email securityEmail security
Email security
 
Phishing ppt
Phishing pptPhishing ppt
Phishing ppt
 
Security in e commerce
Security in e commerceSecurity in e commerce
Security in e commerce
 
Encryption
Encryption Encryption
Encryption
 

Similar to Email Security: The Threat Landscape

Borderware Security Platform
Borderware Security PlatformBorderware Security Platform
Borderware Security Platformcostigaj
 
Email: still the favourite route of attack
Email: still the favourite route of attackEmail: still the favourite route of attack
Email: still the favourite route of attackClaranet UK
 
SonicWALL - Skytek - VnPro.pptx
SonicWALL - Skytek - VnPro.pptxSonicWALL - Skytek - VnPro.pptx
SonicWALL - Skytek - VnPro.pptxssuser813dcd
 
Dmarc is your savior
Dmarc is your saviorDmarc is your savior
Dmarc is your saviorTIKAJ
 
Ironport Data Loss Prevention
Ironport Data Loss PreventionIronport Data Loss Prevention
Ironport Data Loss Preventiondkaya
 
Sonic Wall Email Security End User
Sonic Wall Email Security End UserSonic Wall Email Security End User
Sonic Wall Email Security End UserRichard Daemen
 
Sonic Wall Email Security End User
Sonic Wall Email Security End UserSonic Wall Email Security End User
Sonic Wall Email Security End UserRichard Daemen
 
Balancing Cloud-Based Email Benefits With Security
Balancing Cloud-Based Email Benefits With SecurityBalancing Cloud-Based Email Benefits With Security
Balancing Cloud-Based Email Benefits With SecuritySymantec
 
Ch12(revised 20071226)
Ch12(revised 20071226)Ch12(revised 20071226)
Ch12(revised 20071226)華穗 徐
 
Email Security Appliance from IBM
Email Security Appliance from IBMEmail Security Appliance from IBM
Email Security Appliance from IBMChris Sparshott
 
Primend praktiline konverents - Office 365 turvalisus
Primend praktiline konverents - Office 365 turvalisusPrimend praktiline konverents - Office 365 turvalisus
Primend praktiline konverents - Office 365 turvalisusPrimend
 
Chapter 2 System Security.pptx
Chapter 2 System Security.pptxChapter 2 System Security.pptx
Chapter 2 System Security.pptxRushikeshChikane2
 
protection & security of e-commerce ...
protection & security of e-commerce ...protection & security of e-commerce ...
protection & security of e-commerce ...Rishav Gupta
 
Trend Micro - Hosted eMail Security
Trend Micro - Hosted eMail SecurityTrend Micro - Hosted eMail Security
Trend Micro - Hosted eMail SecurityTeddy Wijaya
 
CyberSecurityPPdddsdsddssdsdssaT_V3_1.pptx
CyberSecurityPPdddsdsddssdsdssaT_V3_1.pptxCyberSecurityPPdddsdsddssdsdssaT_V3_1.pptx
CyberSecurityPPdddsdsddssdsdssaT_V3_1.pptxprtabal_25
 
Cybersecurity about Phishing and Secutity awareness
Cybersecurity about Phishing and Secutity awarenessCybersecurity about Phishing and Secutity awareness
Cybersecurity about Phishing and Secutity awarenessImran Khan
 
Secure email gate way
Secure email gate waySecure email gate way
Secure email gate wayvfmindia
 
Mis jaiswal-chapter-11
Mis jaiswal-chapter-11Mis jaiswal-chapter-11
Mis jaiswal-chapter-11Amit Fogla
 
Comprehensive Protection and Visibility into Advanced Email Attacks
Comprehensive Protection and Visibility into Advanced Email Attacks Comprehensive Protection and Visibility into Advanced Email Attacks
Comprehensive Protection and Visibility into Advanced Email Attacks Symantec
 

Similar to Email Security: The Threat Landscape (20)

Borderware Security Platform
Borderware Security PlatformBorderware Security Platform
Borderware Security Platform
 
Email: still the favourite route of attack
Email: still the favourite route of attackEmail: still the favourite route of attack
Email: still the favourite route of attack
 
SonicWALL - Skytek - VnPro.pptx
SonicWALL - Skytek - VnPro.pptxSonicWALL - Skytek - VnPro.pptx
SonicWALL - Skytek - VnPro.pptx
 
Email Security Overview
Email Security OverviewEmail Security Overview
Email Security Overview
 
Dmarc is your savior
Dmarc is your saviorDmarc is your savior
Dmarc is your savior
 
Ironport Data Loss Prevention
Ironport Data Loss PreventionIronport Data Loss Prevention
Ironport Data Loss Prevention
 
Sonic Wall Email Security End User
Sonic Wall Email Security End UserSonic Wall Email Security End User
Sonic Wall Email Security End User
 
Sonic Wall Email Security End User
Sonic Wall Email Security End UserSonic Wall Email Security End User
Sonic Wall Email Security End User
 
Balancing Cloud-Based Email Benefits With Security
Balancing Cloud-Based Email Benefits With SecurityBalancing Cloud-Based Email Benefits With Security
Balancing Cloud-Based Email Benefits With Security
 
Ch12(revised 20071226)
Ch12(revised 20071226)Ch12(revised 20071226)
Ch12(revised 20071226)
 
Email Security Appliance from IBM
Email Security Appliance from IBMEmail Security Appliance from IBM
Email Security Appliance from IBM
 
Primend praktiline konverents - Office 365 turvalisus
Primend praktiline konverents - Office 365 turvalisusPrimend praktiline konverents - Office 365 turvalisus
Primend praktiline konverents - Office 365 turvalisus
 
Chapter 2 System Security.pptx
Chapter 2 System Security.pptxChapter 2 System Security.pptx
Chapter 2 System Security.pptx
 
protection & security of e-commerce ...
protection & security of e-commerce ...protection & security of e-commerce ...
protection & security of e-commerce ...
 
Trend Micro - Hosted eMail Security
Trend Micro - Hosted eMail SecurityTrend Micro - Hosted eMail Security
Trend Micro - Hosted eMail Security
 
CyberSecurityPPdddsdsddssdsdssaT_V3_1.pptx
CyberSecurityPPdddsdsddssdsdssaT_V3_1.pptxCyberSecurityPPdddsdsddssdsdssaT_V3_1.pptx
CyberSecurityPPdddsdsddssdsdssaT_V3_1.pptx
 
Cybersecurity about Phishing and Secutity awareness
Cybersecurity about Phishing and Secutity awarenessCybersecurity about Phishing and Secutity awareness
Cybersecurity about Phishing and Secutity awareness
 
Secure email gate way
Secure email gate waySecure email gate way
Secure email gate way
 
Mis jaiswal-chapter-11
Mis jaiswal-chapter-11Mis jaiswal-chapter-11
Mis jaiswal-chapter-11
 
Comprehensive Protection and Visibility into Advanced Email Attacks
Comprehensive Protection and Visibility into Advanced Email Attacks Comprehensive Protection and Visibility into Advanced Email Attacks
Comprehensive Protection and Visibility into Advanced Email Attacks
 

Recently uploaded

#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024BookNet Canada
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesSinan KOZAK
 
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersEnhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersThousandEyes
 
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Mattias Andersson
 
costume and set research powerpoint presentation
costume and set research powerpoint presentationcostume and set research powerpoint presentation
costume and set research powerpoint presentationphoebematthew05
 
New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024BookNet Canada
 
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)Wonjun Hwang
 
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...shyamraj55
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsMemoori
 
Unlocking the Potential of the Cloud for IBM Power Systems
Unlocking the Potential of the Cloud for IBM Power SystemsUnlocking the Potential of the Cloud for IBM Power Systems
Unlocking the Potential of the Cloud for IBM Power SystemsPrecisely
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsAndrey Dotsenko
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupFlorian Wilhelm
 
Benefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksBenefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksSoftradix Technologies
 
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 3652toLead Limited
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubKalema Edgar
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationRidwan Fadjar
 
CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):comworks
 
Pigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticscarlostorres15106
 
Pigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions
 

Recently uploaded (20)

#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen Frames
 
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersEnhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
 
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?
 
costume and set research powerpoint presentation
costume and set research powerpoint presentationcostume and set research powerpoint presentation
costume and set research powerpoint presentation
 
New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
 
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
 
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial Buildings
 
Unlocking the Potential of the Cloud for IBM Power Systems
Unlocking the Potential of the Cloud for IBM Power SystemsUnlocking the Potential of the Cloud for IBM Power Systems
Unlocking the Potential of the Cloud for IBM Power Systems
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project Setup
 
Benefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksBenefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other Frameworks
 
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding Club
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 Presentation
 
CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):
 
Pigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food Manufacturing
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
 
Pigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping Elbows
 

Email Security: The Threat Landscape

  • 2. OVERVIEW & AGENDA With the onslaught of recent attacks, email security has been thrust to the forefront of cyber security discussions. Organizations both large and small struggle with understanding the threat landscape and appropriate actions to mitigate risks that stem from email attacks. AGENDA • Email security statistics • The threat landscape • Enterprise email concerns • Technologies and methods to mitigate concerns • Email security solutions for enterprise organizations
  • 3. STATISTICS & LANDSCAPE The spear phishing technique is, by far, the most successful method of hacking on the internet today, accounting for 91% of attacks. ​https://heimdalsecurity.com/blog/10-surprising-cyber-security-facts-that-may-affect-your-online-safety/ 93% of all malicious emails contain encryption ransomware. http://www.csoonline.com/article/3077434/security/93-of-phishing-emails-are-now-ransomware.html Unsolicited junk mail accounts for 86% of the world’s email traffic, with about 400 billion spam messages sent each day. https://www.bloomberg.com/news/articles/2016-01-19/e-mail-spam-goes-artisanal 112 billion business emails are sent daily. http://www.radicati.com/wp/wp-content/uploads/2015/02/Email-Statistics-Report-2015-2019-Executive- Summary.pdf
  • 4. STATISTICS & LANDSCAPE Email Message Types: Email Message Types Spam Not Spam Newsletter Malware Spam 84% Not Spam 13% Newsletter 2% Malware 1% WM 46% JS 38% HTML 10% W32 4% Multiple 2% Top Malware 5 Delivery Methods Top 5 SPAM subject lines: Top 5 SPAM subject lines Govt Plan to Use Obscure Loophole to Issue 'Retirement Blackout'. Watch Everything On Cable, Netflix, Amazon, Hulu, HBO WITHOUT Fees. End Embarrassing Nail Fungus In As Little As 10 Days. Make Dinner Happen! Quick and Easy. $30 Off Your First Order. Lose 10 Lbs. In Your First Month Plus An Additional $100 Off Your Order! Top Malware Delivery Methods: From the NuSecure Threat Labs
  • 5.  Sender Validation  Verification of the sender’s source organization/domain  Spam Protection  Decreased productivity  Increased resources & bandwidth on email servers, management, & administration  Email address harvesting  Phishing Protection  Phishing (randomized)  Spear phishing (targeted)  Whale phishing “whaling” (targets company executives)  CBE (Compromised Business Email)  Targeted at businesses to typically perform fraudulent wire transfers  Targeted at businesses working with foreign suppliers, regularly perform wire transfers  Typically uses spoofed email to individuals responsible for handling wire transfers with extremely targeted content specific to the business  Malware, Ransomware, & Zero days  Malware & virus attachments  New malware/zero days that do not match existing signatures ENTERPRISE EMAIL CONCERNS
  • 6.  Message Link Content/Security  Hyperlinks in messages to objectionable content  Message hyperlinks to malware downloaders, zero day exploits, or malicious websites  Message Content  Objectionable language or images  Content file/mime types (encrypted zips/executables/vba)  DLP – Data Leak Prevention  Credit card numbers  Bank account information  Social security information  Document digital watermarking/hashes  Other proprietary information  Secure Message Delivery  Ensure message has been validated as from the sender’s organization/domain  Network Transport Encryption  Email Encryption  Confidential or sensitive information  Compliance concerns  Domain based and identity based encryption options ENTERPRISE EMAIL CONCERNS
  • 7.  Sender Validation  Domain-based message Authentication, Reporting, & Conformance (DMARC)  Sender Policy Framework (SPF)  Domain Keys Identified Mail (DKIM)  Sender Policy Framework (SPF)  Sender Policy Framework without the use of DKIM  Call back verification  SMTP to validate email addresses  Use with care – multiple known issues exist and may not always work/conform to RFCs  Bounce address tag validation  Method to verify bounced messages to forged return addresses (Backscatter spam) TECHNOLOGIES & METHODS TO MITIGATE CONCERNS
  • 8.  Malware, Ransomware, & Zero days  One or more anti-malware/antivirus engines for identification of known malicious attachments – but not enough on it own  Web categorization filtering engine analysis of links in message – systems can have difficulty with shortened URLs and HTML tags  A must-have component included with the above is sandboxing (Advanced Threat Protection)  File attachment & URI analysis with detailed behavioral analysis  Code emulation  Virtual runtime environment  Monitoring of system activity, exploit efforts, web traffic, subsequent downloads, and communication attempts  System should be designed to deal with advanced malware that attempts to avoid detection through VM detection & time bomb techniques  High performance is a must to ensure timely analysis & delivery of clean messages TECHNOLOGIES & METHODS TO MITIGATE CONCERNS
  • 9.  Message Content & Included Link Content  Integrated link categorization to block objectionable/security risk message content (porn, malicious websites, phishing)  Ability to block/quarantine messages based upon Regulatory Compliance terms/regex such as SOX, GLBA, HIPAA, PCI  Ability to block/quarantine messages based upon Corporate Content Policies such as offensive words and file types  Have a process and procedure to respond to detected data leaks TECHNOLOGIES & METHODS TO MITIGATE CONCERNS
  • 10.  DLP – Data Leak Prevention  Utilize DLP technology to detect violations of your content security policy or email policies  Have a process and procedure to respond to detected data leaks such as centralized quarantine review  Pre-built identification of common sensitive data types (SOX/GLBA/HIPAA/Credit card/Bank details  File fingerprinting/hashing of files & block/quarantine review  File watermarking of files and block/quarantine delivery  Secure Message Delivery  Outbound email uses properly configured Sender Policy Framework configuration (SPF)  Outbound email uses properly configured Domain Keys Identified Message (DKIM)  Transport Layer Security (TLS) approach to protect sensitive data when sent beyond the corporate borders  TLS authentication of sender/recipient domains (trading partner-based configuration)  TLS encryption between sender/recipient domains (trading partner-based configuration & opportunistic)  Properly sign outgoing messages and use DMARC reporting  Utilize Identity Based Encryption (IBE)  Email Encryption  Transport Layer Security (TLS) – organization/domain based authentication without the complexity of traditional key management  Identity Based Encryption (IBE) – full message encryption without the complexity of traditional key management  Simplistic key management technique for end to end message encryption in transport & at rest  Content based automatic encryption of email based upon content & key words  Rule based encryption of email controlled by sender/recipient TECHNOLOGIES & METHODS TO MITIGATE CONCERNS
  • 11. EMAIL SECURITY FROM NUSPIRE NETWORKS
  • 12. EMAIL SECURITY FROM NUSPIRE NETWORKS
  • 13. • Founded in 1999 with 4 employees with 2 private owners • Commerce Michigan • To Serve the emerging trend of leveraging the public internet for data transport. • Privately held 2 (voting) Owners HQ Commerce MI, Walled MI & Cincinnati OH • Staff of approx. 105 full time employees operating 24/7/365 • Almost two Decades Serving the world ‘s largest and most distinctive companies • Dedicated R&D core “NuSecure Labs” Services supported by in-house IP • Global Monitoring and Onsite Capabilities Globally • SOC II Certified (formerly SAS 70) | Operational SOC (tri lingual) • Gartner Magic Quadrant –Managed Security Service Provider • INC. Magazine’s “Fastest Growing Companies” • Frost & Sullivan “Entrepreneurial Company of the Year 2011” • Multiple Service & Product awards as well as Employer awards. History Today Experienced Capable Stable Some of our recognition: Some Nuspire Customers nuspire networks