Nuspire Networks Webinar Slideshow on Enterprise Email Security and the evolving threat landscape.
Protect your Enterprise with Nuspire's Managed Enterprise Email Security.
www.nuspire.com
2. OVERVIEW & AGENDA
With the onslaught of recent attacks, email security has
been thrust to the forefront of cyber security discussions.
Organizations both large and small struggle with
understanding the threat landscape and appropriate
actions to mitigate risks that stem from email attacks.
AGENDA
• Email security statistics
• The threat landscape
• Enterprise email concerns
• Technologies and methods to mitigate concerns
• Email security solutions for enterprise organizations
3. STATISTICS & LANDSCAPE
The spear phishing technique is, by far,
the most successful method of hacking
on the internet today, accounting
for 91% of attacks.
https://heimdalsecurity.com/blog/10-surprising-cyber-security-facts-that-may-affect-your-online-safety/
93% of all malicious emails contain
encryption ransomware.
http://www.csoonline.com/article/3077434/security/93-of-phishing-emails-are-now-ransomware.html
Unsolicited junk mail accounts for 86%
of the world’s email traffic, with about
400 billion spam messages sent each day.
https://www.bloomberg.com/news/articles/2016-01-19/e-mail-spam-goes-artisanal
112 billion business emails are sent daily.
http://www.radicati.com/wp/wp-content/uploads/2015/02/Email-Statistics-Report-2015-2019-Executive-
Summary.pdf
4. STATISTICS & LANDSCAPE
Email Message Types:
Email Message Types
Spam
Not Spam
Newsletter
Malware
Spam 84%
Not Spam 13%
Newsletter 2%
Malware 1%
WM
46%
JS
38%
HTML
10%
W32
4%
Multiple
2%
Top Malware 5 Delivery Methods
Top 5 SPAM subject lines:
Top 5 SPAM subject lines
Govt Plan to Use Obscure Loophole to Issue 'Retirement Blackout'.
Watch Everything On Cable, Netflix, Amazon, Hulu, HBO WITHOUT Fees.
End Embarrassing Nail Fungus In As Little As 10 Days.
Make Dinner Happen! Quick and Easy. $30 Off Your First Order.
Lose 10 Lbs. In Your First Month Plus An Additional $100 Off Your Order!
Top Malware Delivery Methods:
From the NuSecure Threat Labs
5. Sender Validation
Verification of the sender’s source organization/domain
Spam Protection
Decreased productivity
Increased resources & bandwidth on email servers, management, &
administration
Email address harvesting
Phishing Protection
Phishing (randomized)
Spear phishing (targeted)
Whale phishing “whaling” (targets company executives)
CBE (Compromised Business Email)
Targeted at businesses to typically perform fraudulent wire transfers
Targeted at businesses working with foreign suppliers, regularly
perform wire transfers
Typically uses spoofed email to individuals responsible for handling
wire transfers with extremely targeted content specific to the
business
Malware, Ransomware, & Zero days
Malware & virus attachments
New malware/zero days that do not match existing signatures
ENTERPRISE EMAIL CONCERNS
6. Message Link Content/Security
Hyperlinks in messages to objectionable content
Message hyperlinks to malware downloaders, zero day exploits,
or malicious websites
Message Content
Objectionable language or images
Content file/mime types (encrypted zips/executables/vba)
DLP – Data Leak Prevention
Credit card numbers
Bank account information
Social security information
Document digital watermarking/hashes
Other proprietary information
Secure Message Delivery
Ensure message has been validated as from the sender’s
organization/domain
Network Transport Encryption
Email Encryption
Confidential or sensitive information
Compliance concerns
Domain based and identity based encryption options
ENTERPRISE EMAIL CONCERNS
7. Sender Validation
Domain-based message Authentication,
Reporting, & Conformance (DMARC)
Sender Policy Framework (SPF)
Domain Keys Identified Mail (DKIM)
Sender Policy Framework (SPF)
Sender Policy Framework without the use
of DKIM
Call back verification
SMTP to validate email addresses
Use with care – multiple known issues exist and
may not always work/conform to RFCs
Bounce address tag validation
Method to verify bounced messages to forged
return addresses (Backscatter spam)
TECHNOLOGIES & METHODS TO MITIGATE CONCERNS
8. Malware, Ransomware, & Zero days
One or more anti-malware/antivirus engines for identification of known malicious attachments – but not enough on it own
Web categorization filtering engine analysis of links in message – systems can have difficulty with shortened URLs and HTML tags
A must-have component included with the above is sandboxing (Advanced Threat Protection)
File attachment & URI analysis with detailed behavioral analysis
Code emulation
Virtual runtime environment
Monitoring of system activity, exploit efforts, web traffic, subsequent downloads, and communication attempts
System should be designed to deal with advanced malware that attempts to avoid detection through VM detection & time bomb techniques
High performance is a must to ensure timely analysis & delivery of clean messages
TECHNOLOGIES & METHODS TO MITIGATE CONCERNS
9. Message Content & Included Link Content
Integrated link categorization to block
objectionable/security risk message content
(porn, malicious websites, phishing)
Ability to block/quarantine messages based
upon Regulatory Compliance terms/regex
such as SOX, GLBA, HIPAA, PCI
Ability to block/quarantine messages based
upon Corporate Content Policies such as
offensive words and file types
Have a process and procedure to respond
to detected data leaks
TECHNOLOGIES & METHODS TO MITIGATE CONCERNS
10. DLP – Data Leak Prevention
Utilize DLP technology to detect violations of your content security policy or email policies
Have a process and procedure to respond to detected data leaks such as centralized quarantine review
Pre-built identification of common sensitive data types (SOX/GLBA/HIPAA/Credit card/Bank details
File fingerprinting/hashing of files & block/quarantine review
File watermarking of files and block/quarantine delivery
Secure Message Delivery
Outbound email uses properly configured Sender Policy Framework configuration (SPF)
Outbound email uses properly configured Domain Keys Identified Message (DKIM)
Transport Layer Security (TLS) approach to protect sensitive data when sent beyond the corporate borders
TLS authentication of sender/recipient domains (trading partner-based configuration)
TLS encryption between sender/recipient domains (trading partner-based configuration & opportunistic)
Properly sign outgoing messages and use DMARC reporting
Utilize Identity Based Encryption (IBE)
Email Encryption
Transport Layer Security (TLS) – organization/domain based authentication without the complexity of traditional key management
Identity Based Encryption (IBE) – full message encryption without the complexity of traditional key management
Simplistic key management technique for end to end message encryption in transport & at rest
Content based automatic encryption of email based upon content & key words
Rule based encryption of email controlled by sender/recipient
TECHNOLOGIES & METHODS TO MITIGATE CONCERNS
13. • Founded in 1999 with 4 employees with 2 private owners
• Commerce Michigan
• To Serve the emerging trend of leveraging the public internet for data transport.
• Privately held 2 (voting) Owners HQ Commerce MI, Walled MI & Cincinnati OH
• Staff of approx. 105 full time employees operating 24/7/365
• Almost two Decades Serving the world ‘s largest and most distinctive companies
• Dedicated R&D core “NuSecure Labs” Services supported by in-house IP
• Global Monitoring and Onsite Capabilities Globally
• SOC II Certified (formerly SAS 70) | Operational SOC (tri lingual)
• Gartner Magic Quadrant –Managed Security Service Provider
• INC. Magazine’s “Fastest Growing Companies”
• Frost & Sullivan “Entrepreneurial Company of the Year 2011”
• Multiple Service & Product awards as well as Employer awards.
History
Today
Experienced
Capable
Stable
Some of our recognition:
Some Nuspire Customers
nuspire networks