INTELLIGENT PHISHING DEFENSE

Sławomir Karpiński – CONNECT DISTRIBUTIONRupert Collier - Cofense

“Phishing and pretexting

represent 98% of social

incidents and 93% of

breaches. Email continues

to be the most common

vector (96%).”

Source: 2018 Verizon DBIR

Executives& CISO

SecurityOperations

SecurityAwareness

EndUsers

PHISHING DEFENSE A COMMON OBJECTIVE

No matter how

good your

perimeter security,

malicious emails

still reach the

inbox

UNCOMFORTABLE TRUTH

Large Scale Attacks

Highly Targeted Attacks

1A 1B 1C 1D 1E 1F

2A 2B 2C 2D 2E 2F

Morphing Attacks

Malware:Ransomware,Trojans, Hybrids

CredentialPhishing

Business EmailCompromise

PHISHING THREAT LANDSCAPE

DEFEATING NEXT-GEN DEFENCES

P

P

P

SPF

DKIM

DMARC

Organisation A Supplier B

Next-Gen SEG, AI, ML, Threat Intel,

Sandbox, UEBA etc

!!

www.organisation-a.com

You cannot defend

against attacks

you cannot see

UNCOMFORTABLE TRUTH

✓ Threats observed in the wild

✓ Threats observed by other organizations

✓ Threats that have reached the inbox

Threats

OUTSIDE

the network

Threats

INSIDE

the network

VISIBILITY THROUGH TWO LENSES

1 in 7emails reported by ~2m end users to the Cofense Phishing Defense Centercontain malicious content

VISIBILITY IN ACTION

Remember – the PDC only sees threats because users identified them

after technology didn’t

55,404

27,501

4,152

Credential HarvestingAttacks

Campaigns delivering malicious attachments – including abuse of filesharing services

Business EmailCompromise Attacks

2018 – Cofense Phishing Defense Center

WHAT GOT THROUGH?

The best security

awareness

program in the

world will never

deliver a zero click

rate

UNCOMFORTABLE TRUTH

CLICK RATE FLATTENING

Aggregated data of >70m simulation emails sent per year by >2,000 Enterprise customers

Most organizations

are unable to

effectively respond

to phishing attacks

UNCOMFORTABLE TRUTH

✓ Empowered & trusted as part of phishing defense

✓ Demonstrable evidence of contribution to improvement of security posture

✓ Increased user engagement in security awareness activities

✓ Visibility of attacks that have reached the inbox

✓ Shared phishing threat intelligence✓ Disrupt active phishing attacks with

greater speed and efficiency✓ Security awareness activities relevant

to real organizational threats

✓ Understanding of organizational risk posture

✓ Resources focused on biggest risks

Executives& CISO

SecurityOperations

SecurityAwareness

EndUsers

IntelligentPhishing Defense

PHISHING DEFENSE BENEFITS

COLLECTIVE PHISHING DEFENSE

Benefit from shared phishing threat intelligence to identify and shut

down phishing attacks faster.

Leverage intelligence from:

Global Enterprise & Industry peers

Cofense Phishing Defense Center

Cofense Intelligence

PHISHING RESPONSE CAPABILITIES

V I S I B I L I T Y AC H I E V E D

CASE STUDIES

PHISHING DEFENSE IN ACTION

11:48 Spear phishing attack launched

11:49 Users begin reporting the attack to the PDC

PDC begins analysis

12:00 Analysis escalated following initial analysis and further reports

Large scale attack identified

12:07 Analysis completed.

Customer alerted and mitigation actions implemented

Attack disrupted

Customer Industry: Healthcare

Location: US Headquartered

Number of Employees >70,000

Employees of a healthcare company were going about their day. The usual mundane emails piled up in their inboxes. So when they received a message from their CEO, employees paid attention. It wasn’t the typical meeting invite or question from a colleague.The email asked them to read and agree to a company policy. Simple. Just click on a link, which took them to a login page—from there, they’d enter their credentials and go to the policy page.But the sender wasn’t the CEO. He was a talented fraudster. The attacker aimed to harvest passwords, gain file system access, and reroute electronic payroll deposits. And he almost succeeded. Perimeter defenses did not stop this attack. Despite layered security controls, and mature and ongoing awareness activities, users still took the bait, clicked the link and gave up their credentials. The attack was mitigated because users were conditioned to recognise and report the attack, which provided visibility to security teams who were able to respond.

THE NET RESULTDespite layers of perimeter controls, a large-scale targeted attack spoofing the organization’s CEO made it to thousands of user inboxes, and many users gave up their credentials.Well conditioned users identified the attack, and reported it to the CofensePhishing Defense Center who were able to rapidly provide actionable intelligence to enable security teams to disrupt the attack in 19 minutes.

STOPPING A LARGE SCALE TARGETED ATTACK IN 19 MINUTES WITH COFENSE PHISHING DEFENSE CENTER

PRODUCTS

Cofense PhishMe

✓ Ongoing conditioning of users to recognize suspicious emails through ongoing intelligence-driven phishing simulation

✓ Drive reporting culture to get visibility of threats that have made it to the inbox

✓ Keep the risks of phishing front and center in users’ minds

ENABLING BEST PRACTICE

Cofense Reporter

✓ Provide simple quick-click method for users to report suspicious emails across desktop, web and mobile clients

✓ Promote high reporting engagement and augment phishing awareness activities by delivering feedback to users during simulations

✓ Enable enhanced metrics for phishing awareness program effectiveness

✓ Consistent format of reported emails preserving all information required for effective analysis, and reported simulations supressed avoiding distractions to the SOC

ENABLING BEST PRACTICE

Cofense Triage

✓ Speed and efficiency in phishing incident response

✓ Understand and process threat campaigns through clustering

✓ Create Playbooks to automate incident response actions

✓ Quickly identify and quantify risk – leverage reporter reputation and status to identify zero-day threats

✓ Maintain high reporting engagement through automated user feedback on what they reported, every time they report

ENABLING BEST PRACTICE

Cofense Vision

✓ Quickly identify all recipients of complex phishing attacks

✓ Single click quarantine to remove threat from all mailboxes

✓ Proactively hunt for unreported threats

✓ Transparent audit and governance of mitigation actions

ENABLING BEST PRACTICE

Cofense Intelligence

✓ Provide human-vetted phishing threat intelligence to drive and underpin phishing awareness and defence activities

✓ Machine readable IOCs inform decisions on what to block

✓ Rapid and accurate identification of malicious content

✓ Insight into emerging TTPs to help shape investment decisions for ongoing defense

ENABLING BEST PRACTICE

Cofense Managed Outcomes

✓ Fully Managed Services: phishing simulations and analysis

✓ Highly trained anti-phishing Specialists

✓ Experienced malware analysts utilizing best-of-breed Threat

Analysis Tooling

✓ Static & Dynamic Threat Analysis with a Global Perspective

✓ Customized scenario strategy: condition users to recognize

current threats

• Increased Phishing Resiliency

• Actionable Threat Intelligence

• Real-Time Threat Sharing

ENABLING BEST PRACTICE

Sławomir Karpiński – CONNECT DISTRIBUTIONRupert Collier - Cofense

CONNECT DISTRIBUTION Sp. z o.o.sales@connectdistribution.pl

www.connectdistribution.pl+48 22 400 1234