intelligent phishing defense phishing defense in action 11:48 spear phishing attack launched 11:49...

Download INTELLIGENT PHISHING DEFENSE PHISHING DEFENSE IN ACTION 11:48 Spear phishing attack launched 11:49 Users

If you can't read please download the document

Post on 27-May-2020

0 views

Category:

Documents

0 download

Embed Size (px)

TRANSCRIPT

  • INTELLIGENT PHISHING DEFENSE

    Sławomir Karpiński – CONNECT DISTRIBUTION Rupert Collier - Cofense

  • “Phishing and pretexting

    represent 98% of social

    incidents and 93% of

    breaches. Email continues

    to be the most common

    vector (96%).”

    Source: 2018 Verizon DBIR

  • Executives & CISO

    Security Operations

    Security Awareness

    End Users

    PHISHING DEFENSE A COMMON OBJECTIVE

  • No matter how

    good your

    perimeter security,

    malicious emails

    still reach the

    inbox

    UNCOMFORTABLE TRUTH

  • Large Scale Attacks

    Highly Targeted Attacks

    1A 1B 1C 1D 1E 1F

    2A 2B 2C 2D 2E 2F

    Morphing Attacks

    Malware: Ransomware, Trojans, Hybrids

    Credential Phishing

    Business Email Compromise

    PHISHING THREAT LANDSCAPE

  • DEFEATING NEXT-GEN DEFENCES

    P

    P

    P

    SPF

    DKIM

    DMARC

    Organisation A Supplier B

    Next-Gen SEG, AI, ML, Threat Intel,

    Sandbox, UEBA etc

    !!

    www.organisation-a.com

  • You cannot defend

    against attacks

    you cannot see

    UNCOMFORTABLE TRUTH

  • ✓ Threats observed in the wild

    ✓ Threats observed by other organizations

    ✓ Threats that have reached the inbox

    Threats

    OUTSIDE

    the network

    Threats

    INSIDE

    the network

    VISIBILITY THROUGH TWO LENSES

  • 1 in 7 emails reported by ~2m end users to the Cofense Phishing Defense Center contain malicious content

    VISIBILITY IN ACTION

    Remember – the PDC only sees threats because users identified them

    after technology didn’t

  • 55,404

    27,501

    4,152

    Credential Harvesting Attacks

    Campaigns delivering malicious attachments – including abuse of filesharing services

    Business Email Compromise Attacks

    2018 – Cofense Phishing Defense Center

    WHAT GOT THROUGH?

  • The best security

    awareness

    program in the

    world will never

    deliver a zero click

    rate

    UNCOMFORTABLE TRUTH

  • CLICK RATE FLATTENING

    Aggregated data of >70m simulation emails sent per year by >2,000 Enterprise customers

  • Most organizations

    are unable to

    effectively respond

    to phishing attacks

    UNCOMFORTABLE TRUTH

  • ✓ Empowered & trusted as part of phishing defense

    ✓ Demonstrable evidence of contribution to improvement of security posture

    ✓ Increased user engagement in security awareness activities

    ✓ Visibility of attacks that have reached the inbox

    ✓ Shared phishing threat intelligence ✓ Disrupt active phishing attacks with

    greater speed and efficiency ✓ Security awareness activities relevant

    to real organizational threats

    ✓ Understanding of organizational risk posture

    ✓ Resources focused on biggest risks

    Executives & CISO

    Security Operations

    Security Awareness

    End Users

    Intelligent Phishing Defense

    PHISHING DEFENSE BENEFITS

  • COLLECTIVE PHISHING DEFENSE

    Benefit from shared phishing threat intelligence to identify and shut

    down phishing attacks faster.

    Leverage intelligence from:

    Global Enterprise & Industry peers

    Cofense Phishing Defense Center

    Cofense Intelligence

  • PHISHING RESPONSE CAPABILITIES

    V I S I B I L I T Y AC H I E V E D

  • CASE STUDIES

  • PHISHING DEFENSE IN ACTION

    11:48 Spear phishing attack launched

    11:49 Users begin reporting the attack to the PDC

    PDC begins analysis

    12:00 Analysis escalated following initial analysis and further reports

    Large scale attack identified

    12:07 Analysis completed.

    Customer alerted and mitigation actions implemented

    Attack disrupted

    Customer Industry: Healthcare

    Location: US Headquartered

    Number of Employees >70,000

    Employees of a healthcare company were going about their day. The usual mundane emails piled up in their inboxes. So when they received a message from their CEO, employees paid attention. It wasn’t the typical meeting invite or question from a colleague. The email asked them to read and agree to a company policy. Simple. Just click on a link, which took them to a login page—from there, they’d enter their credentials and go to the policy page. But the sender wasn’t the CEO. He was a talented fraudster. The attacker aimed to harvest passwords, gain file system access, and reroute electronic payroll deposits. And he almost succeeded. Perimeter defenses did not stop this attack. Despite layered security controls, and mature and ongoing awareness activities, users still took the bait, clicked the link and gave up their credentials. The attack was mitigated because users were conditioned to recognise and report the attack, which provided visibility to security teams who were able to respond.

    THE NET RESULT Despite layers of perimeter controls, a large-scale targeted attack spoofing the organization’s CEO made it to thousands of user inboxes, and many users gave up their credentials. Well conditioned users identified the attack, and reported it to the Cofense Phishing Defense Center who were able to rapidly provide actionable intelligence to enable security teams to disrupt the attack in 19 minutes.

    STOPPING A LARGE SCALE TARGETED ATTACK IN 19 MINUTES WITH COFENSE PHISHING DEFENSE CENTER

  • PRODUCTS

  • Cofense PhishMe

    ✓ Ongoing conditioning of users to recognize suspicious emails through ongoing intelligence-driven phishing simulation

    ✓ Drive reporting culture to get visibility of threats that have made it to the inbox

    ✓ Keep the risks of phishing front and center in users’ minds

    ENABLING BEST PRACTICE

  • Cofense Reporter

    ✓ Provide simple quick-click method for users to report suspicious emails across desktop, web and mobile clients

    ✓ Promote high reporting engagement and augment phishing awareness activities by delivering feedback to users during simulations

    ✓ Enable enhanced metrics for phishing awareness program effectiveness

    ✓ Consistent format of reported emails preserving all information required for effective analysis, and reported simulations supressed avoiding distractions to the SOC

    ENABLING BEST PRACTICE

  • Cofense Triage

    ✓ Speed and efficiency in phishing incident response

    ✓ Understand and process threat campaigns through clustering

    ✓ Create Playbooks to automate incident response actions

    ✓ Quickly identify and quantify risk – leverage reporter reputation and status to identify zero-day threats

    ✓ Maintain high reporting engagement through automated user feedback on what they reported, every time they report

    ENABLING BEST PRACTICE

  • Cofense Vision

    ✓ Quickly identify all recipients of complex phishing attacks

    ✓ Single click quarantine to remove threat from all mailboxes

    ✓ Proactively hunt for unreported threats

    ✓ Transparent audit and governance of mitigation actions

    ENABLING BEST PRACTICE

  • Cofense Intelligence

    ✓ Provide human-vetted phishing threat intelligence to drive and underpin phishing awareness and defence activities

    ✓ Machine readable IOCs inform decisions on what to block

    ✓ Rapid and accurate identification of malicious content

    ✓ Insight into emerging TTPs to help shape investment decisions for ongoing defense

    ENABLING BEST PRACTICE

  • Cofense Managed Outcomes

    ✓ Fully Managed Services: phishing simulations and analysis

    ✓ Highly trained anti-phishing Specialists

    ✓ Experienced malware analysts utilizing best-of-breed Threat Analysis Tooling

    ✓ Static & Dynamic Threat Analysis with a Global Perspective

    ✓ Customized scenario strategy: condition users to recognize

    current threats

    • Increased Phishing Resiliency

    • Actionable Threat Intelligence

    • Real-Time Threat Sharing

    ENABLING BEST PRACTICE

  • Sławomir Karpiński – CONNECT DISTRIBUTION Rupert Collier - Cofense

    CONNECT DISTRIBUTION Sp. z o.o. sales@connectdistribution.pl

    www.connectdistribution.pl +48 22 400 1234

    mailto:sales@connectdistribution.pl http://www.connectdistribution.pl/

Recommended

View more >