phishing, impersonation, and malware · cds2018-solns-s6-email security – phishing,...
TRANSCRIPT
OCTOBER 1 – 4, 2018 | WASHINGTON, D.C.
Phishing, Impersonation, and MalwareDefending Email Against Today’s Advanced Threats
DISCLOSUREAny future offering, feature, or related specification that may be referenced in this presentation is for information purposes only, is not a commitment to deliver any offering, technology, functionality or enhancement, and should not be relied on in making purchasing decisions. We reserve the right to modify future product and service plans at any time.
©2018 FireEye
Agenda
3
Email Threat Landscape
FireEye Email Security Progression
Demos• Cloud Edition • FireProof – Email Threat Analysis
Customer Reference
©2018 FireEye
Evolving Email Threat Trends
Phishing Sites
Shift to URLs over malware90% blocked attacks were
malware-less1
Go live after passing email security
Spear Phishing
Continued sophistication of
social engineering
ImpersonationSender spoofed attacks
such as CEO fraud17% of all blocked attacks
utilized impersonation tactics1
Malware-less emails may lead to malware1 Source: Internal data January - June 2018
4
©2018 FireEye
Malware-Less versus Malware Attacks
Source: Internal data January - June 2018
5
JANUARY FEBRUARY MARCH APRIL MAY JUNE
MALWARE MALWARE-LESS
of attacks blocked were malware-less90%
▷ Impersonation ▷ CEO fraud ▷ Whaling
▷ Spear phishing ▷ W2 fraud
of attacks blocked contained malware10%
▷ Viruses ▷ Ransomware ▷ Worms
▷ Spyware ▷ Trojan horses
©2018 FireEye
Customer Email Security Pain Points
URLs
Multi-StageImpersonation or Imposter
Attachments
6
©2018 FireEye
Impersonation Detectionaka Business Email Compromise threats
Techniques Used to Stop Evolving Inline Attacks
Newly Existing Domains
Looks-Like & Sounds-Like Domains
Reply-to-Address & Message Header Analysis
Friendly Display Name & Username Matching
CEO Fraud Algorithms
8
©2018 FireEye
9
Impersonation Detections Are Growing
©2018 FireEye
On the Roadmap – Outbound Detection
§ Scan outgoing email
– Filter spam and viruses (AVAS)– Detect advanced threats– Apply Smart Rules
§ Detect compromised email accounts
– Prevent domain blacklisting
§ Detect advanced threats
– Stop threats coming from network via outgoing email
§ Strengthen inbound filtering
Internet
FireEye Email Security Service
Cloud Email Service/O365
Inbound detection Outbound detection
10
©2018 FireEye
Increased Detections Over Time
Advanced URL Defense v3.0 Release(May 2017)
PhishVision & Skyfeed v3.6 Release(Feb 2018)
11
©2018 FireEye
ThreadKit Exploit Campaign
FireEye Threat Intelligence
identified large volumes
of phishing emails
FireEye threat researchers
analyzed and tested
ThreadKIt
Reported to FireEye Labs
FireEye Email Security
detections in place
12
1
23
4
©2018 FireEye
One Source CommunicationsCustomer and Partner Reference
§ Full solution suite including FireEye Email Security and FireEye Helix
§ Increased malware-less threat detection and blocking
– URL rewrites provide better visibility into environment
– Retroactive URL alerts
– Reduced reliance on end user making a choice
§ MSSP with 800 clients – value Cloud Edition portal enhancements
– Create complex policies for message analysis and for multiple domains
§ O365 migrations – won’t implement w/out email security solution
– More is better – MS ATP and other solutions aren’t good enough
– FireEye Threat Intelligence & Email Security – unmatched for stopping evolving threats
13
©2018 FireEye
1
2
3
Cloud Edition Demo
Dashboard
Advanced Threats
Smart Rules (Advanced Custom Rules)
15
FireProof
©2018 FireEye
FireProof - Email Threat Analysis
20
Research shows FireEye Email Security deployed behind Microsoft O365 with ATP can improve email threat detection by at least 25%.
Enhance your Office O365 email protection with an easy to set up process that analyzes your delivered email and surfaces threats undetected by your current email security solutions.
Receive a summary and discuss the detailed findings with FireEye’s Office 365 experts.
1
2
3
Stop by the Solution Expo to participate and request your analysis today.4
©2018 FireEye
Email Threat Analysis (Overview)
§ Set up
– Specify delivered email timeframe– Select email count – Designate mailboxes (optional)
§ Authorize Office 365 access – admin credentials needed
§ Receive status emails
§ Get analysis summary
§ Request detailed report discussion with SE
21
©2018 FireEye
Setting up Evaluation (Customer)
22
§ Press “Accept”
©2018 FireEye
Tracking Progress (Customer)
23
§ When the process is completed, the customer receives an email update.
©2018 FireEye
Tracking Progress (Sales and Customer)
24
§ After the Evaluation has been completed, the report is sent to the Sales team in a PDF file.
§ FireEye SE follows up and goes over report.
©2018 FireEye
Recap
§ Continue investment and innovation to protect users against email threats
§ Our focus
– Be the best at detecting advanced threats, including phishing and impersonation
– Position as a leader in the Secure Email Gateway market§ Visit the CDS Solutions Expo
– Request a FireProof evaluation. Discover enhanced Office 365 email protection.– Questions? … ask our email security experts
§ Contact your account manager to organize a roadmap session
25
Thank You