T R U S T E D PAT H F I N D E R S F O R Y O U R U N I Q U E D I G I TA L T R A N S F O R M AT I O N J O U R N E Y

A u g u s t 2 2 , 2 0 1 8

© 2018 Candoris

Attacks are changing with the times:

90% of sophisticated attacks target people, largely via email

Threats use social engineering, not vulnerabilities

BEC/imposter email fraud has become a board-level issue:

$3.1B in direct losses since January 2015, up 1,300% year over year

22,143 organizations victimized in the US alone

Industry is not aligned with the threats

Why are we talking about Email Security?

© 2018 Candoris

62% -> Reply-To Spoofing• Header From: “Joe User” Joe@trusted.com• Header To: Bob@trusted.com • Header Reply To: hacker@badguy.com 37.1% -> Display Name Spoofing• Header From: “Joe User” hacker@badguy.com • Header To: Bob@trusted.com 0.8% -> Lookalike Domain• Header From: “Joe User” sender@tru5ted.com • Header To: Bob@trusted.com <0.1% -> Business Partner Spoofing• Header From: “Trusted Vendor” sender@vendor.com • Header To: Bob@trusted.com

What are the BEC tactics in use?

© 2018 Candoris

BEC concerns are bi-directionalInbound Outbound

© 2018 Candoris

•Sender Polify Framework (SPF)

•DomainKeys Identified Mail (DKIM)

•Domain-based Message Authentication, Reporting & Conformance (DMARC)

Industry-Standard Email Authentication Protocols

•Policy

•Classification

•Authentication

•Advanced Data Loss Prevention (DLP)

Advanced Email Security Solutions

•Bite-sized lessons

•Provide feedback

•Learn by doing

•Create teachable moments

End-User Training/Education

© 2018 Candoris

Email Authentication Protocols OverviewWhiteboard Session

© 2018 Candoris

•Sender Polify Framework (SPF)

•DomainKeys Identified Mail (DKIM)

•Domain-based Message Authentication, Reporting & Conformance (DMARC)

Industry-Standard Email Authentication Protocols

•Policy

•Classification

•Authentication

•Advanced Data Loss Prevention (DLP)

Advanced Email Security Solutions

•Bite-sized lessons

•Provide feedback

•Learn by doing

•Create teachable moments

End-User Training/Education

© 2018 Candoris

DIGITAL RISK LEADERSEG MQ LEADER

Proofpoint Overview

Top 5 public

cybersecurity and

compliance

company

(NASDAQ: PFPT)*

Complete suite of

solutions to

protect the way

people work from

security,

compliance, and

digital risks

Deep expertise in

enterprise class

solutions for

every aspect of

email, the #1

threat vector

Dedicated to

leading in

effectiveness

against the

changing threat

landscape

SILICON VALLEY HQ ARCHIVE MQ LEADER

* by market cap

GLOBAL PRESENCE

© 2018 Candoris

9

© 2018 Candoris

10

© 2018 Candoris

© 2018 Candoris

•Sender Polify Framework (SPF)

•DomainKeys Identified Mail (DKIM)

•Domain-based Message Authentication, Reporting & Conformance (DMARC)

Industry-Standard Email Authentication Protocols

•Policy

•Classification

•Authentication

•Advanced Data Loss Prevention (DLP)

Advanced Email Security Solutions

•Bite-sized lessons

•Provide feedback

•Learn by doing

•Create teachable moments

End-User Training/Education

13

14

15

16

Mike Shellenberger

End User Computing, Solution Architect

Candoris Technologies

(717) 256-3485

mshellenberger@candoris.com

Thank you for

attending!