Protecting Against Account Takeover Based Attacks
|
|
- Russell Morton
- 5 years ago
- Views:
Transcription
1 Protecting Against Account Takeover Based Attacks Executive Summary The onslaught of targeted attacks such as Business Compromise, spear phishing, and ransomware continue uninterrupted, costing organizations of all types and sizes billions of real dollars lost 1. Cybercriminals know that employees are the weak link in an organization and need only to convince these targets that they are someone who should be trusted to achieve success. In terms of methods used to deceive employees, spoofing and display name deception have been the go-to techniques. However, Security leaders charged with reducing this risk need to factor in yet another form of -based identity deception tactic. According to recent Agari research, there has been a 126% increase of targeted attacks that exploits Account Takeovers (ATO). Prior to 2017, concerns over ATO-based attacks were virtually non-existent. However, in early 2017, the Google Docs ATO Worm Attack 2 brought a spotlight to the problem when it struck over a million users in only a few hours. Most recently, a new Osterman Survey 3 found that 44% of organizations were victims of targeted attacks launched via a compromised account in the past 12 months. As these attacks continue to rise, organizations should be evaluating whether their existing security controls can analyze, detect, and block ATO-based attacks. This report discussed a typical ATO-based attack flow, why they are effective, and why organizations should be placing a high priority on stopping these attacks in 2018 and beyond. Finally, the paper will introduce the latest Agari Enterprise Protect release and explain how its core Agari Identity Intelligence TM technology has been enhanced to stop ATO-based attacks. 126 % Percentage Increase in # of Attacks WHAT DOES A TYPICAL ATO-BASED ATTACK LOOK LIKE? An Account Takeover (ATO)-based attack is the process of gaining unauthorized access to a trusted account, and using this compromise to launch subsequent attacks for financial gain or to execute a data breach. Since ATO-based attacks originate from accounts of trusted senders, traditional security controls cannot detect such attacks. Moreover, given the pre-existing trust relationships, launching a targeted attack such as a Business Compromise from such an account, increases the likelihood that the attack will succeed. Account Takeover-based attacks rely on leveraging a compromised account or endpoint as a launchpad for a targeted attack such as Business Compromise. To achieve this goal, cybercriminals follow the below process: 1
2 Step 1: Gain Account Access The attacker attempts to gain access to a user account by launching a spear phishing or malware based attack. Alternatively, with the proliferation of data breaches, he may simply purchase account credentials from the dark web at a reasonable price: Step 2: Establish Account Control The attacker establishes persistent control of the account without alerting the victim or any security personnel. For example, the attacker may implement the following: 1. Create audit rules to delete his own malicious activity. Step 3: Conduct Internal Reconnaissance The attacker conducts internal reconnaissance to determine how the compromised account can be exploited. For example, the attacker may use a set of manual or automated scripts, to determine the following: Does the compromised account or user credentials give direct access to monetizable data, either locally or on other systems? Can the victim s contacts be exploited to achieve the final mission of financial fraud or data exfiltration? Can the victim s contacts be exploited to compromise other high value accounts? Additionally the attacker may lay dormant, observing communication between the original account owner and their contacts with plans to eventually hijack the conversation. 2. Set up forwarders to silently monitor user communication. 3. Augment password change processes to maintain password control. The longer the attacker controls the account, the more information can be gathered, and higher degree of mission success. Step 4: ATO-based Attack If the attacker determines that assets can be retrieved directly from the account he will immediately move to Step 5. Else, the attacker will launch a targeted attack against the contact list of the controlled account. The type of targeted attack will be dependent on the previous reconnaissance and could consist of a Business Compromise to extract funds or a spear phishing campaign to gain a deeper foothold into the organization. Step 5: Complete Mission Depending on the targeted attack, the attacker will move to exfiltrate the sensitive information or funds, or repeat the ATO process if user accounts credentials were requested. 2
3 WHY ARE ATO-BASED ATTACKS SO EFFECTIVE? Based on internal research, Agari has seen a 126% increase month-over-month in early 2018 alone. The data was observed from Agari Enterprise Protect, an advanced threat solution that filters traffic after it has been scanned by a Secure Gateway (SEG). As part of the analysis Agari analyzed over 1400 messages considered untrusted, over a two month period. The reasons are due to 2 distinct adversary advantages: 1. Legitimate or established accounts do not need to leverage impersonation techniques such as domain spoofing or display name deception to bypass security controls. 2. Previously established trust relationships between the original user and their contact, makes targeting and convincing the contact to give up sensitive data or release funds, a significantly easier task. However, not all ATO-based attacks are the same and the effectiveness will depend on the type of compromised account used in the attack. According to the same research Agari determined that there are 4 account types used in ATO-based attacks. Stranger - attacks using any legitimate account of individuals unknown to the recipient (strangers) to boost reputation and leverage trusted infrastructure. Employee webmail - attacks using personal employee webmail accounts (e.g. Gmail, Yahoo, Hotmail) accounts of individuals known to the recipient to exploit trust. Trusted third parties - attacks using supply chain vendor accounts of individuals known to the recipient to launch spear phishing campaigns. Insider business accounts - attacks that use employee corporate accounts of individuals known to the recipient to execute BEC or invoice scams. Additionally, based on customer feedback attacks launched from a known employee webmail or insider business account had the highest chance of success. The good news is that the large majority of today s attacks are still only using stranger to launch attacks. 3
4 Note: No Insider business account-based attacks were observed during the observation timeframe As attackers become more adept at identifying and compromising specific employees to target their own organizations, the effectiveness of ATO-based attacks and real dollars lost associated with these attack will be sure to rise. HOW CAN I PROTECT MY ORGANIZATION AGAINST THESE ATTACKS? ATO-based attack protection should be added to the security layer and integrate machine learning models to detect attacks originating from all 4 compromised account types. Consider the following example: Fig 2. Describes an example ATO-based attack. 4
5 At first glance, the does not look malicious. In fact, the originates from an account of a real user, the recipient is a known contact, the subject matter in the communication is relevant, and the communication between Todd and Steve is expected. There is no way Steve could know that this is from a cybercriminal using Todd s compromised account. Additionally traditional security controls predicated on first detecting occurence of bad behavior cannot detect such attacks: after all, this originates from a legitimate user account of trusted senders. To detect this attack a next generation solution integrating Machine Learning models to analyze three key elements of an communication: Identity, Behavior, and Trust must be considered. Imagine a solution that can integrate the following: 1. Identity Mapping: This process would help determine a perceived identity of the sender. In the simplest view, the process could use the following identity markers to map the message to a previously-established identity or organization. Identity Markers Likelihood of Identity Class: Finance Executive Todd Koslowsky Fig 3. Based on the mapping, the perceived identity is derived as Todd Koslowsky, CFO of ZYX Inc. ZYX Employee 2. Behavioral Analytics: Given the perceived identity, the message could then be evaluated for anomalies relative to the expected sender behavior. Feature classes associated with the behavior could include but not be limited to the following: Tracking the consistencvy, timing, and volume of messages sent by this identity Tracking all addresses and 3rd party services associated with this identity Tracking how long this identity has been in existence and sending Tracking the types of artifacts or subject matter commonly sent 5
6 KIT Referring back to the example, a simple analysis of one factor would be to determine whether the timeframe that the was sent is typical of the normal user behavior. Note that the was sent at 3:00 AM in the morning, Todd Koslowsky never sends at that time and could be an ATO indicator. 3. Trust Modeling: Finally, to further ensure accuracy as the identity of the sender is confirmed and behaviors relative to that identity tracked, the next phase would be to determine whether the communication from the sender is expected by the recipient. This modeling is a critical component to determining whether the recipient would actually open and take the requested action within the message. Sources of this modeling could include: Previous traffic seen between identities Frequencies of interactions and responsiveness Historical organization-specific communications Below is an example of the mapping between Todd s communication relative to Steve and all other organizations. AGARIDATA.ATLASSIAN.NET GOOGLE.COM AGARIDATA.ATLASSIAN.NET GOOGLE.COM SYMANTEC.COM EBAY.COM EBAY.COM SYMANTEC.COM ORACL .COM BOWMAN STEVE HENRY BEST TIFFANY WATERS HUCKABEE JANE KRISTEN TESTA TODD KOSLOWSKY ZOOM.US SCOTT PARK MARY THOMAS ZOOM.US ORACL .COM MIKE SANDLER BETH AMES JANE SONG TAMMY MILLS EMILY BARRY ED FISH SANDRA GREY SHAWN GREEN RANDY HOLMES JACK HARMON PAGERDUTY.COM PETE HONG PRINCE AUGUST LI HEATHER HOTMAIL.COM PAGERDUTY.COM LEE ALEX BROWN MARY REINGOLD HOTMAIL.COM SALESFORCE.COM MICROSOFT.COM MICROSOFT.COM SALESFORCE.COM DOCUSIGN.NET GMAIL.COM DOCUSIGN.NET GMAIL.COM Adding the dimension of Trust, the analysis could be further expanded. For example, based on historical communication, Todd and Steve s communication is expected but the significant delays in Todd s responses are not. Given Todd sent the at 3:00 AM where the last communication was at 2:00 PM in the previous day, could indicate that an attacker is attempting to hijack the conversation. Taking these inputs from each dimension, a final score could determine whether the attack is indeed an ATO and allow organizations to enforce policies to block this attack before it makes it into the end-user s inbox. 6
7 A NEW APPROACH: AGARI ENTERPRISE PROTECT Agari Enterprise Protect leverages Agari Identity Intelligence TM ), an advanced artificial intelligence and machine learning system that ingests data telemetry from more than two trillion s per year to model senders and recipients identity characteristics, behavioral norms, and personal, organizational, and industry-level relationships. Agari has integrated updates to its core Agari Identity Intelligence machine learning algorithms to model ATO-based behavior. When a message is received it is subjected to the following phases of analysis and scoring: 1. Identity Mapping Determines the perceived identity of the sender, mapping the sender to a previously-established sender/organization or a broader classification. 2. Behavioral Analytics Given the derived identity, the message is evaluated for anomalies relative to the expected sender behavior such as whether the sender has ever interacted with the recipient, whether the content or structure of the message sent by the sender is expected, or whether the frequency and timing of when the message sent is normal. Any anomalies are obviously perceived to be suspicious. 3. Trust Modeling Finally the final phase determines if communication from the sender is expected by the recipient. The closer the relationship, the less tolerance for anomalous behavior because of the greater impact of the attack. Ultimately the system models interaction - how often the sender/recipient interact or if the responsiveness and timing of responsiveness between the two are normal. 4. Identity Intelligence Scoring The final Identity Intelligence Score of a message is a combination of the features and indicators of the 3 phases that determines whether the attack is indeed originating from a Account Takeover-based compromised account. To support this modeling, Agari has leveraged the elasticity enabled by its cloud-native architecture to drive over 300 million daily model updates, allowing the system to maintain a real-time understanding of this type of behavioral pattern. Agari Enterprise Protect is the first to model the four types of account takeover behavior: stranger , employee webmail, trusted third, and insider business accounts. How Agari Enterprise Works Agari Enterprise Protect deploys as a lightweight sensor either on-premises or in the cloud to integrate with the existing Secure Gateway (SEG). Working as the last line of defense, Agari EP receives all messages considered clean by the SEG and analyzes the messages for the existence of ATO threat signals. Upon confirmation that the message is a malicious ATO , security operations teams can configure policies to immediately block or quarantine the message. Finally, forensic information can also be extracted via alerts or API for further incident investigations including assisting in recovering or taking down the compromised account. 7
8 CONCLUSION The right strategy to protect against Account Takeover-based attacks is at the gateway and existing security solutions should be evaluated to meet the following: 1. Ability to enforce policies to prevent targeted and scattershot phishing attempts intending to steal credentials or compromise the endpoint. 2. Ability to enforce policies to prevent targeted attacks launched via a compromised user account, e.g., spear phishing, BEC, or ransomware. 3. Provide forensic intelligence that exposes the compromised account details to help security teams return these accounts to their rightful owners. Given the effectiveness of Account Takeover based attacks and the lack of protections, attackers will be highly motivated to increase their attack rate in the coming year. Organizations must place a higher priority and re-evaluate whether their existing controls can protect against this attack category or risk becoming the next victim. 1. Internet Crimes Report 2016: 2. Agari BEC Attack Report: 3. Google Docs Attack: 4. Osterman Research Report - Protecting Against Phishing, Resomeware, & BEC Attacks: 5. Osterman Research Report - Protecting Against Phishing, Resomeware, & BEC Attacks: 8
WHITEPAPER. Protecting Against Account Takeover Based Attacks
WHITEPAPER Protecting Against Account Takeover Based Email Attacks Executive Summary The onslaught of targeted email attacks such as business email compromise, spear phishing, and ransomware continues
More informationProtecting Against Modern Attacks. Protection Against Modern Attack Vectors
Protecting Against Modern Attacks Protection Against Modern Attack Vectors CYBER SECURITY IS A CEO ISSUE. - M C K I N S E Y $4.0M 81% >300K 87% is the average cost of a data breach per incident. of breaches
More informationPhishing in the Age of SaaS
Phishing in the Age of SaaS AN ESSENTIAL GUIDE FOR BUSINESSES AND USERS The Cloud Security Platform Q3 2017 intro Phishing attacks have become the primary hacking method used against organizations. In
More informationMachine-Powered Learning for People-Centered Security
White paper Machine-Powered Learning for People-Centered Security Protecting Email with the Proofpoint Stateful Composite Scoring Service www.proofpoint.com INTRODUCTION: OUTGUNNED AND OVERWHELMED Today
More informationHow to Conquer Targeted Threats: SANS Review of Agari Enterprise Protect
How to Conquer Targeted Email Threats: SANS Review of Agari Enterprise Protect A SANS Product Review Written by Dave Shackleford May 2017 Sponsored by Agari 2017 SANS Institute Introduction: Email Is a
More information10 KEY WAYS THE FINANCIAL SERVICES INDUSTRY CAN COMBAT CYBER THREATS
10 KEY WAYS THE FINANCIAL SERVICES INDUSTRY CAN COMBAT CYBER THREATS WHITE PAPER INTRODUCTION BANKS ARE A COMMON TARGET FOR CYBER CRIMINALS AND OVER THE LAST YEAR, FIREEYE HAS BEEN HELPING CUSTOMERS RESPOND
More informationEvolution of Spear Phishing. White Paper
Evolution of Spear Phishing White Paper Executive Summary Phishing is a well-known security threat, but few people understand the difference between phishing and spear phishing. Spear phishing is the latest
More informationBuilding Resilience in a Digital Enterprise
Building Resilience in a Digital Enterprise Top five steps to help reduce the risk of advanced targeted attacks To be successful in business today, an enterprise must operate securely in the cyberdomain.
More informationEBOOK. Stopping Fraud. How Proofpoint Helps Protect Your Organization from Impostors, Phishers and Other Non-Malware Threats.
EBOOK Stopping Email Fraud How Proofpoint Helps Protect Your Organization from Impostors, Phishers and Other Non-Malware Threats www.proofpoint.com EBOOK Stopping Email Fraud 2 Today s email attacks have
More informationWhat can we lose not implementing proper security in our IT environment? Aleksandar Pavlovic Security Account Manager Cisco
What can we lose not implementing proper security in our IT environment? Aleksandar Pavlovic Security Account Manager Cisco Increasing Digital Traffic Creates a Greater Attack Surface Global IP Traffic
More informationAutomated Context and Incident Response
Technical Brief Automated Context and Incident Response www.proofpoint.com Incident response requires situational awareness of the target, his or her environment, and the attacker. However, security alerts
More informationCloudSOC and Security.cloud for Microsoft Office 365
Solution Brief CloudSOC and Email Security.cloud for Microsoft Office 365 DID YOU KNOW? Email is the #1 delivery mechanism for malware. 1 Over 40% of compliance related data in Office 365 is overexposed
More informationCyberArk Privileged Threat Analytics
CyberArk Privileged Threat Analytics Table of Contents The New Security Battleground: Inside Your Network 3 Privileged account security 3 Collect the right data 4 Detect critical threats 5 Alert on critical
More informationTABLE OF CONTENTS Introduction: IS A TOP THREAT VECTOR... 3 THE PROBLEM: ATTACKS ARE EVOLVING FASTER THAN DEFENSES...
The Guide TABLE OF CONTENTS Introduction: EMAIL IS A TOP THREAT VECTOR... 3 THE PROBLEM: ATTACKS ARE EVOLVING FASTER THAN EMAIL DEFENSES... 4 Today s Top Email Fraud Tactics...5 Advanced Malware...8 Outbound
More informationPrivileged Account Security: A Balanced Approach to Securing Unix Environments
Privileged Account Security: A Balanced Approach to Securing Unix Environments Table of Contents Introduction 3 Every User is a Privileged User 3 Privileged Account Security: A Balanced Approach 3 Privileged
More informationSecurity & Phishing
Email Security & Phishing Best Practices In Cybersecurity Presenters Bill Shieh Guest Speaker Staff Engineer Information Security Ellie Mae Supervisory Special Agent Cyber Crime FBI 2 What Is Phishing?
More informationOffice 365 Buyers Guide: Best Practices for Securing Office 365
Office 365 Buyers Guide: Best Practices for Securing Office 365 Microsoft Office 365 has become the standard productivity platform for the majority of organizations, large and small, around the world.
More informationThe 2017 State of Endpoint Security Risk
The 2017 State of Endpoint Security Risk Attacks are evolving. As a result, today s organizations are struggling to secure their endpoints, and paying a steep cost for each successful attack. To discover
More informationSecurity and Compliance for Office 365
Security and Compliance for Office 365 [Proofpoint has] given us our time back to focus on the really evil stuff. CISO, Global 500 Manufacturer Like millions of businesses around the world, you may be
More informationRSA INCIDENT RESPONSE SERVICES
RSA INCIDENT RESPONSE SERVICES Enabling early detection and rapid response EXECUTIVE SUMMARY Technical forensic analysis services RSA Incident Response services are for organizations that need rapid access
More informationAKAMAI CLOUD SECURITY SOLUTIONS
AKAMAI CLOUD SECURITY SOLUTIONS Whether you sell to customers over the web, operate data centers around the world or in the cloud, or support employees on the road, you rely on the Internet to keep your
More informationRSA NetWitness Suite Respond in Minutes, Not Months
RSA NetWitness Suite Respond in Minutes, Not Months Overview One can hardly pick up a newspaper or turn on the news without hearing about the latest security breaches. The Verizon 2015 Data Breach Investigations
More informationAdvanced Malware Protection: A Buyer s Guide
Advanced Malware Protection: A Buyer s Guide What You Will Learn This document will identify the essential capabilities you need in an advanced malware protection solution, the key questions you should
More informationDMARC Continuing to enable trust between brand owners and receivers
DMARC Continuing to enable trust between brand owners and receivers February 2014 1 DMARC Defined DMARC stands for: Domain-based Message Authentication, Reporting & Conformance (pronounced dee-mark ) 2
More information2018 Edition. Security and Compliance for Office 365
2018 Edition Security and Compliance for Office 365 [Proofpoint has] given us our time back to focus on the really evil stuff. CISO, Global 500 Manufacturer Like millions of businesses around the world,
More informationPEOPLE CENTRIC SECURITY THE NEW
PEOPLE CENTRIC SECURITY THE NEW PARADIGM IN CYBERSECURITY David Karlsson SE Nordics March 2018 1 2018 Proofpoint, Inc. Proofpoint at a Glance LEADING CUSTOMERS DEEP SECURITY DNA UNIQUE VISIBILITY PARTNERS
More informationwith Advanced Protection
with Advanced Email Protection OVERVIEW Today s sophisticated threats are changing. They re multiplying. They re morphing into new variants. And they re targeting people, not just technology. As organizations
More informationCyber Insurance: What is your bank doing to manage risk? presented by
Cyber Insurance: What is your bank doing to manage risk? David Kitchen presented by Lisa Micciche Today s Agenda Claims Statistics Common Types of Cyber Attacks Typical Costs Incurred to Respond to an
More informationSOLUTION BRIEF RSA NETWITNESS EVOLVED SIEM
RSA NETWITNESS EVOLVED SIEM OVERVIEW A SIEM is technology originally intended for compliance and log management. Later, as SIEMs became the aggregation points for security alerts, they began to be more
More informationTHE EVOLUTION OF SIEM
THE EVOLUTION OF SIEM Why it is critical to move beyond logs BUSINESS-DRIVEN SECURITY SOLUTIONS THE EVOLUTION OF SIEM Why it is critical to move beyond logs Despite increasing investments in security,
More informationSOLUTION BRIEF RSA NETWITNESS SUITE 3X THE IMPACT WITH YOUR EXISTING SECURITY TEAM
SOLUTION BRIEF RSA NETWITNESS SUITE 3X THE IMPACT WITH YOUR EXISTING SECURITY TEAM OVERVIEW The Verizon 2016 Data Breach Investigations Report highlights that attackers are regularly outpacing the defenders.
More informationAttackers Process. Compromise the Root of the Domain Network: Active Directory
Attackers Process Compromise the Root of the Domain Network: Active Directory BACKDOORS STEAL CREDENTIALS MOVE LATERALLY MAINTAIN PRESENCE PREVENTION SOLUTIONS INITIAL RECON INITIAL COMPROMISE ESTABLISH
More informationBUILDING AN EFFECTIVE PROGRAM TO PROTECT AGAINST FRAUD
BUILDING AN EFFECTIVE PROGRAM TO PROTECT AGAINST EMAIL FRAUD Navindra Ramnauth CISSP Principal Sales Engineer 1 2017 Proofpoint, Inc. Proofpoint at a Glance LEADING CUSTOMERS DEEP SECURITY DNA UNIQUE VISIBILITY
More informationThe Cost of Phishing. Understanding the True Cost Dynamics Behind Phishing Attacks A CYVEILLANCE WHITE PAPER MAY 2015
The Cost of Phishing Understanding the True Cost Dynamics Behind Phishing Attacks A CYVEILLANCE WHITE PAPER MAY 2015 Executive Summary.... 3 The Costs... 4 How To Estimate the Cost of an Attack.... 5 Table
More informationSecurity Gap Analysis: Aggregrated Results
Email Security Gap Analysis: Aggregrated Results Average rates at which enterprise email security systems miss spam, phishing and malware attachments November 2017 www.cyren.com 1 Email Security Gap Analysis:
More informationTHE SIX ESSENTIAL CAPABILITIES OF AN ANALYTICS-DRIVEN SIEM
THE SIX ESSENTIAL CAPABILITIES OF AN ANALYTICS-DRIVEN SIEM Modern threats demand analytics-driven security and continuous monitoring Legacy SIEMs are Stuck in the Past Finding a mechanism to collect, store
More informationRSA INCIDENT RESPONSE SERVICES
RSA INCIDENT RESPONSE SERVICES Enabling early detection and rapid response EXECUTIVE SUMMARY Technical forensic analysis services RSA Incident Response services are for organizations that need rapid access
More informationTHE EFFECTIVE APPROACH TO CYBER SECURITY VALIDATION BREACH & ATTACK SIMULATION
BREACH & ATTACK SIMULATION THE EFFECTIVE APPROACH TO CYBER SECURITY VALIDATION Cymulate s cyber simulation platform allows you to test your security assumptions, identify possible security gaps and receive
More informationSecurity analytics: From data to action Visual and analytical approaches to detecting modern adversaries
Security analytics: From data to action Visual and analytical approaches to detecting modern adversaries Chris Calvert, CISSP, CISM Director of Solutions Innovation Copyright 2013 Hewlett-Packard Development
More informationCisco Cloud Security. How to Protect Business to Support Digital Transformation
Cisco Cloud Security How to Protect Business to Support Digital Transformation Dragan Novakovic Cybersecurity Consulting Systems Engineer January 2018. Security Enables Digitization Digital Disruption,
More informationENTERPRISE ENDPOINT PROTECTION BUYER S GUIDE
ENTERPRISE ENDPOINT PROTECTION BUYER S GUIDE TABLE OF CONTENTS Overview...3 A Multi-Layer Approach to Endpoint Security...4 Known Attack Detection...5 Machine Learning...6 Behavioral Analysis...7 Exploit
More informationAUTHENTICATION. Do You Know Who You're Dealing With? How Authentication Affects Prevention, Detection, and Response
AUTHENTICATION Do You Know Who You're Dealing With? How Authentication Affects Prevention, Detection, and Response Who we are Eric Scales Mandiant Director IR, Red Team, Strategic Services Scott Koller
More informationATTIVO NETWORKS THREATDEFEND PLATFORM INTEGRATION WITH CISCO SYSTEMS PROTECTS THE NETWORK
PARTNER BRIEF ATTIVO NETWORKS THREATDEFEND PLATFORM INTEGRATION WITH CISCO SYSTEMS PROTECTS THE NETWORK INTRODUCTION Attivo Networks has partnered with Cisco Systems to provide advanced real-time inside-the-network
More informationEBOOK. Stopping Fraud. How Proofpoint Helps Protect Your Organisation from Impostors, Phishers and Other Non-Malware Threats.
EBOOK Stopping Email Fraud How Proofpoint Helps Protect Your Organisation from Impostors, Phishers and Other Non-Malware Threats www.proofpoint.com EBOOK Stopping Email Fraud 2 Today s email attacks have
More informationSecuring Office 365 with SecureCloud
Securing Office 365 with SecureCloud 1 Introduction Microsoft Office 365 has become incredibly popular because of the mobility and collaboration it enables. With Office 365, companies always have the latest
More informationTHE CLOUD SECURITY CHALLENGE:
THE CLOUD EMAIL SECURITY CHALLENGE: CLOSING THE CYBERSECURITY SKILLS GAP THROUGH AUTOMATION THE EMAIL SECURITY CHALLENGE Email remains at the heart of the business communications landscape. While nobody
More informationWhitepaper. Advanced Threat Hunting with Carbon Black Enterprise Response
Advanced Threat Hunting with Carbon Black Enterprise Response TABLE OF CONTENTS Overview Threat Hunting Defined Existing Challenges and Solutions Prioritize Endpoint Data Collection Over Detection Leverage
More informationPass4suresVCE. Pass4sures exam vce dumps for guaranteed success with high scores
Pass4suresVCE http://www.pass4suresvce.com Pass4sures exam vce dumps for guaranteed success with high scores Exam : CS0-001 Title : CompTIA Cybersecurity Analyst (CySA+) Exam Vendor : CompTIA Version :
More informationDHG presenter. August 17, Addressing the Evolving Cybersecurity Landscape. DHG Birmingham CPE Seminar 1
Addressing the Evolving Cybersecurity Tom Tollerton, CISSP, CISA, PCI QSA Manager Cybersecurity Advisory Services DHG presenter Tom Tollerton, Manager DHG IT Advisory 704.367.7061 tom.tollerton@dhgllp.com
More informationARTIFICIAL INTELLIGENCE POWERED AUTOMATED THREAT HUNTING AND NETWORK SELF-DEFENSE
ARTIFICIAL INTELLIGENCE POWERED AUTOMATED THREAT HUNTING AND NETWORK SELF-DEFENSE Vectra Cognito HIGHLIGHTS Finds active attackers inside your network Automates security investigations with conclusive
More informationPrescriptive Security Operations Centers. Leveraging big data capabilities to build next generation SOC
Prescriptive Security Operations Centers Leveraging big data capabilities to build next generation SOC Cyber Security Industry in constant renewal in 2016 and 2017 1 Tbps Mirai IoT Botnet broke the Internet
More informationDelivering Integrated Cyber Defense for the Cloud Generation Darren Thomson
Delivering Integrated Cyber Defense for the Generation Darren Thomson Vice President & CTO, EMEA Region Symantec In 2009 there were 2,361,414 new piece of malware created. In 2015 that number was 430,555,582
More informationHow Breaches Really Happen
How Breaches Really Happen www.10dsecurity.com About Dedicated Information Security Firm Clients Nationwide, primarily in financial industry Services Penetration Testing Social Engineering Vulnerability
More informationTHE BUSINESS CASE FOR OUTSIDE-IN DATA CENTER SECURITY
THE BUSINESS CASE FOR OUTSIDE-IN DATA CENTER SECURITY DATA CENTER WEB APPS NEED MORE THAN IP-BASED DEFENSES AND NEXT-GENERATION FIREWALLS table of contents.... 2.... 4.... 5 A TechTarget White Paper Does
More information2018 Cyber Security Predictions
2018 Cyber Security Predictions Rampa Manoonsin Country Manager, Thailand Symantec At a Glance 175M endpoints under protection $5B+ FY18E revenue 2100+ patents Leader in 4 Gartner MQs SWG, EPP, DLP and
More informationManaged Enterprise Phishing Protection. Comprehensive protection delivered 24/7 by anti-phishing experts
Managed Enterprise Phishing Protection Comprehensive protection delivered 24/7 by anti-phishing experts MANAGED ENTERPRISE PHISHING PROTECTION 24/7 expert protection against phishing attacks that get past
More informationWHITEPAPER ATTIVO NETWORKS THREATDEFEND PLATFORM AND THE MITRE ATT&CK MATRIX
WHITEPAPER ATTIVO NETWORKS THREATDEFEND PLATFORM AND THE MITRE ATT&CK MATRIX 1 INTRODUCTION The MITRE Corporation Adversarial Tactics, Techniques, and Common Knowledge (ATT&CK ) Matrix provides a model
More informationADVANCED THREAT PREVENTION FOR ENDPOINT DEVICES 5 th GENERATION OF CYBER SECURITY
ADVANCED THREAT PREVENTION FOR ENDPOINT DEVICES 5 th GENERATION OF CYBER SECURITY OUTLINE Advanced Threat Landscape (genv) Why is endpoint protection essential? Types of attacks and how to prevent them
More informationFTA 2017 SEATTLE. Cybersecurity and the State Tax Threat Environment. Copyright FireEye, Inc. All rights reserved.
FTA 2017 SEATTLE Cybersecurity and the State Tax Threat Environment 1 Agenda Cybersecurity Trends By the Numbers Attack Trends Defensive Trends State and Local Intelligence What Can You Do? 2 2016: Who
More informationHOSTED SECURITY SERVICES
HOSTED SECURITY SERVICES A PROVEN STRATEGY FOR PROTECTING CRITICAL IT INFRASTRUCTURE AND DEVICES Being always-on, always-connected might be good for business, but it creates an ideal climate for cybercriminal
More informationDiscover threats quickly, remediate immediately, and mitigate the impact of malware and breaches
Discover threats quickly, remediate immediately, and mitigate the impact of malware and breaches Introduction No matter how hard you work to educate your employees about the constant and evolving threats
More informationMicrosoft Security Management
Microsoft Security Management MICROSOFT SECURITY MANAGEMENT SECURITY MANAGEMENT CHALLENGES Some large financial services organizations have as many as 40 or more different security vendors inside their
More informationBehavioral Analytics A Closer Look
SESSION ID: GPS2-F03 Behavioral Analytics A Closer Look Mike Huckaby VP, Global Systems Engineering RSA The world is full of obvious things which nobody by any chance ever observes. Sherlock Holmes 2 Patterns
More informationSecuring Privileged Access and the SWIFT Customer Security Controls Framework (CSCF)
Securing Privileged Access and the SWIFT Customer Security Controls Framework (CSCF) A Guide to Leveraging Privileged Account Security to Assist with SWIFT CSCF Compliance Table of Contents Executive Summary...
More informationNew Zealand National Cyber Security Centre Incident Summary
New Zealand National Cyber Security Centre 2013 Incident Summary National Cyber Security Centre 2013 Incident Summary Foreword The incidents summarised in this report reinforce that cyber security is truly
More information2 User Guide. Contents
E-mail User Guide 2 E-mail User Guide Contents Logging in to your web mail... 3 Changing your password... 5 Editing your signature... 6 Adding an e-mail account to Outlook 2010/2013/2016... 7 Adding an
More information68 Insider Threat Red Flags
68 Insider Threat Red Flags Are you prepared to stop the insider threat? Enterprises of all shapes and sizes are taking a fresh look at their insider threat programs. As a company that s been in the insider
More informationSpeed Up Incident Response with Actionable Forensic Analytics
WHITEPAPER DATA SHEET Speed Up Incident Response with Actionable Forensic Analytics Close the Gap between Threat Detection and Effective Response with Continuous Monitoring January 15, 2015 Table of Contents
More informationIncident Response Agility: Leverage the Past and Present into the Future
SESSION ID: SPO1-W03 Incident Response Agility: Leverage the Past and Present into the Future Torry Campbell CTO, Endpoint and Management Technologies Intel Security The Reality we Face Reconnaissance
More informationCognito Detect is the most powerful way to find and stop cyberattackers in real time
Overview Cognito Detect is the most powerful way to find and stop cyberattackers in real time HIGHLIGHTS Always-learning behavioral models use AI to find hidden and unknown attackers, enable quick, decisive
More informationThe Cognito automated threat detection and response platform
Overview The Cognito automated threat detection and response platform HIGHLIGHTS Finds active cyberattackers inside cloud, data center and enterprise environments Automates security investigations with
More informationProtecting from Attack in Office 365
A hacker only needs one person to click on their fraudulent link to access credit card, debit card and Social Security numbers, names, addresses, proprietary information and other sensitive data. Protecting
More informationBest Practices in Securing Your Customer Data in Salesforce, Force.com & Chatter
White Paper Best Practices in Securing Your Customer Data in Salesforce, Force.com & Chatter Overcoming Security, Privacy & Compliance Concerns 333 W. San Carlos Street San Jose, CA 95110 Table of Contents
More informationMCAFEE INTEGRATED THREAT DEFENSE SOLUTION
IDC Lab Validation Report, Executive Summary MCAFEE INTEGRATED THREAT DEFENSE SOLUTION Essential Capabilities for Analyzing and Protecting Against Advanced Threats By Rob Ayoub, CISSP, IDC Security Products
More informationAre we breached? Deloitte's Cyber Threat Hunting
Are we breached? Deloitte's Cyber Threat Hunting Brochure / report title goes here Section title goes here Have we been breached? Are we exposed? How do we proactively detect an attack and minimize the
More informationCisco Advanced Malware Protection (AMP) for Endpoints Security Testing
Cisco Advanced Malware Protection (AMP) for Endpoints Security Testing 7 September 2018 DR180821E Miercom.com www.miercom.com Contents 1.0 Executive Summary... 3 2.0 Test Summary... 4 3.0 Product Tested...
More informationBRING SPEAR PHISHING PROTECTION TO THE MASSES
E-Guide BRING SPEAR PHISHING PROTECTION TO THE MASSES SearchSecurity phishing. I n this expert tip, David Sherry describes how a combination of technical controls and user awareness training can help put
More informationGladiator Incident Alert
Gladiator Incident Alert Allen Eaves Sabastian Fazzino FINANCIAL PERFORMANCE RETAIL DELIVERY IMAGING PAYMENT SOLUTIONS INFORMATION SECURITY & RISK MANAGEMENT ONLINE & MOBILE 1 2016 Jack Henry & Associates,
More informationCompare Security Analytics Solutions
Compare Security Analytics Solutions Learn how Cisco Stealthwatch compares with other security analytics products. This solution scales easily, giving you visibility across the entire network. Stealthwatch
More informationAssessing Your Incident Response Capabilities Do You Have What it Takes?
Assessing Your Incident Response Capabilities Do You Have What it Takes? March 31, 2017 Presenters Tim L. Bryan, CPA/CFF/CITP, CISA, EnCE Director, Advisory Services Forensic Technology & Investigation
More information2017 Annual Meeting of Members and Board of Directors Meeting
2017 Annual Meeting of Members and Board of Directors Meeting Dan Domagala; "Cybersecurity: An 8-Point Checklist for Protecting Your Assets" Join this interactive discussion about cybersecurity trends,
More informationTraditional Security Solutions Have Reached Their Limit
Traditional Security Solutions Have Reached Their Limit CHALLENGE #1 They are reactive They force you to deal only with symptoms, rather than root causes. CHALLENGE #2 256 DAYS TO IDENTIFY A BREACH TRADITIONAL
More informationalign security instill confidence
align security instill confidence cyber security Securing data has become a top priority across all industries. High-profile data breaches and the proliferation of advanced persistent threats have changed
More informationPerimeter Defenses T R U E N E T W O R K S E C U R I T Y DEPENDS ON MORE THAN
T R U E N E T W O R K S E C U R I T Y DEPENDS ON MORE THAN Perimeter Defenses Enterprises need to take their security strategy beyond stacking up layers of perimeter defenses to building up predictive
More informationThanks for attending this session on April 6 th, 2016 If you have any question, please contact Jim at
Thanks! Thanks for attending this session on April 6 th, 2016 If you have any question, please contact Jim at jim@stickleyonsecurity.com Don t forget to checkout Stickley on Security and learn about our
More informationWebroot Phishing Threat Trends
December 2016 Webroot Phishing Threat Trends An update to the 2016 Threat Brief Introduction Who would ever fall for that? That s what many people think when they see a phishing attempt, since less advanced
More informationTrustwave SEG Cloud BEC Fraud Detection Basics
.trust Trustwave SEG Cloud BEC Fraud Detection Basics Table of Contents About This Document 1 1 Background 2 2 Configuring Trustwave SEG Cloud for BEC Fraud Detection 5 2.1 Enable the Block Business Email
More informationVectra Cognito. Brochure HIGHLIGHTS. Security analyst in software
Brochure Vectra Cognito HIGHLIGHTS Finds active attackers inside your network Automates security investigations with conclusive answers Persistently tracks threats across all phases of attack Monitors
More informationWire Fraud Begins to Hammer the Construction Industry
Wire Fraud Begins to Hammer the Construction Industry Cybercriminals are adding new housing construction to their fraud landscape and likely on a wide scale. Created and published by: Thomas W. Cronkright
More informationCROWDSTRIKE FALCON FOR THE PUBLIC SECTOR
C R O W D S T R I K E P U B L I C S E C T O R S O L U T I O N S CROWDSTRIKE FALCON FOR THE PUBLIC SECTOR SECURE YOUR ENTERPRISE WITH A THAT PROVIDES UNRIVALED PROTECTION, SECURITY EXPERTISE, AND OPTIMAL
More informationSECOPS: NAVIGATE THE NEW LANDSCAPE FOR PREVENTION, DETECTION AND RESPONSE
SESSION ID: SBX4W5 SECOPS: NAVIGATE THE NEW LANDSCAPE FOR PREVENTION, DETECTION AND RESPONSE Dara Such VP & Publisher, Security Networking and IoT TechTarget @darasuch What we ll cover today State of SecOps:
More informationTransforming Security from Defense in Depth to Comprehensive Security Assurance
Transforming Security from Defense in Depth to Comprehensive Security Assurance February 28, 2016 Revision #3 Table of Contents Introduction... 3 The problem: defense in depth is not working... 3 The new
More informationThe Credential Phishing Handbook. Why It Still Works and 4 Steps to Prevent It
The Credential Phishing Handbook Why It Still Works and 4 Steps to Prevent It Introduction Phishing is more than 20 years old, but still represents more than 90% of targeted attacks. The reason is simple:
More informationMastering The Endpoint
Organizations Find Value In Integrated Suites GET STARTED Overview In the face of constantly evolving threat vectors, IT security decision makers struggle to manage endpoint security effectively. More
More informationProduct Overview Version 1.0. May 2018 Silent Circle Silent Circle. All Rights Reserved
Product Overview Version 1.0 May 2018 Silent Circle The Problem Today s world is mobile. Employees use personal and company owned devices smartphones, laptops, tablets to access corporate data. Businesses
More informationCarbon Black PCI Compliance Mapping Checklist
Carbon Black PCI Compliance Mapping Checklist The following table identifies selected PCI 3.0 requirements, the test definition per the PCI validation plan and how Carbon Black Enterprise Protection and
More informationJoe Stocker, CISSP, MCITP, VTSP Patriot Consulting
Joe Stocker, CISSP, MCITP, VTSP Patriot Consulting Microsoft Cloud Evangelist at Patriot Consulting Principal Systems Architect with 17 Years of experience Technical certifications: MCSE, MCITP Office
More informationANATOMY OF A SPEAR PHISHING ATTACK. A Menlo Security Research Report
ANATOMY OF A SPEAR PHISHING ATTACK A Menlo Security Research Report Overview Today s CISOs are trying unsuccessfully to mitigate the threat of malware and credential theft, the two greatest risks associated
More informationProduct Roadmap Symantec Endpoint Protection Suzanne Konvicka & Paul Murgatroyd
Product Roadmap Symantec Endpoint Protection Suzanne Konvicka & Paul Murgatroyd Symantec Endpoint Protection Product Roadmap 1 Safe Harbor Disclaimer Any information regarding pre-release Symantec offerings,
More informationEmployee Security Awareness Training
Employee Security Awareness Training September 2016 Purpose Employees have access to sensitive data through the work they perform for York. Examples of sensitive data include social security numbers, medical
More information