Securing Email and File Sharing in the Cloud
Your Presenter Erick Simpson Vice President & CIO, SPC International Online A strategic IT business transformation specialist experienced in improving top and bottom-line business performance by increasing operational efficiencies, boosting marketing and lead generation outcomes, accelerating sales velocity, shortening sales cycles and maximizing service efficiencies. Over 30 years of experience in the IT industry as an Enterprise CIO, MSP, and Business Process Improvement Expert with hundreds of successful IT Solution Provider, MSP and Cloud practice business improvement consulting engagement outcomes, Erick has worked with numerous clients on both the buy and sell side of the M&A process. A highly sought-after IT, Cloud and Managed Services expert, author and speaker, Erick has authored 40 best practice guides and 4 best-selling books including "The Guide to a Successful Managed Services Practice", The Best I.T. Sales & Marketing BOOK EVER!, The Best I.T. Service Delivery BOOK EVER! and The Best NOC and Service Desk Operations BOOK EVER!. Erick Simpson Vice President & CIO SPC International Online www.spc-intl.com www.linkedin.com/in/ericksimpson https://amazon.com/author/ericksimpson IT, MSP and Cloud Business Improvement Expert IT Business Improvement Specialist focused on people, process and product Experienced buy- and sell-side M&A consultant Certified Behavioral Specialist IT Solution, Managed Services and Cloud sales optimization and QBR improvement specialist Expert IT Solution and Service tiering, packaging, bundling and pricing strategist NOC/Service Desk and Dispatch Incident Management Workflow specialist Skilled in CRM, PSA and RMM configuration, integration, reporting and analysis Project Management specialist Skilled Virtual/Interim IT Solution Provider CIO and COO
Speaker Spotlight Chris Taylor Director, Product Marketing - Trend Micro Chris Taylor has worked with Trend Micro s messaging and collaboration security products for 9 years and is currently a Director of Global Product Marketing. He has a degree in engineering from California Polytechnic State University and a MBA from Santa Clara University. Throughout his career working at technology companies in Silicon Valley, he has held roles in systems engineering, product management, and product marketing.
Securing Email and File Sharing in the Cloud Chris Taylor, User Protection Product Marketing
What s in it for you? Maximize Your Profits Increase O365 deal size and margin Recurring revenue Service revenue Protect Your Customers Less help desk calls Higher customer satisfaction
What are the security risks to email/file sharing? 7
¾ of Organizations have been Infected with Malware from Email Email 78% Web 64% Some of these web infections likely came from a link in an email Malware has successfully infiltrated our network through email Malware has successfully infiltrated our network through web Source: Osterman Research, March 2016
Majority of Ransomware via Phishing Emails Common hooks are here is an invoice or my resume Can be hidden in Word doc May be a URL leading to ransomware Primary target now businesses A Hollywood hospital recently paid $17,000 9
Challenges with Modern Malware 90% of malware is used only once MS Office files with malware used in 60% targeted attacks 60% 20,000 New, unique malware every hour 10 Source: TrendLabs, April 2015
Why do I need to supplement the security included with Office 365? Exchange Online is designed and SLA backed to catch 100% known malware But 90% malware infects only 1 device. Only 10% malware is known. If you bought a new home with a smoke detector guaranteed to detect 10% of fires would you supplement it? 11 Every customer needs a strategy to deal with unknown malware
Customer 12
Enhancing the Security of Office 365 Email and File Sharing 13
Securing Office 365 Email and File Sharing Advanced Threat Detection Finds zero-day and hidden threats Sandbox file analysis in the cloud Web reputation for URLs in email/files Direct cloud-to-cloud integration Data Loss Prevention (DLP) Discovery and visibility into confidential data usage DLP enforcement for cloud file sharing 240 customizable templates 14
Simple API based Integration API Cloud App Security Direct cloud-to-cloud integration using vendor s API s at the application level No impact to user/admin functionality Supports all devices, anywhere Fully automatic setup MX Record Software User settings Web proxy 15
Finding Hidden and Unknown Malware Static and dynamic detection techniques Static techniques: File reputation and prevalence URL reputation (including in files) Document exploit detection Filetype blocking Dynamic techniques: Virtual sandbox analysis Risk based Pattern-less detection Multiple operating systems Anti-evasion
Typical Ransomware Infection Chain Exposure Layer Ransomware executable Document Infection Layer Attachment (compressed?) JavaScript URL Ransomware on system Execution: encrypt files and ransom Download ransomware Compromised website Exploit kit 17
Stop Ransomware at Multiple Levels Email Security Attachment Ransomware executable Document JavaScript Central Visibility Endpoint Security URL Ransomware on system Execution: encrypt files and ransom Endpoint Security Download ransomware Compromised website Exploit kit Web Security 18
Stop Ransomware at Multiple Levels Cloud App Security Attachment Ransomware executable Document JavaScript 2 Anti-Malware, prevalence Similarity detection File Type filtering Document Exploit scan Macro Detection URL 1 Web Reputation Content analysis (in email or attachment) 3 Sandbox behavioral analysis 19
Complementing Office 365 s Built in Security for Better Overall Protection Office 365 built in security blocks known threats Detected an additional 2,500,000 malicious files and URL s beyond the built Trend in Office Micro Cloud 365 App security Security during finds the hidden and unknown threats first 10 months of operation. 20
Resources to Share with Prospects YouTube video: https://youtu.be/uylvvpvusvs Osterman White Paper on Migration to O365 IDC White Paper on protecting SaaS applications
Key take-aways Trend Micro Cloud App Security Finds Unknown Malware including Ransomware Protects More Maximize your profits 22 2
www.trendmicro.com/office365 23
How is it different from Microsoft s Adv. Threat Protection Service? 1. More Protection Microsoft ATP Trend Micro Cloud App Security Office 365 email OneDrive, SharePoint Box, Dropbox, Google Drive 2. Fewer Delays Trend Micro risk assessment avoids sandboxing 98% files and analyzes files quicker: Microsoft ATP Trend Micro Cloud App Security Average sandbox time 7-8 min* 4-5 min * MSFT users report frequent 15-30 min delays 3. Better Protection Trend Micro top rated Deep Discovery technology Microsoft new unproven technology AV-Test finds Trend Micro 100% effective against unknown malware and Microsoft only 76.5% Cloud App Security detected 500,00 malicious files Jul 15-Mar 16. If it had an effectiveness score of only 76.5%, then 117,000 malware would have remained undetected AV-Test.org Jan-Jun 2015 testing of endpoint security products shows the relative effectiveness of security technologies against unknown malware 24