Secure solutions for advanced email threats Threat-centric email security Cosmina Calin Virtual System Engineer November 2016
Get ahead of attackers with threat-centric security solutions In our live Security Experts Webinars discover all the items needed to help set up the best security architecture. What a Next Generation Firewall should be Protect your email and web gateways Advanced Malware Protection ISE/Access Control And many other hot security topics so check our Security Experts Page and register to our upcoming webinars- ww.cisco.com/go/securityexperts
Email is still the #1 threat vector
Phishing leaves businesses on the line Phishing $500M Spoofing Ransomware 30% 94% malicious attachments 1 are opened 1 of phish mail has of phishing messages Loss incurred due to phishing attacks in a year by US companies 2 1 2016 Cisco Annual Security Report 2 2016 Verizon Data Breach Report, Krebs on Security Messages contain attachments and URL s Socially engendered messages are well crafted and specific Credential hooks give criminals access to your systems
Spoofing rates are on the rise Phishing Spoofing 270 % increase 1 $2.3B Ransomware 2015 2016 In losses from spoofing 2013-2015 1 1 FBI Warns of Dramatic Increase in Business email scams, 2016 Forged addresses fool recipients Threat actors extensively research targets Money and sensitive information are targeted
Ransomware attacks are holding companies hostage Phishing Spoofing Ransomware 9,515 users are paying ransoms per month 2 Ransomware represents the biggest jump in occurrences of crimeware 1 $60M Cost to consumers and companies of a single campaign 2 1 2016 Verizon Data Breach Report, Kerbs on Security 2 2016 Cisco Annual Security Report Malware encrypts critical files Locking you out of your own system Extortion demands are being paid
And security is more complex with email moving to the cloud Moving to Office 365 creates new risks Gartner estimates 60% cloud adoption by 2022 1 Access control Data leaks Infections Visibility and Audits 1 Gartner Report Office 365, Google Apps for Work and Other Cloud Office Key Initiative Overview July 2015
Cisco secures your email, cloud or on-premises Reduce threats Support growth Achieve agility
Reduce threats
Cisco Email Security is backed by unrivaled global threat intelligence 100 TB Of Data Received Daily 1.5 MILLION Daily Malware Samples 600 BILLION Daily Email Messages with SenderBase III00II 0II00II 0I0I0I0I 0I I0 I00 000II0 I0I0 0II0 00 III00II 0II00II I0I0II0II0 I0 I0 I00 00I0 I000 0II0 00 III00II 0II00II I0I000 0II0 00I0I00 I0 I000I0I 0II 0I0I0I 00I00 I00I0I II0I0I 0II0I I0I00I0I0 0II0I0II 0I00I0I I0 00 II0III0I 0II0II0I II00I0I0 0I00I0I00 I0I0 I0I0 I00I0I00 II0II0I0I0I I0I0I0I 0I0I0I0I 0I0I00I0 I0I0I0I 0II0I0I0I III00II I000I0I I000I0I I000I0I II 0I00 I0I000 0II0 00 00I I0I0I0 I0I0III000 I0I00I0I 0II0I0 I00I0I0I0I 000 0II00 I00I0I0 0I00I0I I00I0I0 I0I0I0I 0I0I0I 0I0I0I0 00I0I0 0I0I0I0 I0I0I00I 0I0I 0I0I 0I0I I0I0I 0I00I0I 250+ Full Time Threat Intel Researchers MILLIONS Of Telemetry Agents 4 Global Data Centers 16 BILLION Daily Web Requests 24 7 365 Operations Over 100 Threat Intelligence Partners Deploy the world's largest email traffic monitoring network Leverage industry-leading threat analytics
And reduces your exposure to the three main components of an email attack Attachments www.url.com URLs Email content
Attachments Protect against Ransomware Phishing
Cisco protects against threats hidden within attachments Anti-spam Anti-virus Virus Outbreak Filters Advanced Malware Protection (AMP)
It s built with industry-leading spam protection Anti-spam processing / Context Adaptive Scanning Engine (CASE) Cisco Anti-Spam Block Cisco Email Security Who sent the message? What Is the content? How was the message constructed? Where does the call to action take you? Forward O365 Mail Server Quarantine Review sender reputation, URL reputation, and message content Block spam with 99% accuracy with fewer than 1:1M false positives Quarantine suspicious messages for additional review
Block known and zero-day viruses Anti-virus processing Outbreak Filters Block Block Multiple detection methods: Pattern matching Emulation technology Advanced heuristic techniques Forward Zero-Hour Virus and Malware Detection.DOC.EXE.LNK Updates every 12 hours.pdf Quarantine Determine what actions to take on viral messages Real time security updates that prevent new malware Also receive AV Signature updates regularly Quarantine Determine whether anomalies are zero-day threats Scan attachments for known viruses Forward clean emails to additional security checks Defend against zero-day malware
Detect and contain advanced threats quickly Advanced Malware Protection (AMP) architecture AMP Threat Intelligence Cloud Remote Endpoints Private Network Edge Meraki MX ISR w/ FirePOWER Services Cisco ASA w/ FirePOWER Services FirePOWER NGIPS Appliance Threat Grid Malware Analysis Endpoints Private Cloud Virtual Appliance Cloud Email Security and Email Security Appliance CWS CWS and Web Security Appliance Data Center Virtual Windows OS Android Mobile MAC OS CentOS, Red Hat and Linux AnyConnect Leverage threat intelligence and dynamic malware analysis Deploy easily with multiple platform options
Keep tabs on all emails admitted into the environment after analysis Advanced Malware Protection (AMP) File Reputation File Sandboxing File Retrospection? Advanced Analytics Dynamic analysis 560+ indicators.sys.doc.exe.lnk.pdf.scr Unknown Clean Malicious Known Signatures Fuzzy Fingerprinting Indications of compromise Block known malware Investigate files safely Auto-remediate threats in O365 Gain visibility into messages trying to enter the network
Investigate unrecognized attachments safely AMP Threat Grid for Sandboxing Threat Grid Cisco Email Security HTML Email sent to O365 for administered action Office 365 SWF JPG Threat Score: Email delivered PDF Admin Upload unknown files to Threat Grid Examine files with context-driven analysis Receive threat report and score to guide decision making Automatically remediate malware for O365 users
URLs Protect against Ransomware Phishing Spoofing
Cisco protects against disguised hyperlinks Anti-spam Content Filters Outbreak Filters
Control which emails cross the network Content Filters Content Filters Rewrite URL Cisco Cloud Web Proxy Defang / Block BLOCKEDwww.proxy.org BLOCKED URL reputation and categorization Replace with Text This URL is blocked by policy Admin Customize filters in three different ways for additional security Easily enforce business and compliance policies
Email Content Protect against Spoofing Phishing
Cisco defends against human error Anti-spam DMARC, DKIM and SPF Forged Email Detection
SMTP Envelope Protect against spoofing attacks Forged Email Detection Pre-processing Inspects the SMTP envelope address: $ telnet mail-smtp-in.l.mail.com 25 Trying 74.125.206.26... Connected to mail-smtp-in.l.mail.com. Escape character is '^]'. Recipient Domain Compare against Company directory 220 mx.mail.com ESMTP i11si22058766wmh.67 - gsmtp From: Chuck <chuck.robbins@mail.com> Subject: [URGENT] Need help transferring funds HELO mail.outside.com Sending Domain 250 mx.mail.com at your service MAIL FROM:<adam@outside.com> Actual Sender 250 2.1.0 OK i11si22058766wmh.67 - gsmtp RCPT TO:<alan@mail.com> Allison Johnson Barry Smith Chuck Robbins Dave Tucker From: adam@outside.com Subject: {Possibly Forged} [URGENT] Need help transferring funds 250 2.1.5 OK i11si22058766wmh.67 gsmtp Data Post-processing Inspect SMTP envelope for sender address Match sender address against company directory Send appended mail to warn users of potential forgery Record a log of attempts and actions taken
Cisco catches critical data before it leaves the network Data loss prevention Cisco Registered Envelope Service and ZixGateway with Cisco Technology
Protect personal information and IP Data Loss Prevention (DLP) Cisco Email Security Manage policies such as: Specific users Groups Locations Federal compliance State regulations With multi-language support Critical violation: Info redirected and not sent Minor violation: Content sent with encryption Admin Scanned against 100+ predefined DLP policies No violation: Content sent with optional encryption Control what leaves the network and customize policies Scan email content for sensitive information Prevent data exfiltration automatically
Extend security to external communications Cisco Registered Envelope Service (CRES) CRES Sender controls Cisco Email Security Push Open attachment & confirm identity Scan messages for keywords, policies, and sender Apply authentication mechanisms to access encryption keys Maintain control over your sent messages
Achieve agility
Understand the health of your system Unified business reporting 00I0I0 0I0I0I0 I0I0I00I 0I0I 0I0I 0I0I I0I0I 0I00I0I II0II0I0I0I I0I0I0I 0I0I0I0I 0I0I00I0 I0I0I0I 0II0I0I0I III00II I000I0I I000I0I I000I0I II 0I00 I0I000 0II0 00 00I I0I0I0 I0I0III000 I0I00I0I 0II0I0 I00I0I0I0I 000 0II00 I00I0I0 0I00I0I I00I0I0 I0I0I0I 0I0I0I 0I0I0I0 00I0I0 0I0I0I0 I0I0I00I 0I0I 0I0I 0I0I I0I0I 0I00I0I Cisco Email Security 0II00 I00I0I0 0I00I0I I00I0I0 I0I0I0I 0I0I0I 0I0I0I0 See details around: Email Threats Malicious Attachments Email Volume Spam Counters Policy Violations Virus Reports Outgoing Email Data Reputation Service System Health View Access data from the cloud to create consolidated reports Reduce investigations and response times Identify trends with scheduled and ad-hoc reporting
Support growth
Deploy the configuration that works best for you Cloud Hybrid On Premises
Cisco delivers superior protection and visibility to specialized threats Reduce threats Support growth Achieve agility with advanced protection with availability and assurance through operational efficiency
Demo
With this offer, you will: Gain valuable information on your network including critical attacks Reduce risk and make security a growth engine for your business This offer is valid through December 29 th, 2016 in Austria, Belgium, Denmark, Finland, France, Germany, Ireland, Italy, Luxemburg, Netherlands, Norway, Spain, Sweden, Switzerland and United Kingdom. For more information and to request a Threat Scan POV, go to www.cisco.com/go/threatscanpov