The Mimecast Security Risk Assessment Quarterly Report May 2017

Similar documents
Reduce Your Network's Attack Surface

Barracuda Advanced Threat Protection. Bringing a New Layer of Security for . White Paper

EBOOK. Stopping Fraud. How Proofpoint Helps Protect Your Organization from Impostors, Phishers and Other Non-Malware Threats.

Security Gap Analysis: Aggregrated Results

Fighting Spam, Phishing and Malware With Recurrent Pattern Detection

Symantec Protection Suite Add-On for Hosted Security

MESSAGING SECURITY GATEWAY. Solution overview

Kaspersky Security Network

Protect your business in today s fast-changing security and risk environment.

Easy Activation Effortless web-based administration that can be activated in as little as one business day - no integration or migration necessary.

10 KEY WAYS THE FINANCIAL SERVICES INDUSTRY CAN COMBAT CYBER THREATS

EXECUTIVE BRIEF: WHY NETWORK SANDBOXING IS REQUIRED TO STOP RANSOMWARE

Cloud Security & Advance Threat Protection. Cloud Security & Advance Threat Protection

Office 365 Integration Guide Software Version 6.7

Machine-Powered Learning for People-Centered Security

EBOOK. Stopping Fraud. How Proofpoint Helps Protect Your Organisation from Impostors, Phishers and Other Non-Malware Threats.

Layer by Layer: Protecting from Attack in Office 365

Fortinet, Inc. Advanced Threat Protection Solution

Protecting from Attack in Office 365

Securing Your Business Against the Diversifying Targeted Attacks Leonard Sim

Trend Micro SMB Endpoint Comparative Report Performed by AV-Test.org

How to Identify Advanced Persistent, Targeted Malware Threats with Multidimensional Analysis

Eliminating the Blind Spot: Rapidly Detect and Respond to the Advanced and Evasive Threat

SECURING OFFICE 365 WITH ISOLATION

The Invisible Threat of Modern Malware Lee Gitzes, CISSP Comm Solutions Company

BUFFERZONE Advanced Endpoint Security

Block Threats Before They Reach Your Network Make Downtime a Thing of the Past. Comprehensive and reliable protection

THE EFFECTIVE APPROACH TO CYBER SECURITY VALIDATION BREACH & ATTACK SIMULATION

Evolution of Spear Phishing. White Paper

Security. The DynaSis Education Series for C-Level Executives

What is Zemana AntiLogger?

WHITEPAPER THE EVOLUTION OF APPSEC: FROM WAFS TO AUTONOMOUS APPLICATION PROTECTION

TREND MICRO SMART PROTECTION SUITES

Phishing in the Age of SaaS

CISCO NETWORKS BORDERLESS Cisco Systems, Inc. All rights reserved. 1

Trustwave SEG Cloud BEC Fraud Detection Basics

ENTERPRISE ENDPOINT PROTECTION BUYER S GUIDE

Why Machine Learning is More Likely to Cure Cancer Than to Stop Malware WHITE PAPER

ISO COMPLIANCE GUIDE. How Rapid7 Can Help You Achieve Compliance with ISO 27002

INCIDENTRESPONSE.COM. Automate Response. Did you know? Your playbook overview - Malware Outbreak

Trend Micro SMB Endpoint Comparative Report Performed by AV-Test.org

A Comprehensive CyberSecurity Policy

Office 365 Buyers Guide: Best Practices for Securing Office 365

AT&T Endpoint Security

Protecting Against Modern Attacks. Protection Against Modern Attack Vectors

ADVANCED THREAT PREVENTION FOR ENDPOINT DEVICES 5 th GENERATION OF CYBER SECURITY

Intelligent, Collaborative Endpoint Security

Maximum Security with Minimum Impact : Going Beyond Next Gen

Protect Your Endpoint, Keep Your Business Safe. White Paper. Exosphere, Inc. getexosphere.com

BUFFERZONE Advanced Endpoint Security

CloudSOC and Security.cloud for Microsoft Office 365

trend micro smart Protection suites

TREND MICRO SMART PROTECTION SUITES

Total Threat Protection. Whitepaper

Trend Micro Enterprise Endpoint Comparative Report Performed by AV-Test.org

WHITEPAPER. Protecting Against Account Takeover Based Attacks

Defense-in-Depth Against Malicious Software. Speaker name Title Group Microsoft Corporation

Cisco Firepower NGFW. Anticipate, block, and respond to threats

IPS with isensor sees, identifies and blocks more malicious traffic than other IPS solutions

UTM Firewall Registration & Activation Manual DFL-260/ 860. Ver 1.00 Network Security Solution

NetDefend Firewall UTM Services

Streaming Prevention in Cb Defense. Stop malware and non-malware attacks that bypass machine-learning AV and traditional AV

Technical Brochure F-SECURE THREAT SHIELD

No Time for Zero-Day Solutions John Muir, Managing Partner

Red Condor had. during. testing. Vx Technology high availability. AntiSpam,

Application Security Using Runtime Protection

Security and Compliance Powered by the Cloud. Ben Friedman / Strategic Accounts Director /

Using Threat Analytics to Protect Privileged Access and Prevent Breaches

with Advanced Protection

BUFFERZONE Advanced Endpoint Security

Transforming Security from Defense in Depth to Comprehensive Security Assurance

ALTITUDE DOESN T MAKE YOU SAFE. Satcom Direct s Comprehensive Cyber Security Portfolio for Business Aviation

Trend Micro Endpoint Comparative Report Performed by AV-Test.org

SentinelOne Technical Brief

RANSOMWARE PROTECTION. A Best Practices Approach to Securing Your Enterprise

Be certain. MessageLabs Intelligence: May 2006

Data Sheet: Endpoint Security Symantec Multi-tier Protection Trusted protection for endpoints and messaging environments

RSA Enterprise Compromise Assessment Tool (ECAT) Date: January 2014 Authors: Jon Oltsik, Senior Principal Analyst and Tony Palmer, Senior Lab Analyst

MRG Effitas Online Banking Browser Security Assessment Project Q Q1 2014

Fighting Phishing I: Get phish or die tryin.

Train employees to avoid inadvertent cyber security breaches

An Aflac Case Study: Moving a Security Program from Defense to Offense

DATA SHEET RSA NETWITNESS ENDPOINT DETECT UNKNOWN THREATS. REDUCE DWELL TIME. ACCELERATE RESPONSE.

Cisco Cloud Security. How to Protect Business to Support Digital Transformation

Designated Cyber Security Protection Solution for Medical Devices

The McGill University Health Centre (MUHC)

WHITEPAPER ENDPOINT DETECTION AND RESPONSE BEYOND ANTIVIRUS PROACTIVE THREAT HUNTING AT THE ENDPOINT

Security and Compliance for Office 365

Cisco Advanced Malware Protection. May 2016

M1: COMMUNICATIONS. A New Approach to Web Malware and Phishing Problems CASE STUDY

Secure access to your enterprise. Enforce risk-based conditional access in real time

At a Glance: Symantec Security.cloud vs Microsoft O365 E3

Teradata and Protegrity High-Value Protection for High-Value Data

ATTIVO NETWORKS THREATDEFEND INTEGRATION WITH MCAFEE SOLUTIONS

Symantec Ransomware Protection

KASPERSKY SECURITY FOR MICROSOFT OFFICE s are sent every second. It only takes one to bring down your business.

Cisco s Appliance-based Content Security: IronPort and Web Security

EU GENERAL DATA PROTECTION: TIME TO ACT. Laurent Vanderschrick Channel Manager Belgium & Luxembourg Stefaan Van Hoornick Technical Manager BeNeLux

Advanced Threat Defense Certification Testing Report. Trend Micro Incorporated Trend Micro Deep Discovery Inspector

Security+ Guide to Network Security Fundamentals, Third Edition. Chapter 3 Protecting Systems

Transcription:

The Mimecast Email Security Risk Assessment Quarterly Report May 2017

The Mimecast Email Security Risk Assessment Quarterly Report May 2017 Many organizations think their current email security systems are up to the task of protecting them. Unfortunately many email security systems fall short and do not keep organizations safe. The reality is the entire industry needs to work toward a higher standard of quality, protection and overall email security. The proof is in the numbers, and Mimecast is establishing a standard of transparency for organizations and raising the bar for all security vendors. In working with our more than 26,000 customers, Mimecast has seen firsthand that not all email security systems perform equally well. But, until now, we ve lacked the comparative data to prove our perceptions. In order to address this head-on, Mimecast has launched the Email Security Risk Assessment (ESRA). The Mimecast ESRA has three goals: 1. To test the Mimecast cloud security service against an individual organization s incumbent email security system. To help the organization understand the relative efficacy of the security systems and to see the number, type and severity of email-borne threats that are currently getting into the organization. 2. To inform the security industry with hard data on the effectiveness of various commonly-deployed email security systems. 3. To inform the security industry with hard data regarding the number, type and severity of email-borne threats that are being actively used in attacks. What is a Mimecast ESRA? Mimecast uses its cloud-based Advanced Security service to assess the effectiveness of legacy email security systems. The ESRA test passively inspects emails that have been passed by the incumbent email security system and received by the organization s email management system. In an ESRA the Mimecast service re-inspects the emails deemed safe by the incumbent email security system and looks for false negatives, such as spam or malicious attachments. What We Have Found to Date The information we ve uncovered is concerning: Email attacks ranging from opportunistic spam to highly targeted impersonation attacks are getting through incumbent email security systems both in large number and type. Let s evaluate the scope of the problem by digging into the aggregated test data that is presented in Figure 1. 2

44,644 email users over 287 days Quarterly Report May 2017 40,266,159 emails inspected by Mimecast This is an aggregate report of ESRA tests compiled over 287 days showing the number and type of email-borne threats missed by incumbent email security systems. 8,972,968 3,179,913 Rejected 5,793,045 Quarantined 8,319 2,156 1,669 487 1,669 Known Malware Attachments 487 UNKNOWN MALWARE ATTACHMENTS caught by Sandboxing 8,605 31,273,719 emails deemed safe by Mimecast Figure 1 Aggregated Funnel of ESRA Test Results Completed to Date

The Mimecast Email Security Risk Assessment Analysis by Inspection Slice 8,972,968 3,179,913 Rejected 5,793,045 Quarantined The ESRA testing to date has covered 44,644 email users over a cumulative 287 days of inbound email received into the organizations participating in the testing. In this time period more than 40 million emails were inspected by Mimecast. It is critical to understand that these emails were all passed by the incumbent email security system or cloud security service in use by the particular organization. The Mimecast security inspections occurred passively after the incumbent email security system executed all of its security filters. Overall the Mimecast security service determined that nearly 9 million of the more than 40 million emails, or 22.3%, were in fact bad or likely bad. In other words, the overall false negative rate in aggregate for the incumbent security systems that were tested was 22.3% of all emails inspected by Mimecast. Not surprisingly, the vast majority, or 99.8%, of the false negatives that were passed by the incumbent email security systems and caught by Mimecast were spam email messages. In general, spam email messages are annoying and time wasting, but not lethal. However, as you move down the inspection funnel the lethality of the false negatives increase. 4

The Mimecast Email Security Risk Assessment 8,319 In the next inspection step down 8,319 emails with dangerous file types as attachments were detected by the Mimecast service, and thus missed by the incumbent email security service. Dangerous file types cover approximately 1,900 file types that are rarely sent via email for legitimate purposes. Examples of these dangerous file types are.jsp (Java Server Pages),.exe (executables), and.src (source) files. 2,156 1,669 487 1,669 Known Malware Attachments 487 UNKNOWN MALWARE ATTACHMENTS caught by Sandboxing Next, 1,669 emails were determined to contain known malware. Known malware is a general term for malware which has previously been seen in the wild and is usually, for example, known by malware information sharing services such as Virustotal, and are readily detectable by up-to-date signature-based malware detection engines. Missing known malware is a sign of a significant weakness in the malware detection capabilities of the security system. 5

The Mimecast Email Security Risk Assessment 2,156 1,669 487 1,669 Known Malware Attachments 487 UNKNOWN MALWARE ATTACHMENTS caught by Sandboxing Stepping down another level of lethality, in this series of ESRA tests 487 emails which contained unknown malware attachments were detected through the use of file behavior monitoring technology, generally known as sandboxing. Unlike missing the 1,669 emails containing known malware, which can generally be caught in a true belts-and-suspenders approach by commonly deployed endpoint-based anti-virus technologies, missing emails with unknown malware attachments can be very bad. This is because unknown malware will generally not be blocked by commonly used endpoint anti-virus technology. These false negatives will likely result in the attacker gaining or extending his foothold in the organization. 8,605 Now to the final ESRA inspection step, the 8,605 false negative emails which are characterized as impersonation attempts that were missed by the incumbent email security systems. Impersonation emails, as the name implies, are emails which generally carry neither malware nor malicious URLs, and are difficult to detect. Impersonation emails are social engineering heavy emails that attempt to impersonate a trusted party, such as a C-level executive, employee or business partner, with the goal of prompting the recipient to do something they shouldn t. Examples of this are sending wire-transfers, W-2s, or other sensitive and valuable data to the fraudster under the guise of some business process. 6

Benefits of the Mimecast ESRA Program The Mimecast ESRA can help participating organizations better understand the email-borne threats that are getting through their current defenses, giving them a sense as to the number and types of attacks to which they are likely vulnerable. For the security industry in general, the aggregated data that is provided by running a series of ESRA tests across multiple incumbent security technologies provides tangible, quantitative evidence of the strengths and deficiencies of commonly used email security systems. This helps alert organizations to the types of attacks that might be circumventing their existing security defenses. Over time as Mimecast executes more ESRA tests, the security industry will receive more tangible evidence of email threats and the effectiveness of security defenses. This data will be reportable by vertical industry, incumbent email security system, and even by the geographic location of the organizations as more tests are completed. How an ESRA test works The Mimecast Email Security Risk Assessment Figure 2 below shows the basic setup and email for an ESRA test. Figure 2 Architecture and Email Flow of an ESRA Test The organization that is taking part in the ESRA test provides access to inbound emails after they have been inspected and filtered by their incumbent email security system. These emails are not manufactured or specially sent for the test, but are the actual emails being received by the organization during the test period. It doesn t matter whether their current security or email management system is deployed on-premises or in the cloud. The Mimecast service gets a stream of BCC copies of emails that have been delivered to the organization s email management system and thus passed by their incumbent email security system. The Mimecast security service inspects these emails for spam, malware attachments and impersonation attacks that have been missed by the incumbent email security system. The testing period usually runs from 14 to 30 days. At the end of the test period a customized ESRA report is provided back to the organization participating in the test. The data is collected, anonymized and aggregated for use in reports such as that which is represented in Figure 1 and which is discussed in this paper. 7

The Mimecast Email Security Risk Assessment Conclusion While many organizations erroneously think their current email security systems are up to the task of protecting them, in particular from today s more sophisticated, well-resourced and targeted attackers, the Mimecast ESRA takes an important step to proving this to be wrong. Mimecast, as part of our commitment to improving security in general, and email security in particular, commits to continuing our ESRA tests. As we collect more data from more individual tests, we commit to update the security industry on what we are seeing. Ultimately the email security industry needs to be driven by data and not vague claims and generalizations to more effectively protect customers and to improve the security industry s overall performance. Mimecast (NASDAQ:MIME) makes business email and data safer for thousands of customers and millions of employees worldwide. Founded in 2003, the Company's next-generation cloud-based security, archiving and continuity services protect email and deliver comprehensive email risk management.

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback