WEBINAR Security Automation September 21, 2017 SPONSORED BY:

A Board-Level Business Risk $100M $5.3B 2/3 150% Stolen By One Person Spoofing Trusted Business Partners Reported Losses to BEC Email Fraud Across 40,203 Victims Of All Impostor Emails Are Domain-spoofing Attacks YoY Increase Of Consumer Phishing Campaigns (Proofpoint research) (APWG) (United States Department of Justice) (FBI)

BL PA LT FW: Vendor payment, URGENT! Accounting changes, action rq’d Bryan Littlefair <bryan.littlefair@aviva.com> Friday, 30th June 2017 at 4.47 pm Thomas Stoddard BL FW: Vendor payment, URGENT! Thomas, please see below – I authorise this and we need it done by 5.30 today. Call Iain if you need details. Bryan Sent from my iPhone – please excuse brevity   Paul Auville <paul.auville@proofpoint.com> Monday, 19th June 2017 at 09.13 John Parry PA Accounting changes, action rq’d Hi John, We’re making some banking changes ahead of the Hong Kong project completion.Please update the account details for final payments: China Merchants Bank, H. O. Shenzhen (SWIFT CODE: CMBCCNBSXXX) Lufthansa Ticketing <ticketing@lufthansa.de> Monday, 19th June 2017 at 09.13 Bob Fisher LT Confirmation of itinerary, San Jose California 07/09/2017 It’s my pleasure to confirm your ticket purchase for flights to San Jose, California, on the 7th of September 2017. Please find attached full details including your credit card transaction record. Regards, The Lufthansa Team.   Customize this slide to show a logical pairing of individuals from the clients organization – one with authority to request a transfer and the other

State of Average Security Operations Core Processes (41%): Investigation, Escalation, Notification, Reporting Repetitive Processes (52%): Context/Intel Enrichment, Incident Confirmation (41%) Response Actions (11%) Based on a survey done by Ponemon Institute, most security teams spend majority of their times (>50%) in repetitive tasks such as getting contextual information about users, threats and assets. As a result, Proactive Processes (such as hunting) don’t get enough attention. A security automation platform can enable organizations to automate the boring repetitive tasks so that security analysts can focus on Core and Proactive processes. Proactive Processes (5%): Source: Ponemon Institute.

Security incident response is a slow, labor-intensive Addressing email security incidents can take hours or days as manual email clean-up can be a chore. Dealing with delivered email with malware, bad URLs, or credential phishes involves many steps, including: Connecting an email address to an internal identity Searching and finding selected malicious messages on the server Removing a malicious message out of a user’s inbox or other folders Identifying which malicious messages were forwarded and moving those to quarantine

Email Cleaning “Gotchas” Email cleanup for malicious messages is often a manual process that starts with an alert or complaint that a malicious email got through. Is the email only in the inbox or was it moved to another folder? Should you check other folders for copies of the message? Has the message been internally forwarded? If so to whom and how many copies? Is there an audit trail or record of all the actions taken?

Live Demonstration

Have questions? jyun@proofpoint.com