The impact of email-borne threats Why companies should recognise and embrace the need for change.

Slides:



Advertisements
Similar presentations
HQ in Israel Threat research, security operations center 24/7. In-depth understanding and insight into how cyber crime works. Over 10 million online identities.
Advertisements

THE BUSINESS NEED Create affordable alternative/ provide enterprise power/capability for any-sized company Reduce resource-draining burden of meeting.
Mobility in Government Consolidation & Wrap-up Lee Naik3 Oct 2013.
Technology Applications in the Age of Integrity Integrity Forum 2006 Tony Murphy Vice President, Worldwide Sales ACL Services Ltd.
Fraud, Scams and ID Theft …oh my! Deb Ramsay ESD 101 Chief Information Officer Technology Division.
Information Security Confidential Two-Factor Authentication Solution Overview Shawn Fulton January 15th, 2015.
©2014 Bit9. All Rights Reserved Building a Continuous Response Architecture.
Internet Phishing Not the kind of Fishing you are used to.
Using “Account-free” Services to Combat Phishing, Brand Infringement, and Other Online Threats Qi-fense LLC © 2009 Sebastian Holst
Copyright 2011 Trend Micro Inc. Trend Micro Web Security- Overview.
2006/12/191 Using E-CRM for a unified view of the customer COMMUNICATIONS OF THE ACM, April 2003, Vol.46 No.4 Shan L. Pan & Jae-Nam Lee Reporter: Shing-Jiun.
(Geneva, Switzerland, September 2014)
Protecting Against Online Fraud F5 SIT Forum
Visit for Marketing and Deliverability Tips, Tools, & Trainingwww. Delivered.com IP REPUTATION & DOMAIN REPUTATION HOW.
Norman SecureTide Powerful cloud solution to stop spam and threats before it reaches your network.
1 Challenges For A Credit Bureau In Emerging Markets.
How Companies Fight Spamming by Sonya Tormaschy & Marc Eggert E-Commerce: Tuesday & Thursdays; 1:30 – 2:45.
INTRODUCTION Coined in 1996 by computer hackers. Hackers use to fish the internet hoping to hook users into supplying them the logins, passwords.
Grenada Hotel & Tourism Association. Leveraging the Power of the inbox – Marketing 101 Clevon J. Noel IT Officer Grenada Hotel & Tourism Association.
Did You Hear That Alarm? The impacts of hitting the information security snooze button.
Safe Internet Use Mark Wheatley CSI Onsite
COPYRIGHT © 2007, PATRIOT TECHNOLOGIES, INC. THIRD PARTY BRANDS & NAMES ARE THE PROPERTY OF THEIR RESPECTIVE OWNERS Maryland Digital Government Summit.
1 Panda Malware Radar Discovering hidden threats Channel Presentation Name Date.
Dell Connected Security Solutions Simplify & unify.
V 1.0 May 16,2011 Audience: Staff Outlook Agent For the latest version of this document please go to:
Symantec Targeted Attack Protection 1 Stopping Tomorrow’s Targeted Attacks Today iPuzzlebiz
Web Spoofing Steve Newell Mike Falcon Computer Security CIS 4360.
1 Commonwealth Security Information Resource Center Michael Watson Security Incident Management Director 10/17/2008
Whitelist Management. The ExchangeDefender Admin Site is a powerful tool that gives you access to all of the benefits ExchangeDefender has to offer, from.
The evolution of eCrime and the remote banking channels Presentation to the RHUL MSc Information Security Summer School 9 September 2013 Dom Lucas.
Understanding the Evolving Secondary Gift Card Market.
© 2009 WatchGuard Technologies WatchGuard ReputationAuthority Rejecting Unwanted & Web Traffic at the Perimeter.
C MU U sable P rivacy and S ecurity Laboratory Protecting People from Phishing: The Design and Evaluation of an Embedded Training.
Web SecurityIdentity Verification Services Signing Services Enterprise Security © 2007 GeoTrust, Inc. All rights reserved. How SSL is Changing to Increase.
Chapter 6: Securing the Local Area Network
Marin Frankovic Datacenter TSP
Strong Security for Your Weak Link: Implementing People-Centric Security Jennifer Cheng, Director of Product Marketing.
Cybersecurity Test Review Introduction to Digital Technology.
NADAV PELEG HEAD OF MOBILE SECURITY The Mobile Threat: Consumer Devices Business Risks David Parkinson MOBILE SECURITY SPECIALIST, NER.
©2015 Check Point Software Technologies Ltd. 1 [Restricted] ONLY for designated groups and individuals CHECK POINT MOBILE THREAT PREVENTION.
By. Andrew Largent COSC-480. Upstream Intelligence (UI) is data about IP’s, domains and Autonomous System Numbers (ASN) acting or representing the presence.
© Copyright 2015 EMC Corporation. All rights reserved. 1 RSA FRAUDACTION DANIEL COHEN * FRAUDACTION ANTI-FRAUD SERVICES.
Why SIEM – Why Security Intelligence??
CLOSE THE SECURITY GAP WITH IT SOLUTIONS FROM COMPUTACENTER AND CISCO AUGUST 2014.
Web security | data security | security © 2010 Websense, Inc. All rights reserved. Strategy for Defense Against Web-based Advanced Persistent Threats.
2014 From Phish to Phraud Kat Seymour October 10, 2014 #GHC
No boundaries with Unified Web Security Solutions Steven Vlastra Sr. Systems Engineer - Benelux.
KASPERSKY INTERNET SECURITY FOR ANDROID. YOUR MOBILE DEVICES NEED PROTECTION More online communications and transaction are happening on tablets and phones.
Tripwire Threat Intelligence Integrations. 2 Threat Landscape by the Numbers Over 390K malicious programs are found every day AV-Test.org On day 0, only.
Leverage the Cloud to Minimize the Impact of Ransomware
A Virtual Tour of SophosLabs Building next-generation protection
Office 365 Security Assessment Workshop
A Board-Level Business Risk
Comprehensive Security and Compliance at an Affordable Price.
Introduction to a Security Intelligence Maturity Model
© 2016 Global Market Insights, Inc. USA. All Rights Reserved Behavior Analytics Market to surpass $3.5bn by 2024: Global Market Insights,
Jon Peppler, Menlo Security Channels
Reducing Cyber Security Risks in the UK Public Sector
Strong Security for Your Weak Link:
What is it? Why do I keep getting from Barracuda? SPAM.
Use of Biometric Technology in Payments to avoid Frauds
( Compromise).
Security Hardening through Awareness August 2018
The MobileIron® Threat Detection difference:
Managing IT Risk in a digital Transformation AGE
How We Fight Against Scam
Introduction to Symantec Security Service
Cybersecurity Simplified: Phishing
CyberSecurity Strategy For Defendable ROI
Presentation transcript:

The impact of -borne threats Why companies should recognise and embrace the need for change.

Phishing Attacks per Year Source: RSA (2014)

Phishing Campaigns per Year Source: APWG (2013)

Reality Check Source: APWG (2013) Change in measurement methodology 300% increase

Phishing sites reported to association or vendor Phishing sites reported to other bodies Phishing sites not reportedPhishing s sentOther -borne threats The Thin End of the Wedge

Why is Accurate Measurement Important? “To measure is to know… If you cannot measure it, you cannot improve it.” Lord Kelvin

New measurement Upstream ISPs Getting Upstream for Accurate Measurement Current measurementDownstream vendors Data filters Fuller picture

Upstream insights

Full Spectrum of Threats Active ing Domains Non-Sending Domains Defensively Registered Domains

Full Spectrum of Threats Unaffiliated Domain Threats Direct Domain Threats Look-a-like Domains Subdomains of Another Domain Different Brands’ Domains Unaffiliated Domains Generic Domains Active ing Domains Non-Sending Domains Defensively Registered Domains

3D Vision 3 dimensions of threats: Nature of threat Size of attack Efficacy Combinations determine impact All data points available upstream Nature of threat Size of attack Efficacy

1 st Dimension: Nature of Threat Phishing (Direct Domain Threat) 419 (Unaffiliated Domain Threat)

1 st Dimension: Nature of Threat Malware (Direct or Unaffiliated Domain Threat?) Malware (Direct Domain Threat)

1 st Dimension: Nature of Threat Credit score spam (Direct Domain Threat) Pharma spam (Unaffiliated Domain Threat)

Different scams will concern different departments Prioritise based on impact to organisation Different threats have different remedies 1 st Dimension: Why Differentiate?

2 nd Dimension: Attack Size Getting upstream enables us to see how many s were sent in a given attack

Quantify risks Prioritise risks Justify the right investments Measure ROI 2 nd Dimension: Why Measure Attack Size?

3 rd Dimension: Efficacy Users decide what is good and what is bad, but don’t always get it right… ISPs decide what is good and what is bad, but don’t always get it right… Phishing Legitimate Phishing

3 rd Dimension: Efficacy Lots of inbox noise on a daily basis What happens today will affect what happens tomorrow

Quantify impact Prioritise risks Justify the right investments Measure ROI 3 rd Dimension: Why Measure Efficacy?

The Benefits of 3D Vision Upstream data enables accurate risk assessment Downstream metrics are inadequate: No visibility into size of attack No visibility into efficacy Upstream data enables us to see true impact Nature of threat Size of attack Efficacy

Fraud losses Call centre support Remediation: Site shutdown Reset accounts Credential recovery Investigation & reporting Malware  secondary losses Negative publicity Impact of Attack: Security Perspective

Impact of Attack: Reduced ROI of Program Attack start Attack end 90% average 58% low 32% drop

The pay-off

Addressing -borne threats

Traditional Approach to Phishing Prevention Impact Time Phishing Campaign Deployed Phish Site Takedown Phish Site

Phishing Prevention With Return Path Impact Time Phishing Campaign Deployed Phish Site Detected Phish Site Advanced Detection: Provides enhanced visibility into emerging threats. Proactive Blocking: Drives down the negative impact of phishing. Data Integration: Real-time URI data feeds facilitate faster takedown of malicious sites.

What can you do …

Build partnership plan between Security and Marketing Gain visibility into full spectrum of threats Leverage latest technologies to: Develop a holistic view of detection Proactively block fraudulent messages Increase the ROI on existing solutions 3-Step Plan to Effectively Manage Risk

Conclusions …

Old metrics are inadequate and incomplete New technologies offer “3D vision” It is not just a security concern … it must be enterprise-wide New technologies: Reduce fraud Improve performance of programs Conclusions

Ken Takahashi General Manager, Anti-Phishing Solutions Return Path Thank you

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.