Spear Phishing: How Ready is your Organization to Fend off Attacks
Proofpoint Inc. is a leading security-as-a-service provider that focuses on cloud-based solutions for threat protection, compliance, archiving & governance and secure communications. Organizations around the world depend on Proofpoint's expertise, patented technologies and on-demand delivery system to protect against phishing, malware and spam, safeguard privacy, encrypt sensitive information, and archive and govern messages and critical enterprise information.
Rake Narang: What is industrial phishing and how is this more of a concern for enterprises? How often does malicious email content bypass traditional security filters?
Kevin Epstein: As malware volumes continue to increase, the threat of email borne attacks is greater than ever. One of the most common, and difficult to detect, email threats comes in the form of phishing and spear-phishing emails.
Phishing attacks leverage two elements to achieve their goals: social engineering and subterfuge. Together these elements work to persuade recipients to click on a URL link embedded in the email masquerading as a legitimate communication from from reputable organizations including businesses, government agencies, business partners, internal IT departments or even company executives. To drive recipients to action, the messages may warn of an account suspension or contain fake bills designed to encourage a user to perform further examination of fraudulent activity.
Historically, phishing attacks targeted end-users in hopes to gaining access to their credentials to financial accounts. However, modern phishing attacks have evolved and now more often target sensitive corporate data.
The largest threat of phishing attacks is the possibility that malware is delivered into the corporate environment. Once inside the network, it becomes signiﬁcantly easier to propagate across the network until access to a desired host is made and corporate and/or sensitive data acquired. The findings of a Proofpoint survey released this morning found that:
· Ten percent of the email messages containing embedded malicious URLs that escaped perimeter detection were clicked on by the receiving employees
· Almost one out of every five clicks (19%) on malicious URLs embedded in email occurred “off network” when employees accessed their email from home, on the road, or via mobile devices where they were outside corporate perimeter protection
About Kevin Epstein
As VP of marketing, Kevin directs Proofpoint’s global product marketing initiatives. He is also a lecturer at Stanford University and author of the popular trade book, Marketing Made Easy. Prior to joining Proofpoint, he was VP marketing at Drobo, served as an executive at CloudShare, was an Executive in Residence (XIR) at Mohr Davidow Ventures and served as VP of marketing and products at Scalent Systems. Prior to that, he founded VMware's outbound marketing organization. Epstein holds several patents, has founding experience at three successful small business ventures, and is committed to innovation and appropriate marketing, serving as an outside adviser to venture backed and individual entrepreneurial start-up companies.
Rake Narang: What are targeted attacks and what motivates such attacks?
Kevin Epstein: Targeted email attacks represent one of the most dangerous IT threats facing enterprises today. Many of the large, widely publicized data breaches in recent years have started with a single, carefully crafted email that tricked a recipient to click a seeming innocent URL link in the email, that subsequently installed malware or user login credentials malware or surrender their login credentials. Because personal data is so readily available online, hackers are able to craft personalized messages that convince many recipients that the attacker’s email is harmless legitimate communication from a trusted source. The more data that cyber criminals have on employees, the more hyper-targeted phishing campaigns can be.
Because of their use of trusted senders and URLs, varied content type, and low numbers relative to total email volume targeted attacks are impossible to detect using conventional reputation, content scanning and sender verification techniques. Based on this success, hackers are motivated to craft specially targeted malicious emails in order to improve their chances of breaching data.
Proofpoint’s Targeted Attack Protection takes an entirely new approach to enterprise security, using big data analytics to identify and apply additional security controls to suspicious messages to prevent employees from being exposed to malicious messages. By detecting malicious email in early stages, Targeted Attack Protection helps enterprise security administrators prevent attacks on their employees, by preparing for and blocking suspicious messages. Proofpoint Targeted Attack Protection complements existing email security technologies to achieve a goal that has eluded the security industry for more than a decade—reliable protection against spear phishing, longlining, and other targeted email attacks.
Rake Narang: How can CSOs keep their networks secured with the security target rapidly changing all the time?
Kevin Epstein: Reducing the effectiveness of malicious attacks means securing any and all employee information so that these tactics can be easily identified and thwarted – and using big data analysis to detect behavior that’s outside the pattern of the norm for any given set of actions or communications. Pattern-matching and signatures fall behind the curve of rapid change; real-time analysis of patterns is by definition always current and aware of anomalies, hence the emerging field of Anomalytics.
Proofpoint believes in taking a proactive approach to preventing email attacks. The company’s Targeted Attack Protection solution is the industry's first comprehensive, cloud-based solution for combatting targeted email attacks. It provides a full lifecycle approach to prepare for and prevent data breaches, including:
Detect: Proofpoint Anomalytics techniques examine hundreds of variables in real time to identify anomalies that indicate a potential, targeted email threat.
Protect: Proofpoint’s URL Clicktime Defense Service ensures that links to suspicious URLs are dynamically rewritten before the email is released to the recipient, and Proofpoint’s cloud evaluates whether URL destinations are safe
Block: Based on analysis from Proofpoint Anomalytics, Proofpoint's Malware Analysis Service applies additional security controls to suspect messages.
Respond: Proofpoint’s Threat Insight Service gives administrators and security professionals a real-time, interactive view of attacks.
Company: Proofpoint 892 Ross Dr., Sunnyvale, CA 94089 U.S.A.
Founded in: 2002 CEO: Gary Steele Public or Private: Public Head Office in Country: Sunnyvale, CA United States Products: Proofpoint is an innovative security-as-a-service vendor that delivers data protection solutions that help medium- and large-sized organizations protect their data from attack and enable them to effectively meet the complex and evolving regulatory compliance and data governance mandates that have been spawned from highly publicized data breaches. Company's Goals: Proofpoint, Inc. helps the largest and most successful companies in the world protect and govern their most sensitive data. Proofpoint solutions help organizations:
Keep malicious content out of their environments
Prevent the theft or inadvertent loss of sensitive information
Collect, securely retain, govern and discover sensitive data for compliance and litigation support
Securely communicate and collaborate on sensitive data with customers, partners and suppliers
JOIN NOW THE CYBER SECURITY WORLDWIDE COMMUNITY ON LINKEDIN