ed rowley - people make the best exploits: roadmapping your security investment in line with the...

1 © 2016 Proofpoint, Inc.

PEOPLE MAKE THE BEST EXPLOITS:Mapping your security spending in line with the current security landscape

2 © 2016 Proofpoint, Inc.

3 © 2016 Proofpoint, Inc.

The Exploit: Ambassador Harriman

4 © 2016 Proofpoint, Inc.

The Great Seal

5 © 2016 Proofpoint, Inc.

The Thing

6 © 2016 Proofpoint, Inc.

How most organizations think they are attacked

7 © 2016 Proofpoint, Inc.

Network 55%

Endpoint 21%

Email10%

Web 15%

55% on protecting

the network

IT Security Spending in 2015

8 © 2016 Proofpoint, Inc.

How the bad guys actually attack you

9 © 2016 Proofpoint, Inc.

Cyberattacks Target the Human FactorAttacks like ransomware use

social engineering, not vulnerabilities

Credential phishing continues to evolve, scale

BEC/CEO fraudrunning rampant

99.7%Malicious docs

use macros

98%Malware links require user to

install

$2.3B

17,642Organizations victimized in

the US alone

Direct losses since January 2015, up 270% year over year

Source: FBI

10 © 2016 Proofpoint, Inc.

Challenge: Persistent, Customized, Randomized AttacksMassive Infrastructure Large Scale Randomization

Overwhelming ScaleMass Personalization

Attacks launched and optimized daily

Automated, customized simultaneous attacks on thousands of individuals Hundreds of millions of messages per day

Tens of thousands of unique pieces of obfuscated malware

Hundreds of thousands of IPs, thousands of compromised sites

11 © 2016 Proofpoint, Inc.

Mapping to Maturity Model

proofpoint nexus threat graph

Protect and

Detect Attacks

Respond Quickly

www

100101000101

Reduce Attack

Surface

Hunt

Internally

90%+

Hunt

Externally

1-5% 1-5% 5-10%

12 © 2016 Proofpoint, Inc.

Working Across the Ecosystem to Deliver Better Security

IAMEndpoint

SIEM

MobileSocial

Network

Database

Email

proofpoint nexus

13 © 2016 Proofpoint, Inc.

The Power of the Threat Graph

14 © 2016 Proofpoint, Inc.

The Power of the Threat Graph

Start with a URL

15 © 2016 Proofpoint, Inc.

The Power of the Threat Graph

Pivot to Forensics

16 © 2016 Proofpoint, Inc.

The Power of the Threat Graph

Link to Campaign

17 © 2016 Proofpoint, Inc.

The Power of the Threat Graph

Attribute to Actor

18 © 2016 Proofpoint, Inc.

The Power of the Threat Graph

Find Related Posts/Emails

19 © 2016 Proofpoint, Inc.

The Power of the Threat GraphIdentify Compromised

Account Owner

20 © 2016 Proofpoint, Inc.

Threat Discover – see how your users have been targeted

21 © 2016 Proofpoint, Inc.

The Right Approach:1. Stop advanced threats before they get to people

2. Protect the information people create to reduce the attack surface and compliance risk

3. Enable your people to respond quickly when things go wrong

4. Educate Users

To run a report showing how your users have been targeted by malicious email campaigns, please visit the Proofpoint booth or

send an email to info@proofpoint.com or erowley@proofpoint.com