people make the best exploits - cyber security...

Report

Post on 22-Jun-2020

2 Views

Category:

Documents

0 Downloads

Preview:

Click to see full reader

TRANSCRIPT

1 © 2016 Proofpoint, Inc.

PEOPLE MAKE THE BEST EXPLOITSRyan KalemberSVP Cybersecurity Strategy

9 © 2016 Proofpoint, Inc.

Attacks Increasingly Target Individuals, Not Infrastructure

Threats use social engineering, not vulnerabilities

Mobile, social, SaaS threats ramp and evolve

BEC/impostor email fraud becomes

board-level issue

$3.1B

22,143Organizations victimized in the

US alone

Direct losses since January 2015, up 1,300% year over year

Source: FBI

150%Increase in social media phishing

RATs become common in mobile apps

99%+Rely on user to run malicious

code

74%Malicious links are credential

phishing

10 © 2016 Proofpoint, Inc.

Network62%

Endpoint18%

Email8%

Web 12%

Source: Gartner (2017 forecast)

IT Security Industry

90%+of sophisticated attacks

target people, largely via email

Source: Verizon DBIR, Trend Micro, FEYE, etc.

Other

Attack Vectors

But Industry Is Not Aligned with the Threats

11 © 2016 Proofpoint, Inc.

12 © 2016 Proofpoint, Inc.

13 © 2016 Proofpoint, Inc.

14 © 2016 Proofpoint, Inc.

15 © 2016 Proofpoint, Inc.

16 © 2016 Proofpoint, Inc.

17 © 2016 Proofpoint, Inc.

18 © 2016 Proofpoint, Inc.

Effective Security: Be Where the Threat/Data Is

SaaS

$

19 © 2016 Proofpoint, Inc.

Recon Weaponize Deliver Exploit InstallCommand

&Control

Action

Effective Security: Better Protection at Delivery

• Better to stop attack before damage

• Better chance of detection

• Better intel and context for actors, campaigns

• Target already clicked, attacker has foothold

• Detection challenging, especially for malware-free attacks

• Difficult to put attack in context and link to campaign/actor

Recon/gateway effectiveness vs 90%+ of threats Rapid improvement in security posture

20 © 2016 Proofpoint, Inc.

Proofpoint at a Glance

~50%of the

Fortune 100

5000+enterprisecustomers

90%+renewal

rate

1B+messages

processed daily

8straight years of MQ leadership

40M+mobile apps

scanned

300K+daily malware

samples

100+threat ops and research team

strategic ecosystem integrations

~20%revenue invested

in R&D

LEADING CUSTOMERS DEEP SECURITY DNA

500B+ node threat

graph

UNIQUE VISIBILITY ENTERPRISE CLASS

top related

exploits: xss, sqli, buffer overflow these vulnerabilities...
Documents
hands on c and c++: vulnerabilities and exploits - secappdev...
Documents
necessary background on memory exploits and web application...
Documents
a daily grind: filtering java vulnerabilities ·...
Documents
blended attacks exploits, vulnerabilities...
Documents
hands on c and c++: vulnerabilities and exploits -...
Documents
attacks on crown jewels: sap vulnerabilities and exploits
Documents
vulnerabilities, exploits, and the secure design
Documents
effective defence against zero-day exploits using bayesian...
Documents
web application social engineering vulnerabilities
Technology
india's uid project: biometrics vulnerabilities & exploits
Technology
meltdown and spectre - how to detect the vulnerabilities and...
Technology
vulnerability analysis. chapter 8: identifying and analyzing...
Documents
blended attacks exploits, vulnerabilities and...
Documents
threats & vulnerabilities in online social networks ·...
Documents
necessary background on memory exploits and web application...
Documents
{malandroid} the crux of android infections · android -...
Documents
secure programming chapter 1. overview what is the problem...
Documents
india's unique id project: biometrics vulnerabilities &...
Documents
exploiting and protecting vulnerabilities in binary code ·...
Documents