ed rowley - people make the best exploits: roadmapping your security investment in line with the...
TRANSCRIPT
1 © 2016 Proofpoint, Inc.
PEOPLE MAKE THE BEST EXPLOITS:Mapping your security spending in line with the current security landscape
2 © 2016 Proofpoint, Inc.
3 © 2016 Proofpoint, Inc.
The Exploit: Ambassador Harriman
4 © 2016 Proofpoint, Inc.
The Great Seal
5 © 2016 Proofpoint, Inc.
The Thing
6 © 2016 Proofpoint, Inc.
How most organizations think they are attacked
7 © 2016 Proofpoint, Inc.
Network 55%
Endpoint 21%
Email10%
Web 15%
55% on protecting
the network
IT Security Spending in 2015
8 © 2016 Proofpoint, Inc.
How the bad guys actually attack you
9 © 2016 Proofpoint, Inc.
Cyberattacks Target the Human FactorAttacks like ransomware use
social engineering, not vulnerabilities
Credential phishing continues to evolve, scale
BEC/CEO fraudrunning rampant
99.7%Malicious docs
use macros
98%Malware links require user to
install
$2.3B
17,642Organizations victimized in
the US alone
Direct losses since January 2015, up 270% year over year
Source: FBI
10 © 2016 Proofpoint, Inc.
Challenge: Persistent, Customized, Randomized AttacksMassive Infrastructure Large Scale Randomization
Overwhelming ScaleMass Personalization
Attacks launched and optimized daily
Automated, customized simultaneous attacks on thousands of individuals Hundreds of millions of messages per day
Tens of thousands of unique pieces of obfuscated malware
Hundreds of thousands of IPs, thousands of compromised sites
11 © 2016 Proofpoint, Inc.
Mapping to Maturity Model
proofpoint nexus threat graph
Protect and
Detect Attacks
Respond Quickly
www
100101000101
Reduce Attack
Surface
Hunt
Internally
90%+
Hunt
Externally
1-5% 1-5% 5-10%
12 © 2016 Proofpoint, Inc.
Working Across the Ecosystem to Deliver Better Security
IAMEndpoint
SIEM
MobileSocial
Network
Database
proofpoint nexus
13 © 2016 Proofpoint, Inc.
The Power of the Threat Graph
14 © 2016 Proofpoint, Inc.
The Power of the Threat Graph
Start with a URL
15 © 2016 Proofpoint, Inc.
The Power of the Threat Graph
Pivot to Forensics
16 © 2016 Proofpoint, Inc.
The Power of the Threat Graph
Link to Campaign
17 © 2016 Proofpoint, Inc.
The Power of the Threat Graph
Attribute to Actor
18 © 2016 Proofpoint, Inc.
The Power of the Threat Graph
Find Related Posts/Emails
19 © 2016 Proofpoint, Inc.
The Power of the Threat GraphIdentify Compromised
Account Owner
20 © 2016 Proofpoint, Inc.
Threat Discover – see how your users have been targeted
21 © 2016 Proofpoint, Inc.
The Right Approach:1. Stop advanced threats before they get to people
2. Protect the information people create to reduce the attack surface and compliance risk
3. Enable your people to respond quickly when things go wrong
4. Educate Users
To run a report showing how your users have been targeted by malicious email campaigns, please visit the Proofpoint booth or
send an email to [email protected] or [email protected]