Date post: | 26-Dec-2015 |
Category: |
Documents |
Upload: | richard-mcdowell |
View: | 212 times |
Download: | 0 times |
Sushant Rao,Senior Product Manager
www.mailfrontier.com
Emerging Threats:Stop Spam, Virus, and Phishing Outbreaks through End-to-End Attack Monitoring
2
Threats Are More Complex & Dangerous
3
Typical Attacks Are Worldwide Events
4
Attack Lifecycle
5
Typical Approaches in Email Security
Sender ReputationMessage Content
Attachment
Real Spam Attack
7
Messages Scored: What’s the Right Number?
Re: Loan info - 15 years 6.0%
Re: Loan info - 15 years 6.0%
You are pre-approved
You are pre-approvedSpam that hit user’s inbox
Legitimate emailcaught by filter
8
Reputation Services
Sender ID Framework Validates sender’s claimed identity
Reputation ServiceEvaluates sender’s reputation
9
Content Evaluation (Bayesian)
10
Community Response
11
Content Analysis 80% effectiveness 0.5% false positive rate
There’s No One Way
Sender’s Identification & Reputation
• 70% effectiveness
• 1.0% false positive rate
Community Response
• 75% effectiveness
• 0.25% false positive rate
12
Chained: High Effectiveness, High False Positive
70% effectiveness
1.0% false positive rate
75% effectiveness
0.25% false positive rate
80% effectiveness0.5% false positive rate
Overall 70% Effectiveness1.0% False Positive Rate
13
Chained: High Effectiveness, High False Positive
70% effectiveness
1.0% false positive rate
75% effectiveness
0.25% false positive rate
80% effectiveness0.5% false positive rate
Overall 94% Effectiveness1.5% False Positive Rate
14
Chained: High Effectiveness, High False Positive
70% effectiveness
1.0% false positive rate
75% effectiveness
0.25% false positive rate
80% effectiveness0.5% false positive rate
Overall 98% Effectiveness1.75% False Positive Rate (1 in 50)
15
Messages Judged: Good, Spam, or Likely Spam
Overall98% Effectiveness0.0% False Positive Rate for Definite
Real Virus Attack
17
18
http://itmanagement.earthweb.com/columns/executive_tech/article.php/3316511
19
Virus Attack Timeline
Time
20
Decisive Anti-Virus Technology
21
Responsive Anti-Virus Technology
22
Predictive Anti-Virus Technology
23
Multiple Technologies Detect & Protect
Conventional Signature Protection SimulationBehavior Monitoring & Pattern Heuristics
MailFrontierTime Zero Virus
Technology
24
Time Zero Virus Technologies
Deceptive File Type Detection
invoice.txt really invoice.exe
Statistical Attachment Analysis
picture.jpg .exe
25
Time Zero Virus Technologies
Deceptive File Type Detection Statistical Attachment Analysis
MIME Exploit Protection Dangerous Attachment Blocking
.exe
.bat
.pif
picture.jpg .exe
resume.bat
File name is picture.jpg File type is .exe
26
Statistical Attachment Analysis
069 139 139 012
.TXT.JPG .DOC .EXE
119 111 114 100
Gateway Server
069 139 139 211
invoice.txt invoice.txt
069 139 139 211
? ?
ORIs it invoice.txt? Is it invoice.exe?
27
Statistical Attachment Analysis
069 139 139 012119 111 114 100
Gateway Server
069 139 139 211
invoice.txt invoice.txt
069 139 139 211
==
invoice.exe
OR
.TXT.JPG .DOC .EXE
Real Phishing Attack
29
Consumer Phish
30
Phishing for Enterprise Information
31
Phishing is Not Spam
What is the Difference between Spam and Fraud?
Spam But Fraud
How does it arrive? Sneaks in the back door. Walks in the front door.
How does it make its offer?
Looks bad, seems far-fetched.
Looks plausible, seems credible.
What is it trying to do? Tries to sell you something.
Tries to steal something from you.
32
A Phishing Attack
Sending Machines Phish Web Sites
66.165.106.111
152.146.187.172
161.58.214.148
195.75.241.4
212.250.162.8
Receivers
61.152.175.161
210.114.175.226
211.23.187.151
Mary
Tomas
Andy
Tonia
George
John
Frank
Tim
Herman
Luann
Ramona
Evan
Jan
Scott
Venkat
CharliePhil
Elisa
Dom
Joe
Lana
June
Chao
Vadim
Oliver
33
Phishing Protection
Other Enterprise Email Threats
35
Zombies – Compromised Internal Nodes
Mail Server
Enterprise Network
Internet
XOnly legitimate emails are sent
Emails from Zombiesare identified and quarantined
36
Directory Harvest Attacks
Enterprise Network
37
Outbound Compliance – Regulatory & Corporate
CONFIDENTIAL
Mail Server
Enterprise Network
Virus
Policy Violation
CONFIDENTIAL
Disguised Text
C*NFIDENTIAL
C*NFIDENTIALOnly legitimate emails are sent
MailFrontier Gateway
39
MailFrontier Cognite: End-To-End Email Attack Monitoring
40
MailFrontier – Security Against All Threats
41
MailFrontier – All Threats, 1 Product
Typical Mail Data Center
Mail Data Center Consolidatedwith MailFrontier Gateway
e.g. Microsoft Exchange
e.g. Microsoft Exchange
42
MailFrontier: Effortless Control
Powerful Reporting Provides Quick
Insight
43
MailFrontier:High Performance
44
1400+ Enterprise Customers • 98% Retention
Healthcare Transportation Nonprofit
RetailEducation Real Estate
Hospitality
Financial Services
Software
Media/Publishing
Pharmaceutical
Telecommunications Manufacturing
Technology
Government
Consumer Goods Financial ServicesRetail
Media/Publishing
Consumer Goods
45
Extraordinary Awards & ReviewsExtraordinary Awards & Reviews
NetworkWorld Top-Rated Enterprise Anti-Spam Software “…MailFrontier’s ASG put up some impressive results in terms of blocking spam and letting legitimate mail pass.” – September 15, 2003
Recommends MailFrontier be included on “Short List” of products evaluated for large-scale, high-performance anti-spam systems – December 20, 2004
Red Herring Top 100 Private Companies/InnovatorsRecognizing the company for its innovation and strategy – May 2004 and December 2004
CRN Recommended“MailFrontier's hands-off approach can help ease the administration burden on IT departments.” – June 7, 2004
InfoWorld Rated Excellent“MailFrontier had the easiest installation…provides lots of control to the admin…[and] provides excellent accuracy.” – September 27, 2004
IT WEEK Editor’s Choice – 5 out of 5 Stars “MailFrontier Gateway Appliance m500 setup was easy…and took less than an hour..lt really blocks all unwanted email.” – June 6, 2005
46
MailFrontier - The Leader in Email Security
Best Protection • Effortless Control • High Performance
Appliances • Software
47
Powerful Protection without Complexity
“MailFrontier offered me a solution that delivered on every front.”
-- Kristi ReeseExchange Administrator