Vade Secure Meet & Greet
____________________
Product Manager
____________________
VP Sales EMEA
____________________
Chief Solution Architect
____________________
CTO
Giacom Welcome
Vade Secure Overview
Coffee Break
Vade Secure Demo
Networking and Lunch
Meet & Greet Account Manager
Giacom Close
Reselling Native Office 365 Email Security
Adrien Gendre, Chief Solution Architect, Vade Secure
©2018 – Vade Secure
Vade Secure is a global leader in predictive email defense
Predictive Email Defense
600 millionmailboxes protected
End Customers Telcos
* One Commercial Partner (OCP) Program
MSP
10 Billion DatasetA day
©2018 – Vade Secure
AI-based threat detection solutions for email
Predictive Email Defense
Core Filter
EngineHeuristics for behavioral analysis
AI / Machine learning models fed by data
from 600M mailboxes
Real-time URL exploration
In-message spear phishing banners
Real-time attachment code interpreter
Native, API-based
add-on for Office 365
©2018 – Vade Secure
Can you identify the real Office 365 login page?
©2018 – Vade Secure
Can you identify the real Office 365 login page? (2019 edition)
©2018 – Vade Secure
Hacker techniques
©2017 – Vade Secure
Content randomization
“The path of the righteous man is beset on all sides by the Inequities of the selfish and the tyranny of evil men blessed is he who, in the name of charity and good will shepherds the weak through the valley of
darkness for he is truly his brother's keeper and the finder of lost children and I will strike down upon thee with great vengeance and furious anger those who attempt to poison and destroy my brothers and you will know
my name is the Lord when I lay my vengeance upon thee”
©2017 – Vade Secure
Content randomization
Make each email unique by changing content, not behavior
• Insert random or invisible text
• Encode random characters
• Random values for HTML attributes (IDs, Class, etc.)
• Insert whitespaces
• Use similar colors
©2018 – Vade Secure
Content randomization
<a onmouseDown="alert('Try it a couple of times')"><font color="#2188D7">
Similar colors, but different color codes:
<a onmouseDown="alert('Try it a couple of times')"><font color=“#1F88D8">
©2018 – Vade Secure
Dynamic URL redirection
1. Clean Shortners: bit.ly/mylink1234 > https://login.microsoft.com
2. Malicious Shortners:
https://hackedlegitimate.com.au/ch/share/verificationAttempt.ph
p?sf58gfd1s689sxd2sdf8angf264s...
©2018 – Vade Secure
Abuse of redirection mechanisms / subdomains
http://wmxemail.walmart.com/track?type=click&mailingid=94z_6-0-0-0-optcr_201707007&userid=-
0225249577&extra=&&&http://ec2-54-212-231-1.us-west-
2.compute.amazonaws.com/?NzM1NTk4NzM9NjcwNSY0OTQyNjc9MjUmMzQ9Y2xpY2smMWo3emYzPTEmbGlkPTI1MjQ=
https://ddeabt.weebly.com/
https://u2inbox.weebly.com/
…
Redirection abuse (Walmart example):
Abuse of free hosting websites:
©2018 – Vade Secure
Cousin domain spoofing
SPF, DKIM and DMARC have made it difficult to spoof a known domain:
But they don’t prevent hackers from sending emails from cousin domains:
Your domain: mycompany.com
Cousin domains: my-company.co, mycompanyglobal.com, mycornpany.com, etc.
©2018 – Vade Secure
User alias spoofing
Mobile email clients display only the user alias, not the email address
iPhone Outlook
©2018 – Vade Secure
Spear phishing attacks are evolving
• Legitimate compromised account > cousin domain > exact domain
• No request in the first email
• Evolving CTAs: wire transfer, ransom, gift cards
• Past data breaches used to personalized spear phishing
©2018 – Vade Secure
Hackers’s business opportunity becomes the MSP’s business opportunity
©2018 – Vade Secure
Office 365 is the #1 target of phishing
Predictive Email Defense
Source: Vade Secure, ”Phishers’ Favorites”
• 4 new malware samples are created everysecond.
• Phishing remains one of the most successfulattack vectors due to its speed, as most phishingsites stay online for just 4 to 5 hours.
• Users only report 17% of phishing attacks, and itis seen as a low-risk type of activity.
• As a result, today only 65% of all URLs are considered trustworthy.
©2018 – Vade Secure
Why Office 365 is so lucrative to cybercriminals
One target: 155 million corporate users
Single entry point: to the entire suite
Legitimate accounts: harder to detect
©2019 – Vade Secure
The rise of multi-phased attacks
Step #1:
Phishing
Step #2: Insider attack
Company B
Goal:
Credentials
Colleague
Business
partner
Target(s)
Goal: $$$
(wire transfer, ransom, gift cards)
Step #3: Spear phishing
Company A perimeter
©2018 – Vade Secure
The current state of the email security market
©2018 – Vade Secure
EOP blocks known threats using traditional techniques
Predictive Email Defense
Known spam
Known malware
Known phishing
Office 365
Infrastructure
EOP
Spear phishing(exact domain)
©2018 – Vade Secure
Additional protection is needed for unknown threats
Office 365
Infrastructure
EOPEOP
Dynamic phishing
Polymorphic malware
Graymail, unknown SPAMKnown spam
Known malware
Known phishing
Advanced spear phishingSpear phishing
(exact domain)
©2018 – Vade Secure
But email gateways aren’t sufficient for cloud environments
Predictive Email Defense
Secure
email gateway
EOP
Disables EOP
Office 365
infrastructure
Complex to configure
(MX record)MX
Complexity for End Users
(separate quarantine)
Does not filter
internal email flow
MX bypass trick for Office 365
©2018 – Vade Secure
We need a solution that...
Predictive Email Defense
Cloud security
email gateway
EOP
Office 365
infrastructure
MXNeeds 0 redirection MX
Layers with EOP for
additional security
EOP
Native Office 365 interface
(No separate quarantine)Filters internal
email flow
©2018 – Vade Secure
Needs 0 redirection MX
This is Vade Secure for Office 365Native API-based add-on provides simplicity for partners and their clients
Predictive Email Defense
Office 365
infrastructure
Activates as an API
in a few clicks
Layers with EOP for
additional security
EOP
Native Office 365 interface
(Requires no quarantine)
Filters internal
email flow
©2018 – Vade Secure
360° protection against all email threats
©2019 – Vade Secure
Comprehensive approach: protection before, during and after the attack
Decimate
Remediate
AnticipatePredictive approach to unknown threats Real-time response to new attacks
Post-delivery mitigation using humans and AI
©2018 – Vade Secure
Provisioning clients is as easy as 1-2-3
Predictive Email Defense
1 2 3
Create an Account in the Giacom
CloudMarket
Activate journaling in Office 365
Log in to Vade Secure with O365 admin
credentials
Questions?
©2018 – Vade Secure
Demo Time
©2018 – Vade Secure
Layering Vade Secure for Office 365 on top of EOP delivers significant incremental protection
Predictive Email Defense
• Mail flow for a sample of 33 Vade Secure for Office 365 production instances
• Representing roughly 5,000 mailboxes• Timeframe: September 2018
Context:
• 39% improvement in phishing detection: 249 of the 643 phishing emails detected by Vade were marked clean by EOP
• 56% improvement in malware detection: 46 of the 82 malwares detected by Vade were marked clean by EOP
Results:
Phishing Detection against EOP
39%
Improvement
Malware Detection against EOP
56%
Improvement
©2018 – Vade Secure
MSP sees enhanced threat detection with Vade Secure compared to Microsoft ATP
Predictive Email Defense
• UK-based MSP with 47 employees• Using Office 365 with EOP and ATP• 1-month PoC for Vade Secure for Office 365
Context:
• 17% improvement in phishing detection: 43 of the 254 phishing emails detected by Vade were marked clean by ATP
• 30% improvement in malware detection: Vade identified additional 14 malwares on top of the 46 identified by ATP
Results:
Phishing Detection against ATP
17%
Improvement
Malware Detection against ATP
30%
Improvement
©2018 – Vade Secure
A fast, easy way to run POCs and generate business
Activate instantly
Run a risk-free PoC in
transparent mode
Offer your clients the
best protection on
the market
Vade Secure activates in a
few clicks.
No MX record change.
Nothing to install.
Vade Secure analyzes
emails, but doesn’t touch
them. Evaluate the efficacy
of the filter on your internal
email or a test account.
Resell Vade Secure’s best-
in-class predictive email
defense as an additional
security layer for Office 365
clients.
©2018 – Vade Secure
Why Partner with Vade Secure
Predictive Email Defense
Aligned with Microsoft cloud strategy Easy activation & management
Minimal upfront investmentHigh retention (99%) =
long-term growth
©2018 – Vade Secure
#5. Why Vade Secure for Office 365
Predictive Email Defense
1. No MX change
2. No UX change
3. No external quarantine
4. EoP will work 100% capacity
5. Bad guys will not see who is protecting your organization
6. Protection against insider attacks
From battlecards, microsites and email templates to social media copy blocks, brochures and
business presentations – discover the materials we have available in our Academy.
Tell us what products you need materials for, and send your logo and business contact details to
[email protected] and we will brand the marketing materials free of charge on request.
Visit the cloud.market portal to find out more.
Each new customer added for O365 Email Security will have a Free Period from the point of addition to the next billing date allowing partners to offer a Proof of Concept before committing
Solution can run either in monitoring or protection mode
Monitoring analyses all emails, but takes no action
Switching to Protection only takes one click
POC best practices: 2 days in monitoring, 3 days in protection.
Increase your own security whilst protecting your customers!
Add 150 or more Vade Secure licences between 1st October – 26th December 2019 and
you could qualify for a “Ring” Video Doorbell.
For any additional questions or a personal tailored demo please feel
free to reach out to your Giacom representative.