secure solutions for advanced email threats · cisco e-mail security webinar 5. & 10. dezember...
TRANSCRIPT
Cisco E-Mail Security Webinar5. & 10. Dezember 2019
Hans Mathys ([email protected])Technical Solutions Architect, Cisco Cybersecurity Switzerland
December 2019
Email Security Appliance (ESA) with Advanced Phishing Protection & Cisco Domain Protection
Secure solutions for advanced email threats
Business Email Compromise (BEC)
Phishing
$5.3 Billion in losses2 $9.1 Billion in 20173 54% of legitimate domains used in phishing
campaigns4
Domain Compromise
Attackers Use Multiple Ways to Get In
Malware
Ransomware detections up 90% in 20171
https://www.cisco.com/c/dam/m/hu_hu/campaigns/security-hub/pdf/acr-2018.pdf
Business Email Compromise, E-mail Account Compromise
https://www.malwarebytes.com/pdf/white-papers/CTNT-Q4-17.pdf https://www.rsa.com/content/dam/en/i
nfographic/2017-global-fraud-forecast.pdf
Cisco E-Mail Security Webinar5. & 10. Dezember 2019
Cisco Email Security Threat Defense
© 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public
Phishing Protection: One size Doesn’t fit all!
DMARC, SPF, DKIM Policy Management
DMARC, SPF, DKIM Enforcement
URL based Phishing Protection
Content Based Phishing Protection
Business Email Compromise
DMARC failure reporting
Global known Phish sender blocks
Compromised user based phishing
Behavioral Analytics
Cisco Domain Protection
Cisco Advanced Phishing Protection
Cisco Email Gateway
Cousin Domain based Phishing Protection
Newly Created Domain Phish blocks
Cisco E-Mail Security Webinar5. & 10. Dezember 2019
Protect against fraudulent senders
Local intelligence
• Learns and authenticates identities and behavioral relationships for enhanced protection
Reduce business email compromise
• Discerns which emails carry targeted phishing attacks and only legitimate emails get delivered
Advanced Phishing Protection
Advanced Phishing Protection
Advanced phishing attacks use identity impersonation
Sources: CSOonline.com, Cybersecurity ventures, Nucleus Research, FBI I3C (Jan ‘15 – Dec ‘16)
2000s 2015
SpamEmail
MalwareSpear
PhishingSocial
Eng AttacksBusiness Email
Compromise
2017
Content Deception Identity Impersonation
Zero DayAttacks
30% open malicious emails13% click on malicious attachments3:45 until first user is compromised
Volume of Threats
$
Cisco E-Mail Security Webinar5. & 10. Dezember 2019
Analyze and manage untrusted, suspicious messages – mapping trust to email
Protect against fraudulent sendersAdvanced Phishing Protection
Protect against fraudulent senders
Review and enforce email traffic
Advanced Phishing Protection
Cisco E-Mail Security Webinar5. & 10. Dezember 2019
The DMARC authentication process
Take control of your outbound communications
Identify Email Domains
Publish DMARC Monitor Policies
Identify Unauthorized Use of Email
Domains
Identify 3rd
Party SendersRemediate
Authentication Anomalies
Implement DMARC Reject
Policy
Monitor for New Threats
and New Senders
Cisco Domain Protection
Cisco Domain ProtectionProtect your brand
Manage, create, and modify DMARC, SPF, DKIM records
Cisco E-Mail Security Webinar5. & 10. Dezember 2019
Protect your brand
Manage, create, and modify DMARC, SPF, DKIM records
Cisco Domain Protection
Protect Your Customers and Partners
Identify 3rd party email senders
100%
100%
SPF Pass
DKIM Pass
100%
0.4%
SPF Pass
DKIM Pass
Volume: 32,078 Volume: 4,047
© 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public
FailPass
6 June 18 June12 June
300
0
150
Authenticate 3rd party email senders
Cisco E-Mail Security Webinar5. & 10. Dezember 2019
Email Security: Inbound and Outbound Protection
Inbound
Cisco Email Security with Advanced
Malware Protectionand
Threat Grid
Outbound
Cisco Advanced Phishing
Protection
Cisco Domain Protection
Cisco Email Security with Data Loss Prevention and
Encryption
© 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public
New Reporting, Tracking and Quarantine UX on ESA
Cisco E-Mail Security Webinar5. & 10. Dezember 2019
© 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public
New Reporting, Tracking and Quarantine UX on ESA
Cloud Email Security (CES)
Tokyo
Melbourne
London NetherlandsKamloops, BC
Santa Clara, CALas Vegas, NV
Toronto, ON
Existing CES Datacenter
EU (Germany)
Cisco E-Mail Security Webinar5. & 10. Dezember 2019
SafePrint – Content Disarm
End User
Effectively Disarm potentially malicious documents delivering a Safe File
Advanced Malware Protection (AMP) architecture
Detect and contain advanced threats quickly
AMP ThreatIntelligence Cloud
Meraki® MX
ISR w/ FirePOWER
Services
Cisco® ASA w/ FirePOWER™
Services
FirePOWERNGIPS Appliance
Threat Grid Malware Analysis Private Cloud
Virtual Appliance
Cloud Email Security and
Email Security Appliance
Endpoints
AnyConnect®Windows OS Android MobileCentOS, Red Hat
and LinuxVirtual MAC OS
CWS and Web Security
ApplianceNetwork
EdgeData
Center
Private
CWS
Remote Endpoints
Deploy easily with multiple platform options
Leverage threat intelligence and dynamic malware analysis
Cisco E-Mail Security Webinar5. & 10. Dezember 2019
AMP Threat Grid Dashboard
Cisco Threat ResponseIntegrating Security for Faster Defense
Key pillar of our integrated architecture
• Automates & Orchestrates across security products
• Focuses on security operations functions – Detection, Investigation, and Remediation
• Included as part of Email license
2000+ customers in NA, EMEA, and APJ
Cisco E-Mail Security Webinar5. & 10. Dezember 2019
Cisco Threat Response
AMPThreat Grid UmbrellaSMA
(Email)Talos
Virus Total
Investigate with automated enrichment2 3 Remediate in AMP & Umbrella
• Have we seen these observables?• Which end-points reached out to the URL?• Which users received emails with these
observables?
SMA
1 From SMA, pivot into CTR
What do you know about these (IP, Hash, URL, etc.) observables?
CES
ESA
www.talosintelligence.com