B A-A VV G - M3AAWG · Acceptable Use Policy • Protects both the company and customers from abuse...
Transcript of B A-A VV G - M3AAWG · Acceptable Use Policy • Protects both the company and customers from abuse...
![Page 1: B A-A VV G - M3AAWG · Acceptable Use Policy • Protects both the company and customers from abuse of services – Set clear standards for proper system use – Use language that](https://reader033.fdocuments.us/reader033/viewer/2022051905/5ff722c342f82c4dde11c78f/html5/thumbnails/1.jpg)
Abuse Desk Training
LACNIC 27 | Brazil
B 3A-A VV G MESSAGING MALWARE MOBILE AN T I-A BUSE W OR K I N G GR O UP
![Page 2: B A-A VV G - M3AAWG · Acceptable Use Policy • Protects both the company and customers from abuse of services – Set clear standards for proper system use – Use language that](https://reader033.fdocuments.us/reader033/viewer/2022051905/5ff722c342f82c4dde11c78f/html5/thumbnails/2.jpg)
Our Panel
M3AAWG 38th General Meeting | Paris | October 2016
Presenters:
• Matthew StithAnti-abuse Specialist, RackspaceVice-Chair Board of Directors @m3aawgChair Hosting Committee @m3aawg
• Tobias KnechtCEO, Abusix, Inc. Chair Anti-Abuse Working Group @ RIPEChair Anti-Abuse Desk SiG @ m3aawg
B 3AAWG M ESSAGI N G M A LWARE M OBILE A NT I-A BUSE W ORKING G RO UP
![Page 3: B A-A VV G - M3AAWG · Acceptable Use Policy • Protects both the company and customers from abuse of services – Set clear standards for proper system use – Use language that](https://reader033.fdocuments.us/reader033/viewer/2022051905/5ff722c342f82c4dde11c78f/html5/thumbnails/3.jpg)
AGENDA
• AUP• Making the case for a dedicated abuse desk• Building process• Getting started with abuse handling
B 3AAWG M ESSAGI N G M A LWARE M OBILE A NT I-A BUSE W ORKING G RO UP
![Page 4: B A-A VV G - M3AAWG · Acceptable Use Policy • Protects both the company and customers from abuse of services – Set clear standards for proper system use – Use language that](https://reader033.fdocuments.us/reader033/viewer/2022051905/5ff722c342f82c4dde11c78f/html5/thumbnails/4.jpg)
Acceptable Use Policy
• Protects both the company and customers from abuse of services– Set clear standards for proper system use– Use language that is meant to deter potential customers who
could negatively impact your business
B 3AAWG M ESSAGI N G M A LWARE M OBILE A NT I-A BUSE W ORKING G RO UP
![Page 5: B A-A VV G - M3AAWG · Acceptable Use Policy • Protects both the company and customers from abuse of services – Set clear standards for proper system use – Use language that](https://reader033.fdocuments.us/reader033/viewer/2022051905/5ff722c342f82c4dde11c78f/html5/thumbnails/5.jpg)
Acceptable Use Policy (AUP)
• Make sure that what is being published in your terms is enforceable• Policies that are specific to your network• A global AUP that is bound to all products. Multiple policies tend to
cause confusion and contradictory information.• Do not allow customer modification to the policy in contract
negotiation*
B 3AAWG M ESSAGI N G M A LWARE M OBILE A NT I-A BUSE W ORKING G RO UP
![Page 6: B A-A VV G - M3AAWG · Acceptable Use Policy • Protects both the company and customers from abuse of services – Set clear standards for proper system use – Use language that](https://reader033.fdocuments.us/reader033/viewer/2022051905/5ff722c342f82c4dde11c78f/html5/thumbnails/6.jpg)
AUP: Suggestions and Tips
• You do not have to reinvent the wheel– It is ok to reference and use parts of other companies policies
• Make everything clear to the potential customer and in some cases mention specifics
• Length of document– Doesn’t need to explain everything and some pieces can be
generalized (ie. do not send unsolicited mail)
B 3AAWG M ESSAGI N G M A LWARE M OBILE A NT I-A BUSE W ORKING G RO UP
![Page 7: B A-A VV G - M3AAWG · Acceptable Use Policy • Protects both the company and customers from abuse of services – Set clear standards for proper system use – Use language that](https://reader033.fdocuments.us/reader033/viewer/2022051905/5ff722c342f82c4dde11c78f/html5/thumbnails/7.jpg)
AUP Example
Let’s look at some acceptable use policies
Let’s build an acceptable use policy
B 3AAWG M ESSAGI N G M A LWARE M OBILE A NT I-A BUSE W ORKING G RO UP
![Page 8: B A-A VV G - M3AAWG · Acceptable Use Policy • Protects both the company and customers from abuse of services – Set clear standards for proper system use – Use language that](https://reader033.fdocuments.us/reader033/viewer/2022051905/5ff722c342f82c4dde11c78f/html5/thumbnails/8.jpg)
AUP: Review
• Conduct a yearly review of your policy or when a change to local, state, government laws occurs– Will ensure that you are following best practices and keeping
information up to date– Remove or modify outdated information– New issues that are network specific may require updates
• Sometimes changes need to happen outside of the yearly review
B 3AAWG M ESSAGI N G M A LWARE M OBILE A NT I-A BUSE W ORKING G RO UP
![Page 9: B A-A VV G - M3AAWG · Acceptable Use Policy • Protects both the company and customers from abuse of services – Set clear standards for proper system use – Use language that](https://reader033.fdocuments.us/reader033/viewer/2022051905/5ff722c342f82c4dde11c78f/html5/thumbnails/9.jpg)
Making the case for dedicated abuse resources• Collect relevant data to support the case (Data is King!)
– Number of complaints received– Issues caused by compromise, fraud, phishing, malware– Customer impact from abuse– Support, Operations, Engineering impact without a dedicated
team– Focus on the most urgent issue to your network
B 3AAWG M ESSAGI N G M A LWARE M OBILE A NT I-A BUSE W ORKING G RO UP
![Page 10: B A-A VV G - M3AAWG · Acceptable Use Policy • Protects both the company and customers from abuse of services – Set clear standards for proper system use – Use language that](https://reader033.fdocuments.us/reader033/viewer/2022051905/5ff722c342f82c4dde11c78f/html5/thumbnails/10.jpg)
Making the case
• Industry growth– Developing contacts within the anti-abuse community
• Faster remediation of issues• Visibility into problems occurring on other networks
– Training opportunities• Certifications• How to trainings (like what we are doing now!)
– Positive reputation solidification
B 3AAWG M ESSAGI N G M A LWARE M OBILE A NT I-A BUSE W ORKING G RO UP
![Page 11: B A-A VV G - M3AAWG · Acceptable Use Policy • Protects both the company and customers from abuse of services – Set clear standards for proper system use – Use language that](https://reader033.fdocuments.us/reader033/viewer/2022051905/5ff722c342f82c4dde11c78f/html5/thumbnails/11.jpg)
Making the case
• Setting proper expectations with customers– Singular message from the company
• Preventing Churn (Not a cost center)• Providing training and support to sales, operations, and support
staff– Red flags– Proper routing of issues– Key knowledge of policies
B 3AAWG M ESSAGI N G M A LWARE M OBILE A NT I-A BUSE W ORKING G RO UP
![Page 12: B A-A VV G - M3AAWG · Acceptable Use Policy • Protects both the company and customers from abuse of services – Set clear standards for proper system use – Use language that](https://reader033.fdocuments.us/reader033/viewer/2022051905/5ff722c342f82c4dde11c78f/html5/thumbnails/12.jpg)
Developing processes
• Giving guidelines for enforcement of Acceptable Use Policy• Process should be assigned to tasks that are repeated constantly,
require escalation, or represent critical issues
B 3AAWG M ESSAGI N G M A LWARE M OBILE A NT I-A BUSE W ORKING G RO UP
![Page 13: B A-A VV G - M3AAWG · Acceptable Use Policy • Protects both the company and customers from abuse of services – Set clear standards for proper system use – Use language that](https://reader033.fdocuments.us/reader033/viewer/2022051905/5ff722c342f82c4dde11c78f/html5/thumbnails/13.jpg)
Developing Process: Building a Process
• Focus on simplicity• Should be easily repeatable (prefabricated responses are your
friend)• Have clear direction for the customer and support to take• Set deadlines for remediation• Stay away from threatening language in communication but be firm
(with exceptions)• Do not divulge a process to customer
B 3AAWG M ESSAGI N G M A LWARE M OBILE A NT I-A BUSE W ORKING G RO UP
![Page 14: B A-A VV G - M3AAWG · Acceptable Use Policy • Protects both the company and customers from abuse of services – Set clear standards for proper system use – Use language that](https://reader033.fdocuments.us/reader033/viewer/2022051905/5ff722c342f82c4dde11c78f/html5/thumbnails/14.jpg)
Developing processes
• Dangers of lack of process– Legal issues– Customer impact due to abuse
• Blacklisting• Retaliation• Downtime
– Ineffective communication with customers, other employees, and external parties on abuse related issues
• Misinformation• Unrealistic expectation
– Inability to enforce the Acceptable Use Policy
B 3AAWG M ESSAGI N G M A LWARE M OBILE A NT I-A BUSE W ORKING G RO UP
![Page 15: B A-A VV G - M3AAWG · Acceptable Use Policy • Protects both the company and customers from abuse of services – Set clear standards for proper system use – Use language that](https://reader033.fdocuments.us/reader033/viewer/2022051905/5ff722c342f82c4dde11c78f/html5/thumbnails/15.jpg)
Developing Process: Building Exercise
• Type• Urgency• Expected customer response time frame• Expected resolution time frame• Result of non-compliance• Closing
– A note on mitigation/remediation
B 3AAWG M ESSAGI N G M A LWARE M OBILE A NT I-A BUSE W ORKING G RO UP
![Page 16: B A-A VV G - M3AAWG · Acceptable Use Policy • Protects both the company and customers from abuse of services – Set clear standards for proper system use – Use language that](https://reader033.fdocuments.us/reader033/viewer/2022051905/5ff722c342f82c4dde11c78f/html5/thumbnails/16.jpg)
Process Example: Type
Spam“Spamvertising”Phishing (Inbound/Outbound)Hacked or defaced pagesChild sexual abuse materialMalicious SignupsCopyright/TrademarkDDOS/Outbound malicious trafficRogue DNS……...and the list goes on and on
B 3AAWG M ESSAGI N G M A LWARE M OBILE A NT I-A BUSE W ORKING G RO UP
![Page 17: B A-A VV G - M3AAWG · Acceptable Use Policy • Protects both the company and customers from abuse of services – Set clear standards for proper system use – Use language that](https://reader033.fdocuments.us/reader033/viewer/2022051905/5ff722c342f82c4dde11c78f/html5/thumbnails/17.jpg)
Process Example: Urgency
• Child esploitalion14
• Offcnan-c Of' bannful con1a1t
• Daill theft from the
• Botnct C.&C. • DDoS • Data theft on network • Data theft fnim neN11rk ---------• l\lalwan: drops • Phish data drops • Phish hmting • Dictionary/brutcforcc attacks • Data theft as client
• Spam
• Control panel • SSII forwarding • Spamvcrti.'linR on neN ·ork • Spam, ·crtising support network,
hacking/ cracking • Remote fde inj<.'Ction
• Web defacement • Explo itable sen ices • Pon scanning • C.ommcnt spamming
• CopyrighL~ and trademark issues.
B 3AAWG MESSAGING MALWARE MOBILE ANTI-ABUSE WO RKING GROUP
![Page 18: B A-A VV G - M3AAWG · Acceptable Use Policy • Protects both the company and customers from abuse of services – Set clear standards for proper system use – Use language that](https://reader033.fdocuments.us/reader033/viewer/2022051905/5ff722c342f82c4dde11c78f/html5/thumbnails/18.jpg)
Process Example: The customer
• How long should you give a customer to respond?– What is an acceptable response?
• How long should you give the customer to resolve?• Do you route the customer to another part of the organization?• Suspend at notification
B 3AAWG M ESSAGI N G M A LWARE M OBILE A NT I-A BUSE W ORKING G RO UP
![Page 19: B A-A VV G - M3AAWG · Acceptable Use Policy • Protects both the company and customers from abuse of services – Set clear standards for proper system use – Use language that](https://reader033.fdocuments.us/reader033/viewer/2022051905/5ff722c342f82c4dde11c78f/html5/thumbnails/19.jpg)
Process Example: Non-compliance
• Check any special exceptions and also the type of customer• No response no resolution
– Mitigation– Suspension– Termination
B 3AAWG M ESSAGI N G M A LWARE M OBILE A NT I-A BUSE W ORKING G RO UP
![Page 20: B A-A VV G - M3AAWG · Acceptable Use Policy • Protects both the company and customers from abuse of services – Set clear standards for proper system use – Use language that](https://reader033.fdocuments.us/reader033/viewer/2022051905/5ff722c342f82c4dde11c78f/html5/thumbnails/20.jpg)
Process Example: Closing
• Customer confirms resolution– Ticket update*– Phone call– Chat
• Company confirms resolution• Issue has been tabled and has long resolution (mitigation
B 3AAWG M ESSAGI N G M A LWARE M OBILE A NT I-A BUSE W ORKING G RO UP
![Page 21: B A-A VV G - M3AAWG · Acceptable Use Policy • Protects both the company and customers from abuse of services – Set clear standards for proper system use – Use language that](https://reader033.fdocuments.us/reader033/viewer/2022051905/5ff722c342f82c4dde11c78f/html5/thumbnails/21.jpg)
Remediation vs Mitigation
• Remediation– Completed resolution of the issue
• Mitigation– Temporary resolution of the issue
B 3AAWG M ESSAGI N G M A LWARE M OBILE A NT I-A BUSE W ORKING G RO UP
![Page 22: B A-A VV G - M3AAWG · Acceptable Use Policy • Protects both the company and customers from abuse of services – Set clear standards for proper system use – Use language that](https://reader033.fdocuments.us/reader033/viewer/2022051905/5ff722c342f82c4dde11c78f/html5/thumbnails/22.jpg)
Agenda• State of Anti-Abuse
• X-ARF
• Abuse Reporting BCP
• Abuse Handling Automation BCP
• Abuse Handling – A Perfect World
B 3AAWG M ESSAGI N G M A LWARE M OBILE A NT I-A BUSE W ORKING G RO UP
![Page 23: B A-A VV G - M3AAWG · Acceptable Use Policy • Protects both the company and customers from abuse of services – Set clear standards for proper system use – Use language that](https://reader033.fdocuments.us/reader033/viewer/2022051905/5ff722c342f82c4dde11c78f/html5/thumbnails/23.jpg)
State of Anti-Abuse• State of Anti-Abuse
• X-ARF
• Abuse Reporting BCP
• Abuse Handling Automation BCP
• Abuse Handling – A Perfect World
B 3AAWG M ESSAGI N G M A LWARE M OBILE A NT I-A BUSE W ORKING G RO UP
![Page 24: B A-A VV G - M3AAWG · Acceptable Use Policy • Protects both the company and customers from abuse of services – Set clear standards for proper system use – Use language that](https://reader033.fdocuments.us/reader033/viewer/2022051905/5ff722c342f82c4dde11c78f/html5/thumbnails/24.jpg)
X-ARF• State of Anti-Abuse
• X-ARF
• Abuse Reporting BCP
• Abuse Handling Automation BCP
• Abuse Handling – A Perfect World
B 3AAWG M ESSAGI N G M A LWARE M OBILE A NT I-A BUSE W ORKING G RO UP
![Page 25: B A-A VV G - M3AAWG · Acceptable Use Policy • Protects both the company and customers from abuse of services – Set clear standards for proper system use – Use language that](https://reader033.fdocuments.us/reader033/viewer/2022051905/5ff722c342f82c4dde11c78f/html5/thumbnails/25.jpg)
Abuse Reporting BCP• State of Anti-Abuse
• X-ARF
• Abuse Reporting BCP
• Abuse Handling Automation BCP
• Abuse Handling – A Perfect World
B 3AAWG M ESSAGI N G M A LWARE M OBILE A NT I-A BUSE W ORKING G RO UP
![Page 26: B A-A VV G - M3AAWG · Acceptable Use Policy • Protects both the company and customers from abuse of services – Set clear standards for proper system use – Use language that](https://reader033.fdocuments.us/reader033/viewer/2022051905/5ff722c342f82c4dde11c78f/html5/thumbnails/26.jpg)
Abuse Handling Automation BCP• State of Anti-Abuse
• X-ARF
• Abuse Reporting BCP
• Abuse Handling Automation BCP
• Abuse Handling – A Perfect World
B 3AAWG M ESSAGI N G M A LWARE M OBILE A NT I-A BUSE W ORKING G RO UP
![Page 27: B A-A VV G - M3AAWG · Acceptable Use Policy • Protects both the company and customers from abuse of services – Set clear standards for proper system use – Use language that](https://reader033.fdocuments.us/reader033/viewer/2022051905/5ff722c342f82c4dde11c78f/html5/thumbnails/27.jpg)
Abuse HandlingA Perfect World
B 3AAWG M ESSAGI N G M A LWARE M OBILE A NT I-A BUSE W ORKING G RO UP
![Page 28: B A-A VV G - M3AAWG · Acceptable Use Policy • Protects both the company and customers from abuse of services – Set clear standards for proper system use – Use language that](https://reader033.fdocuments.us/reader033/viewer/2022051905/5ff722c342f82c4dde11c78f/html5/thumbnails/28.jpg)
inbound – protect your usersfrom the internet
outbound – protect the internet from your user
B 3AAWG M ESSAGI N G M A LWARE M OBILE A NT I-A BUSE W ORKING G RO UP
![Page 29: B A-A VV G - M3AAWG · Acceptable Use Policy • Protects both the company and customers from abuse of services – Set clear standards for proper system use – Use language that](https://reader033.fdocuments.us/reader033/viewer/2022051905/5ff722c342f82c4dde11c78f/html5/thumbnails/29.jpg)
industry is focusing on detecting new threats and make them known.
This is where abuse handling starts
new threat incubation time
always> 0 always> 0
f 1j3AAWG M ESSAGING M ALWARE M OBILE ANTI-ABU SE WORKING GROUP
known threat
never 100%
![Page 30: B A-A VV G - M3AAWG · Acceptable Use Policy • Protects both the company and customers from abuse of services – Set clear standards for proper system use – Use language that](https://reader033.fdocuments.us/reader033/viewer/2022051905/5ff722c342f82c4dde11c78f/html5/thumbnails/30.jpg)
number #1 priority:
speedThe faster you react and mitigate/remediate the less
interesting you’ll be for the bad guys.
B 3AAWG M ESSAGI N G M A LWARE M OBILE A NT I-A BUSE W ORKING G RO UP
![Page 31: B A-A VV G - M3AAWG · Acceptable Use Policy • Protects both the company and customers from abuse of services – Set clear standards for proper system use – Use language that](https://reader033.fdocuments.us/reader033/viewer/2022051905/5ff722c342f82c4dde11c78f/html5/thumbnails/31.jpg)
number #2 priority:
sustainabilityThe better you mitigate
the less follow ups you have to handle.
B 3AAWG M ESSAGI N G M A LWARE M OBILE A NT I-A BUSE W ORKING G RO UP
![Page 32: B A-A VV G - M3AAWG · Acceptable Use Policy • Protects both the company and customers from abuse of services – Set clear standards for proper system use – Use language that](https://reader033.fdocuments.us/reader033/viewer/2022051905/5ff722c342f82c4dde11c78f/html5/thumbnails/32.jpg)
number #3 priority:
completenessThe cleaner your environment is,
the less trouble is coming your way.
B 3AAWG M ESSAGI N G M A LWARE M OBILE A NT I-A BUSE W ORKING G RO UP
![Page 33: B A-A VV G - M3AAWG · Acceptable Use Policy • Protects both the company and customers from abuse of services – Set clear standards for proper system use – Use language that](https://reader033.fdocuments.us/reader033/viewer/2022051905/5ff722c342f82c4dde11c78f/html5/thumbnails/33.jpg)
that all sounds goodso how do I start?
B 3AAWG M ESSAGI N G M A LWARE M OBILE A NT I-A BUSE W ORKING G RO UP
![Page 34: B A-A VV G - M3AAWG · Acceptable Use Policy • Protects both the company and customers from abuse of services – Set clear standards for proper system use – Use language that](https://reader033.fdocuments.us/reader033/viewer/2022051905/5ff722c342f82c4dde11c78f/html5/thumbnails/34.jpg)
First a few lessons learned
1. Be pragmatic! It’s not a Science Project.
2. Data is King! 3. Good tooling creates actionable knowledge 4. Know your Challenge!5. Implement and live the process!6. Automate! Automate! Automate!7. Iterate! Grow based on your growing information and knowledge.
8. Pull other departments into your process (fraud/billing/vetting/ …)9. Look over the fence on what the industry does.
10. Provide information and data to other Abuse Desks.
B 3AAWG M ESSAGI N G M A LWARE M OBILE A NT I-A BUSE W ORKING G RO UP
![Page 35: B A-A VV G - M3AAWG · Acceptable Use Policy • Protects both the company and customers from abuse of services – Set clear standards for proper system use – Use language that](https://reader033.fdocuments.us/reader033/viewer/2022051905/5ff722c342f82c4dde11c78f/html5/thumbnails/35.jpg)
How does a process look like?
inbound processing handling remediation/mitigation
It’s not just about reactive vs. proactive.It’s about SPEED!
B 3AAWG MESSAGING MALWARE MOBILE ANTI-ABUSE WO RKING GROUP
![Page 36: B A-A VV G - M3AAWG · Acceptable Use Policy • Protects both the company and customers from abuse of services – Set clear standards for proper system use – Use language that](https://reader033.fdocuments.us/reader033/viewer/2022051905/5ff722c342f82c4dde11c78f/html5/thumbnails/36.jpg)
Variations of Inbound Data
inbound processing handling remediation/mitigation
1. abuse@ Mailbox2. Internal Sources3. Threat Intelligence4. Other external
Sources5. ...
B 3AAWG MESSAGING MALWARE MOBILE ANTI-ABUSE WO RKING GROUP
![Page 37: B A-A VV G - M3AAWG · Acceptable Use Policy • Protects both the company and customers from abuse of services – Set clear standards for proper system use – Use language that](https://reader033.fdocuments.us/reader033/viewer/2022051905/5ff722c342f82c4dde11c78f/html5/thumbnails/37.jpg)
Security Issues Indicators
Spam: largest by volume but not by valueCopyright: instance of well defined unit costPhishing: low volume, high value implications to usersMalware: few indicators visible to ISP, need ext. dataBotnets: silent until attack, next ext. DataVulnerabilities: low but increasing volume, proactiveChild Exploitation: very low volume, but high priorityOffensive Content: very low volume, but high priority (Weapons, Drugs, …)… …… we see around 40 - 45 additional report types
B 3AAWG M ESSAGI N G M A LWARE M OBILE A NT I-A BUSE W ORKING G RO UP
![Page 38: B A-A VV G - M3AAWG · Acceptable Use Policy • Protects both the company and customers from abuse of services – Set clear standards for proper system use – Use language that](https://reader033.fdocuments.us/reader033/viewer/2022051905/5ff722c342f82c4dde11c78f/html5/thumbnails/38.jpg)
Making sense of all the information
Customer/Subscriber allocation leads to aggregation.
Aggregation gives you a complete view on what you need to handle.
You want to move as much “manual handling” into “automated processing”
inbound processing handling remediation/mitigation
B 3AAWG MESSAGING MALWARE MOBILE ANTI-ABUSE WO RKING GROUP
![Page 39: B A-A VV G - M3AAWG · Acceptable Use Policy • Protects both the company and customers from abuse of services – Set clear standards for proper system use – Use language that](https://reader033.fdocuments.us/reader033/viewer/2022051905/5ff722c342f82c4dde11c78f/html5/thumbnails/39.jpg)
Why customer allocation is importantCases By States .t.r Events By States
779,803 22,254,892
j Cases By States
74 917
1 mm 2 c:::::Z:J 3 B 4 +ma+:+ ,rt,
36 774 49,09%
25 911 34,59'1(,
12 231 16,33%
1 ()'I(,
B 3AAWG MESSAGING MALWARE MOBILE ANTI-ABUSE WO RKING GROUP
Events By States
10 166 322
1 ~ 4184681 41 ,1696
2 m 3 231 576 31,79'1(,
3 mmlJ 2 750 06 1 27,05'1(,
4 ii,o+:a-,n, 4 ()'I(,
'\.
![Page 40: B A-A VV G - M3AAWG · Acceptable Use Policy • Protects both the company and customers from abuse of services – Set clear standards for proper system use – Use language that](https://reader033.fdocuments.us/reader033/viewer/2022051905/5ff722c342f82c4dde11c78f/html5/thumbnails/40.jpg)
prioritizing and decision making
Prioritize: ● Amount of Events: 30,000 spamreports vs 5,000 spamreports● Event Types: phishing vs. spam vs. copyright …● ...
You prioritize, based on your environment.You will always have manual reviews to do. But you will minimize them.
inbound processing handling remediation/mitigation
B 3AAWG MESSAGING MALWARE MOBILE ANTI-ABUSE WO RKING GROUP
![Page 41: B A-A VV G - M3AAWG · Acceptable Use Policy • Protects both the company and customers from abuse of services – Set clear standards for proper system use – Use language that](https://reader033.fdocuments.us/reader033/viewer/2022051905/5ff722c342f82c4dde11c78f/html5/thumbnails/41.jpg)
divide and conquerB 3AAWG MESSAGING MALWARE MOBILE ANTI-ABUSE WO RKING GROUP
~ Phishing -56 unresolved Cases
~ Spam
-1,913 unresolved Cases
...
~ Malware QI .c - .!2'1 62 unresolved Cases .c
,..
~ Spamhaus >,,
.t:: .. O unresolved Cases 0 ·;:
A.
~ DMCA V
-552 unresolved Cases ai
~ .2
~ Spamvertized Sites -2 unresolved Cases
~ Default Group
Catches all unmatched Events
![Page 42: B A-A VV G - M3AAWG · Acceptable Use Policy • Protects both the company and customers from abuse of services – Set clear standards for proper system use – Use language that](https://reader033.fdocuments.us/reader033/viewer/2022051905/5ff722c342f82c4dde11c78f/html5/thumbnails/42.jpg)
how to finally solve the issue
Root causes:1. Compromised
Account/Customer/Server2. Fraud - Criminal Activity3. User Behavior4. Vulnerability - Advanced
inbound processing handling remediation/mitigation
Environment:• Business or Private Customer• What product is the customer on?• T&C, Policies that are in place.• ...
B 3AAWG MESSAGING MALWARE MOBILE ANTI-ABUSE WO RKING GROUP
![Page 43: B A-A VV G - M3AAWG · Acceptable Use Policy • Protects both the company and customers from abuse of services – Set clear standards for proper system use – Use language that](https://reader033.fdocuments.us/reader033/viewer/2022051905/5ff722c342f82c4dde11c78f/html5/thumbnails/43.jpg)
flexibility improves the processPlaybook
Name
New Default Playbook (Draft 3)
Description optional
Source Target
lliH•1;1~1~---ill~·ll~i·- :. ll ·li·l~!~I~·-11111~-1-:a·1!111 :. •·l~UH•·• a ·11·1~1r11a-a /
--~:1:M•·• 111~1~i1,:ai1r111 :. 111~1~i1-:ai1!m :.
lll~l~iMail119 -i11:·ll'i!·- :. 111:1;1Ma11!19 •·FU:·!'·• :.
Close
last changed on 2017-05-22 19:57 by superuser
AutoResolve in days
5
Title
Resolved
Restart
Auto Reopen
Resume
Start
Resolve
Set On Hold
+ Add Transition
[ Delete [ [ Save As Copy [ -
B 3AAWG MESSAGING MALWARE MOBILE ANTI-ABUSE WO RKING GROUP
![Page 44: B A-A VV G - M3AAWG · Acceptable Use Policy • Protects both the company and customers from abuse of services – Set clear standards for proper system use – Use language that](https://reader033.fdocuments.us/reader033/viewer/2022051905/5ff722c342f82c4dde11c78f/html5/thumbnails/44.jpg)
What tooling is out there?
B 3AAWG M ESSAGI N G M A LWARE M OBILE A NT I-A BUSE W ORKING G RO UP
![Page 45: B A-A VV G - M3AAWG · Acceptable Use Policy • Protects both the company and customers from abuse of services – Set clear standards for proper system use – Use language that](https://reader033.fdocuments.us/reader033/viewer/2022051905/5ff722c342f82c4dde11c78f/html5/thumbnails/45.jpg)
Ticket systems can work, but are not designed for abuse work.
B 3AAWG M ESSAGI N G M A LWARE M OBILE A NT I-A BUSE W ORKING G RO UP
![Page 46: B A-A VV G - M3AAWG · Acceptable Use Policy • Protects both the company and customers from abuse of services – Set clear standards for proper system use – Use language that](https://reader033.fdocuments.us/reader033/viewer/2022051905/5ff722c342f82c4dde11c78f/html5/thumbnails/46.jpg)
abuse.iovery small volumes
integration/development/maintenance neededno automation at all
offline customer allocation
open-source
B 3AAWG M ESSAGI N G M A LWARE M OBILE A NT I-A BUSE W ORKING G RO UP
![Page 47: B A-A VV G - M3AAWG · Acceptable Use Policy • Protects both the company and customers from abuse of services – Set clear standards for proper system use – Use language that](https://reader033.fdocuments.us/reader033/viewer/2022051905/5ff722c342f82c4dde11c78f/html5/thumbnails/47.jpg)
AbacusSmall to mid size volumes
integration/development/maintenance neededsmall pieces of automation
customer allocation
priced per seat
B 3AAWG M ESSAGI N G M A LWARE M OBILE A NT I-A BUSE W ORKING G RO UP
![Page 48: B A-A VV G - M3AAWG · Acceptable Use Policy • Protects both the company and customers from abuse of services – Set clear standards for proper system use – Use language that](https://reader033.fdocuments.us/reader033/viewer/2022051905/5ff722c342f82c4dde11c78f/html5/thumbnails/48.jpg)
AbuseHQsmall to huge volumes
advanced parsing (~3000 formats)no maintenance or development needed
little integration, depending on level of automationcan be fully automated with case groups and playbooks
priced on features
B 3AAWG M ESSAGI N G M A LWARE M OBILE A NT I-A BUSE W ORKING G RO UP
![Page 49: B A-A VV G - M3AAWG · Acceptable Use Policy • Protects both the company and customers from abuse of services – Set clear standards for proper system use – Use language that](https://reader033.fdocuments.us/reader033/viewer/2022051905/5ff722c342f82c4dde11c78f/html5/thumbnails/49.jpg)
Thank you
• http://m3aawg.org• https://www.m3aawg.org/published-documents• https://www.spamhaus.org/isp/aup_builder/• https://www.m3aawg.org/m3aawg-lacnic-partnership
• [email protected]• [email protected]• [email protected]
B 3AAWG MESSAGING MALWARE MOBILE ANTI-ABUSE WO RKING GROUP