PEOPLE MAKE THE BEST EXPLOITS - Cyber Security...
Transcript of PEOPLE MAKE THE BEST EXPLOITS - Cyber Security...
![Page 1: PEOPLE MAKE THE BEST EXPLOITS - Cyber Security Summitcybersummitusa.com/.../2017/05/proofpointdallas.pdf · social engineering, not vulnerabilities Mobile, social, SaaS threats ramp](https://reader035.fdocuments.us/reader035/viewer/2022062603/5f0ad6037e708231d42d93c9/html5/thumbnails/1.jpg)
1 © 2016 Proofpoint, Inc.
PEOPLE MAKE THE BEST EXPLOITSRyan KalemberSVP Cybersecurity Strategy
![Page 2: PEOPLE MAKE THE BEST EXPLOITS - Cyber Security Summitcybersummitusa.com/.../2017/05/proofpointdallas.pdf · social engineering, not vulnerabilities Mobile, social, SaaS threats ramp](https://reader035.fdocuments.us/reader035/viewer/2022062603/5f0ad6037e708231d42d93c9/html5/thumbnails/2.jpg)
9 © 2016 Proofpoint, Inc.
Attacks Increasingly Target Individuals, Not Infrastructure
Threats use social engineering, not vulnerabilities
Mobile, social, SaaS threats ramp and evolve
BEC/impostor email fraud becomes
board-level issue
$3.1B
22,143Organizations victimized in the
US alone
Direct losses since January 2015, up 1,300% year over year
Source: FBI
150%Increase in social media phishing
RATs become common in mobile apps
99%+Rely on user to run malicious
code
74%Malicious links are credential
phishing
![Page 3: PEOPLE MAKE THE BEST EXPLOITS - Cyber Security Summitcybersummitusa.com/.../2017/05/proofpointdallas.pdf · social engineering, not vulnerabilities Mobile, social, SaaS threats ramp](https://reader035.fdocuments.us/reader035/viewer/2022062603/5f0ad6037e708231d42d93c9/html5/thumbnails/3.jpg)
10 © 2016 Proofpoint, Inc.
Network62%
Endpoint18%
Email8%
Web 12%
Source: Gartner (2017 forecast)
IT Security Industry
90%+of sophisticated attacks
target people, largely via email
Source: Verizon DBIR, Trend Micro, FEYE, etc.
Other
Attack Vectors
But Industry Is Not Aligned with the Threats
![Page 4: PEOPLE MAKE THE BEST EXPLOITS - Cyber Security Summitcybersummitusa.com/.../2017/05/proofpointdallas.pdf · social engineering, not vulnerabilities Mobile, social, SaaS threats ramp](https://reader035.fdocuments.us/reader035/viewer/2022062603/5f0ad6037e708231d42d93c9/html5/thumbnails/4.jpg)
11 © 2016 Proofpoint, Inc.
![Page 5: PEOPLE MAKE THE BEST EXPLOITS - Cyber Security Summitcybersummitusa.com/.../2017/05/proofpointdallas.pdf · social engineering, not vulnerabilities Mobile, social, SaaS threats ramp](https://reader035.fdocuments.us/reader035/viewer/2022062603/5f0ad6037e708231d42d93c9/html5/thumbnails/5.jpg)
12 © 2016 Proofpoint, Inc.
![Page 6: PEOPLE MAKE THE BEST EXPLOITS - Cyber Security Summitcybersummitusa.com/.../2017/05/proofpointdallas.pdf · social engineering, not vulnerabilities Mobile, social, SaaS threats ramp](https://reader035.fdocuments.us/reader035/viewer/2022062603/5f0ad6037e708231d42d93c9/html5/thumbnails/6.jpg)
13 © 2016 Proofpoint, Inc.
![Page 7: PEOPLE MAKE THE BEST EXPLOITS - Cyber Security Summitcybersummitusa.com/.../2017/05/proofpointdallas.pdf · social engineering, not vulnerabilities Mobile, social, SaaS threats ramp](https://reader035.fdocuments.us/reader035/viewer/2022062603/5f0ad6037e708231d42d93c9/html5/thumbnails/7.jpg)
14 © 2016 Proofpoint, Inc.
![Page 8: PEOPLE MAKE THE BEST EXPLOITS - Cyber Security Summitcybersummitusa.com/.../2017/05/proofpointdallas.pdf · social engineering, not vulnerabilities Mobile, social, SaaS threats ramp](https://reader035.fdocuments.us/reader035/viewer/2022062603/5f0ad6037e708231d42d93c9/html5/thumbnails/8.jpg)
15 © 2016 Proofpoint, Inc.
![Page 9: PEOPLE MAKE THE BEST EXPLOITS - Cyber Security Summitcybersummitusa.com/.../2017/05/proofpointdallas.pdf · social engineering, not vulnerabilities Mobile, social, SaaS threats ramp](https://reader035.fdocuments.us/reader035/viewer/2022062603/5f0ad6037e708231d42d93c9/html5/thumbnails/9.jpg)
16 © 2016 Proofpoint, Inc.
![Page 10: PEOPLE MAKE THE BEST EXPLOITS - Cyber Security Summitcybersummitusa.com/.../2017/05/proofpointdallas.pdf · social engineering, not vulnerabilities Mobile, social, SaaS threats ramp](https://reader035.fdocuments.us/reader035/viewer/2022062603/5f0ad6037e708231d42d93c9/html5/thumbnails/10.jpg)
17 © 2016 Proofpoint, Inc.
![Page 11: PEOPLE MAKE THE BEST EXPLOITS - Cyber Security Summitcybersummitusa.com/.../2017/05/proofpointdallas.pdf · social engineering, not vulnerabilities Mobile, social, SaaS threats ramp](https://reader035.fdocuments.us/reader035/viewer/2022062603/5f0ad6037e708231d42d93c9/html5/thumbnails/11.jpg)
18 © 2016 Proofpoint, Inc.
Effective Security: Be Where the Threat/Data Is
SaaS
$
![Page 12: PEOPLE MAKE THE BEST EXPLOITS - Cyber Security Summitcybersummitusa.com/.../2017/05/proofpointdallas.pdf · social engineering, not vulnerabilities Mobile, social, SaaS threats ramp](https://reader035.fdocuments.us/reader035/viewer/2022062603/5f0ad6037e708231d42d93c9/html5/thumbnails/12.jpg)
19 © 2016 Proofpoint, Inc.
Recon Weaponize Deliver Exploit InstallCommand
&Control
Action
Effective Security: Better Protection at Delivery
• Better to stop attack before damage
• Better chance of detection
• Better intel and context for actors, campaigns
• Target already clicked, attacker has foothold
• Detection challenging, especially for malware-free attacks
• Difficult to put attack in context and link to campaign/actor
Recon/gateway effectiveness vs 90%+ of threats Rapid improvement in security posture
![Page 13: PEOPLE MAKE THE BEST EXPLOITS - Cyber Security Summitcybersummitusa.com/.../2017/05/proofpointdallas.pdf · social engineering, not vulnerabilities Mobile, social, SaaS threats ramp](https://reader035.fdocuments.us/reader035/viewer/2022062603/5f0ad6037e708231d42d93c9/html5/thumbnails/13.jpg)
20 © 2016 Proofpoint, Inc.
Proofpoint at a Glance
~50%of the
Fortune 100
5000+enterprisecustomers
90%+renewal
rate
1B+messages
processed daily
8straight years of MQ leadership
40M+mobile apps
scanned
300K+daily malware
samples
100+threat ops and research team
strategic ecosystem integrations
~20%revenue invested
in R&D
LEADING CUSTOMERS DEEP SECURITY DNA
500B+ node threat
graph
UNIQUE VISIBILITY ENTERPRISE CLASS