©2017 ValiMail. All Rights Reserved. Confidential and Proprietary. www.valimail.com
The Email Anti-Impersonation Company
Date: May 2nd, 2017
©2017 ValiMail. All Rights Reserved. Confidential and Proprietary. www.valimail.com 3
Email: “I need you, but I don’t trust you”
©2017 ValiMail. All Rights Reserved. Confidential and Proprietary. www.valimail.com
90%+ of cyber attacks start with a phish
4
©2017 ValiMail. All Rights Reserved. Confidential and Proprietary. www.valimail.com
Anyone can send email in your name
Most organizations neither see nor control who sends email on their behalf
Your Company Impersonators
From: YourCompany.com
Authorized Senders
Shadow Email
Employees, Customers, Partners
3rd-Party Senders (10,000++)
Phish
5
©2017 ValiMail. All Rights Reserved. Confidential and Proprietary. www.valimail.com
Email Authentication has reached an inflection point
SENDERS
Source: Farsight
Unfortunately, “adoption” does not mean “success”
>2.7 billion inboxes covered by DMARC
March 2017 - FTC recommends DMARC
RECEIVERS & SEGs
(Note: Google reports over 500K
domains with DMARC)
6
©2017 ValiMail. All Rights Reserved. Confidential and Proprietary. www.valimail.com
~70% of DMARC implementations fail, for any company size
Company Size
Source: ValiMail
Failure = no enforcement/unprotected
Attempted Authentication Failure Rate
NASDAQ 100
FTSE 100
S&P 500
Fortune 1000
Alexa 10,000
Alexa 100,000
Alexa 1 million
43.0%
25.0%
23.8%
16.2%
14.2%
5.9%
2.3%
72.1%
80.0%
74.4%
76.5%
62.3%
71.1%
74.6%
7
©2017 ValiMail. All Rights Reserved. Confidential and Proprietary. www.valimail.com 8
Even the big email security players get it wrong
©2017 ValiMail. All Rights Reserved. Confidential and Proprietary. www.valimail.com
Email Authentication at CSO50
20% have tried, with a 75% failure rate
9
Industry Sample Size Attempted SuccessfulEnforcement
Of Attempted, success rate
All 250 48 (19%) 12 (5%) 25%
Finance 39 13 (33%) 5 (13%) 39%
Media/Tech 69 19 (28%) 4 (6%) 21%
Retail/Industrial 49 7 (14%) 2 (4%) 29%
Gov’t/Edu 47 5 (11%) 0 (0%) 0%
Healthcare 46 4 (8%) 1 (2%) 25%
Source: ValiMail
©2017 ValiMail. All Rights Reserved. Confidential and Proprietary. www.valimail.com
What keeps companies from enforcing authentication?
IT’S HARD TO GET RIGHT MISTAKES ARE VERY COSTLY
Auto-identifying & configuring sending services is hard
Dozens-hundreds of DNS changes – manual, slow, painful and dangerous
Standards are brittle, restrictive & unforgiving
Ongoing changes to cloud services require active monitoring & updates
Legitimate email from your domain is quarantined or blocked
X
10
✓
©2017 ValiMail. All Rights Reserved. Confidential and Proprietary. www.valimail.com
Industry evolution
<30% after 12 months
DIY
REPORTS & RECOMMENDATIONS
APPROACH
WHAT YOU PAY
WHAT YOU DO
ENFORCEMENT (SUCCESS) RATE
Get to enforcement fast, and stay there
CONSULTANTS
<40% after 9 months
Email Authentication as a Service (EAaaS)
$$
FULLY AUTOMATED, CLOUD-BASED SERVICE
MORE REPORTS & CONSULTING
CLICK
>90% after 3 months
WHAT YOU GET
11
IDENTIFY SENDERS, RECONFIGURE DNSSKIRT LIMITATIONS
IDENTIFY SENDERS, RECONFIGURE DNSSKIRT LIMITATIONS
$$$ + $$$ + $$
Manual effort becomes automated over time
©2017 ValiMail. All Rights Reserved. Confidential and Proprietary. www.valimail.com
ValiMail invented Email Authentication as a Service™
Email Anti-Impersonation: Customers include:
• Completely stops impersonation
attacks (#1 phishing attack vector)
• Fully automated cloud solution
with 1-click control
• Complete visibility & control over
shadow email services
• Mission-critical infrastructure vs
consulting services
12
©2017 ValiMail. All Rights Reserved. Confidential and Proprietary. www.valimail.com
A services-driven approach and automated cloud infrastructure are game-changers
1. Identify all email services
2. Find SPF & DKIM configurations
3. Log into DNS console
4. Update DNS TXT records
5. ERROR! SPF over 10 lookup limit
6. Wait 24 hours: what’s broken?
7. Fix newly identified services
8. Monitor, Repeat ValiMail goes beyond configuration with a service that “Just Works"
Existing Process
• Identifies shadow email services
• Enables or blocks senders with one click
• Eliminates need to reconfigure or touch DNS
• Fixes standards limitations
13
©2017 ValiMail. All Rights Reserved. Confidential and Proprietary. www.valimail.com
Customers and partners are seeing great results
“Visibility and control while detecting and blocking phishing attacks –incredible!”
Chris CravensHead of Technology Services
“Allowed me to see and manage my email services, while preventing phishing attacks.”
Steve FridakisCISO
“Quickly & efficiently provided us with visibility and control of our email services.”
Chris PorterCISO
“Officially coolest thing since sliced bread.”
Nomi ConwayProduct Manager, Risk & Security
“Setup, configuration, and on-going maintenance of SPF, DKIM, and DMARC records can be so challenging,…ValiMail addresses the limitations of these standards through unique technology…all from an intuitive interface.”
Microsoft Field Note to Global Sales
14
©2017 ValiMail. All Rights Reserved. Confidential and Proprietary. www.valimail.com
Our CISOs see value across the enterprise
15
©2017 ValiMail. All Rights Reserved. Confidential and Proprietary. www.valimail.com
Demand more than “reports & configs”
ValiMail EAaaSCloud
A dynamic, 24x7x365, services-driven authentication infrastructure
Email Sender Database(>10K services)
Purpose-BuiltDNS Cloud (>10M queries/day)
Services Management Portal(One click)
Real-time map of email sending services & configuration requirements
Hosts & serves only the DMARC/DKIM/SPF portion of your DNS
Dynamically generates perfect SPF records for every request
Instantly updates enforcement for services sending in your name (without touching DNS)
16
DMARC
SPF DKIM
©2017 ValiMail. All Rights Reserved. Confidential and Proprietary. www.valimail.com 17
Are you being phished right now?
Complementary visibility report • Find out who’s sending email on your behalf – (legitimate and malicious)
• Who’s impersonating you?
• What shadow email services are sending as you?
• No cost, no risk, no change to email flow, no exposure of PII
Protect your employees, customers, partners, prospects, and brand
Check your domain at: www.valimail.com
Top Related