Presentation is loading. Please wait.

Presentation is loading. Please wait.

Info-Tech Research Group1 Select and Implement an Email Security Gateway The emails you want are only the tip of the iceberg compared to what you get.

Published byClifford Miles Modified over 7 years ago

Similar presentations

Presentation on theme: "Info-Tech Research Group1 Select and Implement an Email Security Gateway The emails you want are only the tip of the iceberg compared to what you get."— Presentation transcript:

1 Info-Tech Research Group1 Select and Implement an Email Security Gateway The emails you want are only the tip of the iceberg compared to what you get. Info-Tech's products and services combine actionable insight and relevant advice with ready-to-use tools and templates that cover the full spectrum of IT concerns.© 1997 - 2014 Info-Tech Research Group

2 Info-Tech Research Group2 In today’s high communication, high threat world, securing your email takes the same productivity importance as having lighting and the same security importance as locks on the front door. Introduction and member understanding Information Security Managers concerned with employees receiving malicious emails that will compromise the organization’s security. Network Security Managers concerned with malicious incoming employee emails compromising the organization’s network. Compliance Officers concerned about outbound emails communicating sensitive or regulated information in an unsecure manner. Organizations who have experienced a breach and need to address the holes in their current email security solutions. Organizations with email compliance needs where an ESG is necessary. Identify your current email security state. Understand the costs and options for ESG implementations. Design the correct ESG architecture. Select the most appropriate ESG solution. Deploy your ESG effectively while avoiding common pitfalls. Plan for effective system operations and management. This Research Is Designed For:This Research Will Help You:

3 Info-Tech Research Group3 Executive Summary Understand the product landscape Deploy your ESG Use the Info-Tech Vendor Landscape: Email Security Gateway to review the leaders in the space, and what they can offer in terms of advanced features that matter specifically to your organization.Vendor Landscape: Email Security Gateway Prepare for a comprehensive evaluation of products and vendors with a request for proposal (RFP) template and vendor demo script to ensure the right answers to your questions are obtained. Determine your appropriateness and requirements Ensure sustainable email security Assess your organization’s email related security incidents and email volumes using the ESG Email Event Analysis Tool to identify current security system performance and evaluate email related volumes to generate an email security risk posture.ESG Email Event Analysis Tool Identify the requirements of an ESG based on the offered solutions by using the ESG Requirements Gathering Tool.ESG Requirements Gathering Tool Determine a TCO and ROI using the ESG Financial Calculator to guide vendor selection based on requirements.ESG Financial Calculator Implement an ESG either on-premise or in the cloud. Develop supporting policies, such as an Email Acceptable Use Policy, and a stakeholder communication plan to assist initial deployment of the ESG.Email Acceptable Use Policy Educate your end users on proper email security and develop an email information page to inform end users. Develop standard operating procedures around gateway and email handling to ensure high security value and sustainable benefits and operations from the ESG. Undertake vendor management and related activities to ensure strong relationship with the third party provider. Create and implement a computer incident response team (CIRT) and related incident management plan.

4 Info-Tech Research Group4 Email Security Gateway Section Outline External Deliverables: Section 1: Determine Your Email Security Gateway Appropriateness Email Incident Event Analysis Tool Slide 22 Section 2: Identify your email security gateway requirements ESG Requirements Gathering Tool Slide 28 Section 3: Perform a financial analysis of your ESG deployment options ESG Financial Calculator Tool Slide 36 Section 4: Evaluate your Email Security Gateway deployment options Vendor Landscape: Email Security Gateway Slide 43 Section 5: Deploy your Email Security Gateway Email Acceptable Use Policy Template Slide 59 Section 6: Ensure continued email gateway sustainability ESG Business Case & Operations Plan Slide 73 Appendix Slide 96

5 Info-Tech Research Group5 Email has serious security and productivity issues that stem from its high usage and its function as a major connection point. Do you realize the actual importance of email and its security? Email is one the most widely used business tools across most organizations. Second only to web traffic in volume, email is a primary mode of communication for an organization to the outside world. It is a logical necessity to secure this entry and exit point with consistent and complementary technologies. Flawed email security can heavily reduce productivity and create serious security issues for your organization. The ability to secure your clients and customers is a simple and paramount duty – if you can’t guarantee this security, you need a serious refocus. Email security needs the respect it deserves. Email threats, spam, malware, and phishing don’t get as much media coverage because they are considered background noise. Total IT security spend is estimated to be around 30 billion by 2017, with content security, which includes email security, representing only 8% of that spend. Content security is projected to have the smallest annual growth at 6.7%. In comparison, network security is projected at 7.7% annual growth. - Projections and figures from Canalys 70-75% of inbound email is illegitimate It does not matter industry, size, or any other trait. ESG selection and implementation is relevant to you. Email security is a critical component of your security: Email is a core component of business processes. Although it may not be high on security topical issues today, it must be secured. Compliance issues such as HIPPA and PCI mandates make email security a necessity for many. Increase of targeted attacks and data breaches put more pressure on all organizations. Assume you are a target – size and industry don’t matter anymore. Whether you have valuable information, are connected, or are just an average user, you’re a target. Small guys are not immune because they are interesting and of course their technical defenses are probably much, much lower because they don’t have the resources to invest in some super high end defenses. - Rob Rachwald, FireEye

6 Info-Tech Research Group6 On-premise appliance is declining, although generally still the norm As service (cloud) based options, commonly known as SaaS are being adopted at high rates Virtual appliances are used by those organizations who may be cloud averse Different types of Gateways: Grasp the sheer volume along with the details of email to understand its importance - Figures from The Radicati Group, Inc. Email Statistics Report 2013-2017 Understand how an ESG can improve your email communications and organization’s security: Advanced detection capabilities in response to threat landscape developments. Big data analytics are being used by vendors to crowd source and analyze data to identify zero day threats and targeted attacks. Encryption and DLP features are becoming more robust and common among vendors. Advanced capabilities differentiate vendors: Growth rate of email usage are decreasing due to increase in other communication forms, such as instant messaging, texting, and social networking. Regardless of some decreasing growth trends, email overall usage is still on the rise and is here to stay. With that undisputable truth, you need email communication security: Email Security Gateway (ESG). There are around 183 billion messages per day. This means more than 66 trillion emails are sent per year. Around 90-100 billion emails are business related with 80-83 billion consumer related. Around 65-75% of all emails are spam - reduced from a high of 97% of all emails in 2009 according to Microsoft. In 2011, Asia pacific has the most email – 49%, with Europe second – 22%, North America third – 14%, and the rest of world at 15%. Email communication figures: Email is expected to increase from 3.9 billion accounts in 2013 to 4.9 billion by 2017 – 6% growth year over year. There are 2.97 billion consumer email accounts in 2013, which is expected to grow to 3.782 billion in 2017. In 2013, Some 929 million mailboxes are for business purposes. This is expected to grow at 5% annually to reach 1.1 billion in 2017. Email account figures:

7 Info-Tech Research Group7 The endless adversaries use email to take advantage of your users. Understand who they are and you can begin to understand how to stop them. The adversaries using these email based attacks vary in motivation, techniques used, and impact to your organization Adversaries breaking into networks for self-fulfillment, bragging rights or some financial gain. They often download attack scripts and protocols already created by other hackers. They use sophisticated tools but with simple execution. The large majority of hackers do not pose serious risks to organizations with advanced security. Activism in a digital setting. Anonymous is a highly capable group of hackers who target and compromise government and industry computers. Information stolen from agencies include identities of employees, executives, and business relationship details between companies and government agencies. Hacktivist Groups Generally driven by financial gain. Online fraud and identity theft are carried out using a multitude of spam, phishing, and malware attacks. The Russian Business Network is a criminal syndicate of individuals and companies. This syndicate operates several botnets available, including spamming, phishing, malware distribution. Criminals and Criminal Groups Cyber espionage, sabotage, and general cyber warfare are common among nation states as a natural evolution of covert warfare and intelligence gathering. Example: Unit 61398 of the People’s Liberation Army, or commonly referred to as APT1, is a Shanghai based APT group either backed by or wholly created by the People’s Liberation Army of China. They are a highly developed and well documented threat group who has performed cyber espionage across the world in various industries dating back at least to 2006. Nation States Insiders Bot Network Operators A disgruntled member of an organization is a constant problem nowadays. They may not have expertise in hacking, but they will have organizational system understanding, often allowing access to valuable data. All adversaries can be classified as Hackers This breaks down into groups: Hackers, but with a different purpose. They want to compromise a system and take control to carry out other hacking activities like phishing schemes, spam, or malware attacks. Once control is gained, they can sell this control on the black market.

8 Info-Tech Research Group8 The threat landscape is constantly evolving with new and more advanced threats Security professionals at one time only needed to be worried about spam related issues with emails. The emergence of traditional signature based malware became a widely used tool. Anti-virus and anti-spam became commoditized features. As advanced malware spread and hacking techniques were distributed, email security had to rise. Today, targeted attacks and highly advanced botnets, trojan viruses, and other malware are spread through spear phishing campaigns. Email is, by far, the preferred way in which advanced and targeted attacks are carried out. The rise of more targeted attacks, including both polymorphic and spear phishing, as well as the rise of very dynamic botnets, have significantly increased the size of the threat landscape. The cunning adversary is always tweaking and creating new techniques, often making existing security measures obsolete. In Q3 2013 global spam volume spiked 125%, almost 4 trillion messages, highest since august 2010 - McAfee Lab Threats Report: Third Quarter 2013 In 2012, 77% of security practitioners saw an increase in external threats. 55% of security professionals say securing new technologies is their number one organizational spend, showing the industry trend to adopting more technology solutions 39% say they will continue to spend the same amount. Only 6% say they will spend less. The only constant in security is change. The fact that you are secure one day may not mean anything the next day. The fact of the matter is, that you are under attack. You may not know it, but your systems, network, data, and users are all under threat and risk to be compromised with some malicious intention. These developments are changing security practitioners: 1 in 291 emails contained a virus 1 in 414 emails was a phishing attack 23% of email based malware is a URL 2012 in Figures: - Ernst & young’s Global Information Security Survey 2012

9 Info-Tech Research Group9 Electronic spamming is the largest use of email communication by far and has the potential to be the biggest impairment to employee productivity Spam and bulk style emails make up the largest volume of emails and are the greatest potential harm to productivity Financial Matters Adult Related Advertising Related Snowshoe spamming Where an attacker uses an array of IP addresses in order to spread out the spam load. This makes it difficult for the filters to catch or identify spam. Decrease of 6% from 2011 to 2012 Partly due to botnets being taken down Many spammers are moving to social media as means of communication. Shifting focus to improving quality is bypassing spam filters – more phishing. It is estimated that spammers and spam advertised merchants collect worldwide revenues of $200 million per year. The USA spent between $20-$50 billion annually in costs due to spam protection. This sets the externality ratio to near 100:1 – that is external costs to internal benefits – $100 spend to $1 benefit. For context, the ratio of the cost of car theft to thieves’ earnings is in the range of 7:1 to 30:1. For spam to be profitable, it is estimated that only 1 in 25,000 spam recipients need to make a gray-market purchase. Spam has the potential to be the largest productivity decreasing and economic drain known today. If there were no anti-spam technologies, economic losses are estimated in the trillions. Spam is no longer about selling, but stealing. It lures people into disclosing personal or company information. Spam is used to spread bots in order to capture user information to send back to the command and control server. XXX There are three main types of spam: Financial Dynamics of Spam: Spam levels have been decreasing: Trend: - Symatec Internet Security Threat Report 2013 - The Economics of Spam, Justin R. Rao and David H. Reiley 2012

10 Info-Tech Research Group10 Phishing is the act of attempting to acquire information such as user names, passwords, or any other sensitive or valuable information by disguising it as a trustworthy email address. Be wary of phishing attacks and their ability to compromise your network’s security through user credential manipulation Email address spoofing Attackers use addresses that mimic legitimate and trusted accounts such as ISPs, banks, or even your own company domain. Common styles: Social web sites Auction sites Banks Online payment processors IT departments Social Media: Hackers are trending towards the use of social media content based phishing. 15.2% of spam was social media, second only to email claiming to be from financial institutions at 15.9% An ESG stops harmful phishing attacks which can compromise employee credentials and identities. Trend - Graphs from: Symantec Internet Security Threat Report 2013 - Evolving spammers using bogus social media to fool users, Helen Legatt

11 Info-Tech Research Group11 Info-Tech Research Group Helps IT Professionals To: Sign up for free trial membership to get practical solutions for your IT challenges www.infotech.com Quickly get up to speed with new technologies Make the right technology purchasing decisions – fast Deliver critical IT projects, on time and within budget Manage business expectations Justify IT spending and prove the value of IT Train IT staff and effectively manage an IT department “Info-Tech helps me to be proactive instead of reactive – a cardinal rule in a stable and leading edge IT environment. - ARCS Commercial Mortgage Co., LP Toll Free: 1-888-670-8889

Download ppt "Info-Tech Research Group1 Select and Implement an Email Security Gateway The emails you want are only the tip of the iceberg compared to what you get."

Similar presentations

Introducing WatchGuard Dimension. Oceans of Log Data The 3 Dimensions of Big Data Volume –“Log Everything - Storage is Cheap” –Becomes too much data –

Introducing WatchGuard Dimension. Oceans of Log Data The 3 Dimensions of Big Data Volume –“Log Everything - Storage is Cheap” –Becomes too much data –
Security and Trust in E- Commerce. The E-commerce Security Environment: The Scope of the Problem  Overall size of cybercrime unclear; amount of losses.

Security and Trust in E- Commerce. The E-commerce Security Environment: The Scope of the Problem  Overall size of cybercrime unclear; amount of losses.
Copyright © 2006 by The McGraw-Hill Companies, Inc. All rights reserved. McGraw-Hill Technology Education Copyright © 2006 by The McGraw-Hill Companies,

Copyright © 2006 by The McGraw-Hill Companies, Inc. All rights reserved. McGraw-Hill Technology Education Copyright © 2006 by The McGraw-Hill Companies,
Malicious Attacks By Chris Berg-Jones, Ethan Ungchusri, and Angela Wang.

Malicious Attacks By Chris Berg-Jones, Ethan Ungchusri, and Angela Wang.
MIS PERSONAL, LEGAL, ETHICAL, AND ORGANIZATIONAL ISSUES OF INFORMATION SYSTEMS CHAPTER 4 Hossein BIDGOLI Phishing Email that bites Paying for Privacy Pirates.

MIS PERSONAL, LEGAL, ETHICAL, AND ORGANIZATIONAL ISSUES OF INFORMATION SYSTEMS CHAPTER 4 Hossein BIDGOLI Phishing that bites Paying for Privacy Pirates.
8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.

8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.
8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.

8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.
8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.

8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.
Trusted Internet Connections. Background Pervasive and sustained cyber attacks against the United States continue to pose a potentially devastating impact.

Trusted Internet Connections. Background Pervasive and sustained cyber attacks against the United States continue to pose a potentially devastating impact.
Lesson 11-Virtual Private Networks. Overview Define Virtual Private Networks (VPNs). Deploy User VPNs. Deploy Site VPNs. Understand standard VPN techniques.

Lesson 11-Virtual Private Networks. Overview Define Virtual Private Networks (VPNs). Deploy User VPNs. Deploy Site VPNs. Understand standard VPN techniques.
Global Information Security Issues According to the E&Y Global Survey, Managers Say the Right Thing… –90% of 1400 companies surveyed in 66 countries say.

Global Information Security Issues According to the E&Y Global Survey, Managers Say the Right Thing… –90% of 1400 companies surveyed in 66 countries say.
Citadel Security Software Presents Are you Vulnerable? Bill Diamond Senior Security Engineer

Citadel Security Software Presents Are you Vulnerable? Bill Diamond Senior Security Engineer
MIS PERSONAL, LEGAL, ETHICAL, AND ORGANIZATIONAL ISSUES OF INFORMATION SYSTEMS CHAPTER 4 LO1 Describe information technologies that could be used in computer.

MIS PERSONAL, LEGAL, ETHICAL, AND ORGANIZATIONAL ISSUES OF INFORMATION SYSTEMS CHAPTER 4 LO1 Describe information technologies that could be used in computer.
Norman SecureSurf Protect your users when surfing the Internet.

Norman SecureSurf Protect your users when surfing the Internet.
Company LOGO Copyright Carrie Kerskie Data Breach & Identity Theft By Carrie Kerskie Kerskie Group, Inc.

Company LOGO Copyright Carrie Kerskie Data Breach & Identity Theft By Carrie Kerskie Kerskie Group, Inc.
Lecture 11 Electronic Business (MGT-485). Recap – Lecture 10 Transaction costs Network Externalities Switching costs Critical mass of customers Pricing.

Lecture 11 Electronic Business (MGT-485). Recap – Lecture 10 Transaction costs Network Externalities Switching costs Critical mass of customers Pricing.
Topic: Information Security Risk Management Framework: China Aerospace Systems Engineering Corporation (Case Study) Supervisor: Dr. Raymond Choo Student:

Topic: Information Security Risk Management Framework: China Aerospace Systems Engineering Corporation (Case Study) Supervisor: Dr. Raymond Choo Student:
MOBILE DEVICE SECURITY. WHAT IS MOBILE DEVICE SECURITY? Mobile Devices  Smartphones  Laptops  Tablets  USB Memory  Portable Media Player  Handheld.

MOBILE DEVICE SECURITY. WHAT IS MOBILE DEVICE SECURITY? Mobile Devices  Smartphones  Laptops  Tablets  USB Memory  Portable Media Player  Handheld.
Electronic Commerce & Marketing. What is E-Commerce? Business communications and transactions over networks and through computers, specifically –The buying.

Electronic Commerce & Marketing. What is E-Commerce? Business communications and transactions over networks and through computers, specifically –The buying.
Security Professional Services. Security Assessments Vulnerability Assessment IT Security Assessment Firewall Migration Custom Professional Security Services.

Security Professional Services. Security Assessments Vulnerability Assessment IT Security Assessment Firewall Migration Custom Professional Security Services.

Similar presentations

Ads by Google