Keeping it Reel – How to Combat Phishing

Security_Guest Frequent Contributor.
Frequent Contributor.
0 0 859

Guest post by Steven Forsyth, ArcSight Product Manager 

Phishing is the initial toehold of so many newsworthy breaches

No matter how hard you educate your employees to not click on weird-looking links in phishing or fake emails, there’s always a few that just can’t seem to stop themselves. To be fair, with the rapid pace of our work days, and the sophistication of the look and wording of phishing emails, it’s crazy to expect 100% perfection or discipline from employees dealing with phishing emails.  At the end of the day, you can’t rely on your employees being the last line of defense for phishing protection.

Fun Fact: Fake invoices are the most popular bait

According to Verizon’s 2017 Data Breach Investigations Report, 66% of malware deployed during 2016 was done so via email attachments. The below graph from the Symantec 2017 ISTR (Internet Security Threat Report) helps us take a deeper look at the attacker’s tactics, highlighting the most popular clicked-on keyword used in subject lines. Fake invoices are still the most popular bait, though other lures are certainly finding success. Internet Security Threat Report.png

As phishing continue to be successful, the campaign sophistication grows

The latest and more sophisticated attacks are “spear” phishing campaigns which target your vertical, your company, or your most powerful users. When they target your C-Suite, they’re on a whaling campaign.  We could go on and on with data and real-world examples. Refer to the sources I’ve referenced if you are looking for more details. There is also a long set of examples in this article, “What Phishing and Email Scams Look Like”.

The real question is, what to do?
We recommend a three-pronged approach in your battle against Phishing Campaigns:

  • Education: While education alone won’t give you 100% success, it is foundational. You should be sure to continually test your success rate with simulations.
  • Technical Defense: Install an email defense point solution. For example, McAfee and Trend Micro provide endpoint and gateway products that can identify malicious emails.
  • Defense in Depth through Monitoring: Utilize Email defense monitoring to fuse and monitor your email defense systems into your security information and event management (SIEM).

ArcSight has simplified monitoring phishing activity from your SIEM

If you are using ArcSight Enterprise Security Manager, a comprehensive threat detection, analysis, triage, and compliance management SIEM platform, check out the newly released Activate Malware Email Monitoring solution to quickly implement the third prong. The package comes with over 20 pre-made use cases, including coverage for spear phishing attempts against your most sensitive users. Out of the box, the solution integrates with McAfee Security for Exchange, Trend Micro ScanMail, and Trend Micro Interscan Messaging Security. As with any Activate solution, other email defense products can be plugged into the use cases with the development of a few simple product package filters.

It’s never been easier to install ArcSight SIEM content

Please contact us or visit the ArcSight Marketplace to find out how.

The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.