In this week’s Whiteboard Wednesday, Justin Buchanan, Solutions Manager for Offensive Security Products at Rapid7, takes you through the key components of an anti-phishing program. In order to combat the #1 most prevalent cyber threat, phishing, your organization must build defense in depth via the right technology, processes, and user training.
Hi, and welcome to this week's Whiteboard Wednesday. My name's Justin Buchanan, Solutions Manager for Offensive Security Products here at Rapid7. Here today, we're going to talk about anti-phishing, and the reason we're going to talk about it is because phishing sucks. Phishing is the number one, and most impactful threat according to the 2017 SANS user survey. There's no one simple way to solve this massive problem that is phishing. The only way to do it is through a combination of methods, and defense in depth.Show more Show less
Let's go ahead and look at the different components that make up an overall anti-phishing program. The first would be a secure email gateway. We recommend that you implement technology that reviews your messages as they come in, identifying messages that are almost definitely phishing, and blocks them from entering your organization. Now, false positives will still get through, the messages that are actually phishing will still get through, and then that's where your humans come in. Phishing is a human problem, and part of the solution is a human component. That's where phishing awareness training and phishing protection come into play.
Let's talk about phishing awareness training. This is a program where you act like an attacker, and you train your users to identify potential phishing messages, and train them to report those to your IT team and security teams so that they can analyze them and take appropriate action. Phishing protection is the component of the program that enables this reporting mechanism, and most importantly it is also the component where you concern yourself with the analysis of these messages, and making this a repeatable process that is scalable for your security team.
Then finally, even with all of our best laid plans and this defense in depth, phishing messages will still get through, and compromise will still happen, and when it does we need to have technology in place that can let us know that we've been compromised as early in the attack chain as possible, and we need to implement appropriate incident response plans to take care of that issue.
Be sure to tune in for the rest of this series where we'll cover in more depth phishing awareness training and then phishing protection as well. That's it for this week's Whiteboard Wednesday. We'll catch you later.