REPORT

Email Security that Meets the Highest Government Standards

REPORT2

1 Verizon (2016). Data Breach Investigations Report.2 Cloudmark (January 13, 2016). Cloudmark Introduces Industry's Most Complete Protection against Spear Phishing Attacks.

Nation states, cyber criminals and hacktivists have become more active at targeting government organizations. One example: the alleged Russian hacking of the 2016 U.S. elections.

Hacker groups such as APT29 are adept at avoiding detection, using malware such as HAMMERTOSS to infiltrate and create a permanent presence on targeted computers. HAMMERTOSS is sophisticated in its ability to cover its tracks and is constantly being refined to stay ahead of security researchers. Government organizations are potentially at risk from attacks like HAMMERTOSS.

Cyber criminals have expanded their methodology, but email continues to be the key method of attack with email attachments and emails directing recipients to malicious URLs, the predominant transmitters of malware.1 While legacy anti-spam and antivirus solutions may block nuisance emails, it’s apparent they cannot deter sophisticated targeted spear-phishing emails containing today’s highly destructive threats. On January 13, 2016, Cloudmark released the results of a survey it conducted of 300 companies that had been targeted by spear phishing. The average cost of those spear-phishing attacks across all those companies was $1.6 million.2

Government organizations at all levels — from federal agencies to local school boards — are being challenged by increasingly sophisticated cyber security threats.

The Threat is Real

$1 billionThe FBI told CNN (April 15, 2016) that ransomware was on pace to cost organizations $1 billion in 2016.

$10,000In one incident, a South Carolina school district paid an estimated $10,000 when cyber criminals locked up its servers.

3EMAIL SECURITY THAT MEETS THE HIGHEST GOVERNMENT STANDARDS

3 Jai Vijayan (November 15, 2016). The 7 Most Significant Government Data Breaches. 4 Riley Walters (November 19, 2015). Continued Federal Cyber Breaches in 2015. 5 Identity Theft Resource Center (August 9, 2017). Data Breach Reports.

Just a few of the major breaches reported at federal, state and local government organizations in recent years:

Federal

• Internal Revenue Service (IRS) (2015)3

• National Security Agency (NSA) (2016)3

• Federal Aviation Administration (FAA) (2015)4

• U.S. Air Force (2017)5

• Commission on Elections (2016)5

State

• Mississippi Division of Medicaid (2017)5

• Arizona Department of Health Services (ADHS) (2017)5

• Ohio Department of Taxation (2017)5

• North Carolina Department of Motor Vehicles (2017)5

• Pennsylvania Department of Revenue (2017)5

Local

• Louisville Hall of Justice (2017)5

• Larimer County Clerk and Recorder’s Office (2017)5

• Seattle Housing Authority (2017)5

• City of San Marcos (2017)5

• Memphis VA Medical Center (2017)5

$10,000In one incident, a South Carolina school district paid an estimated $10,000 when cyber criminals locked up its servers.

In 2010, the federal government issued its “cloud first” policy as a part of the Office of Management and Budget’s plan to modernize IT management. It mandated that agencies first consider the cloud if service options are available that meet government security, reliabllity and cost specifications. At the federal level, that means deploying a Federal Risk and Authorization Management Program (FedRAMP)-authorized service.

The Risks Inherent in the Cloud

REPORT4

5

Although moving to the cloud offers efficiencies and savings, it does expose government organizations to new risk management and mitigation challenges. Attackers use highly personalized phishing techniques to bypass spam filters and trick users into clicking on malicious links or opening malware-laden attachments.

The result The need for email security specifically designed for the cloud has become paramount.

The Infoblox DNS Threat Index (Q1 2016) recorded a 35-fold increase in ransomware over the previous quarter, and Government Technology6 foresees even more threats targeting the cloud and more ransomware attacks such as WannaCry during 2017.

6 Government Technology (January 8, 2017). The Top 17 Security Predictions for 2017.

EMAIL SECURITY THAT MEETS THE HIGHEST GOVERNMENT STANDARDS

We are seeing an influx of phishing and all it takes is one person to inadvertently click on one email to unleash malware that could cause a lot of problems...Karen R. JacksonSecretary of Technology Commonwealth of Virginia

About FedRAMP FedRAMP (Federal Risk and Authorization Management Program) provides a standardized approach to security assessment, authorization and monitoring for cloud products and services. The program is a result of the “cloud first” policy calling on federal agencies to use authorized services to streamline IT procurement and reduce costs. Because it inherits the NIST SP800-53 baseline of controls and is tailored for cloud computing initiatives, FedRAMP is often considered to represent the Federal Information Security Management Act (FISMA) for the cloud.

REPORT6

Government agencies have discovered that traditional security solutions simply can’t detect and prevent advanced email attacks like zero-day exploits, malware hidden in attachments, malicious URLs and ransomware.

Defensive Measures Already in Use

7EMAIL SECURITY THAT MEETS THE HIGHEST GOVERNMENT STANDARDS

“We did not want to be the next victim”

After witnessing damaging cybersecurity breaches in other states, Missouri officials decided they “did not want to be the next victim” and needed to better secure the state’s IT systems. Many of the attacks on Missouri’s state networks came in the form of spear-phishing emails that secretly delivered malware. “We saw what was happening around us. We saw what that did to the trust between citizens and the government,” said Michael Roling, chief information security officer, State of Missouri. Fortunately, the state’s executive and legislative branches were on board with Roling’s request to upgrade its over-burdened security apparatus. The state chose FireEye as one of its key security partners. “When FireEye Email Security discovers malicious email, it shares information to ensure maximum protection,” Roling explained.

It’s why over 900 federal, state and local government agencies worldwide and over 90 U.S. federal departments and branches have already deployed FireEye solutions.

And for good reasons. FireEye offers:

• Accurate detection and immediate blocking of advanced and targeted email-borne attacks, including spear phishing and ransomware.

• The most powerful cyber defense ecosystem in the world, backed by 100,000+ incident response hours, 15 million endpoint sensors across 60 countries, and threat analytics from billions of events.

• Rapid adaptation to evolving threats based on an understanding of attacks and attacker motivations, intentions and methods.

• Data integrity with SOC II Type 2 Compliant Data Centers in the U.S. and Frankfurt, Germany.

• Timely, relevant and actionable threat intelligence plus a false positive rate of less than one percent.

• Flexible deployment options, including FedRAMP-, NIST- and FISMA-compliant solutions to meet government standards.

FireEye Government Email Threat Prevention (ETP) is a FedRAMP-authorized email security service focused on advanced threat protection. So individual government agencies can quickly issue their own authorization and begin using FireEye Government ETP immediately.

We recently blocked several serious targeted attempts sourced from both email and websites — including ransomware and credential stealing — where FireEye more than proved its worth.

Stephen Schommer IT Director Northshore Utility District

REPORT8

FireEye develops solutions that meet all critical requirements for combating modern and future cyber threats. FireEye Government ETP is best suited for cloud-based deployment and FireEye Email Security (EX series) is designed for on-premises deployment.

About FireEye Email Security Solutions

Figure 1. FireEye Government Email Threat Prevention.

Threat Intelligence

FireEye EmailThreat Prevention

AV/AS AND MULTI-VECTORVIRTUAL EXECUTION ENGINE (MVX)

CONTEXTUAL CORRELATION

Incoming Email

Email Mailboxes

On Premise

Behavior Network File System Information Interaction Exploit

In Cloud

9EMAIL SECURITY THAT MEETS THE HIGHEST GOVERNMENT STANDARDS

In The Crosshairs of Cyber Spies A federally funded R&D center working on technical research projects in defense, space and energy routinely found itself in the crosshairs of nation-state cyber spies seeking lucrative scientific data. So, naturally, the main focus of the lab’s cyber security team was to detect adversaries and prevent or minimize data theft. The team had a layered defense solution, but as adversary tactics became more sophisticated, targeted malware was able to circumvent signature-based antivirus tools. Additionally, the existing solution offered no defense against email phishing scams.

To combat evolving threats, the research center deployed a number of FireEye solutions, including FireEye Email Security which was selected because the FireEye Multi-Vector Virtual Execution™ engine isolates signature-less, malicious files and URLs and quarantines them on the spot. As a result, the center can detect intrusion attempts arriving via drive-by downloads and identify and analyze suspicious files almost instantly. The spread of a spear-phishing attack can now be traced within minutes, enabling the lab’s security team to identify all recipients and remove the links and attachments from emails in targeted mailboxes before they can cause any damage.

FireEye is the intelligence-led security company. Working as a seamless, scalable extension of customer security operations, FireEye offers a single platform that blends innovative security technologies, nation-state grade threat intelligence, and world-renowned Mandiant® consulting. With this approach, FireEye eliminates the complexity and burden of cyber security for organizations struggling to prepare for, prevent, and respond to cyber attacks. FireEye has over 5,300 customers across 67 countries, including more than 845 of the Forbes Global 2000.

© 2017 FireEye, Inc. All rights reserved. FireEye is a registered trademark of FireEye, Inc. All other brands, products, or service names are or may be trademarks or service marks of their respective owners. R.ES.EN-US.082017

FireEye, Inc. 1440 McCarthy Blvd. Milpitas, CA 95035 408.321.6300 / 877.FIREEYE (347.3393) / info@FireEye.com

www.FireEye.com

To learn more, visit www.fireeye.com/government