2      0

(ISC)² Security Congress 2021 - Career Center & Recordings

1778643 - Should You Trust That Email? Technologies and Strategies That Can Help!


Oct 19, 2021 10:30am ‐ Oct 19, 2021 11:30am



Credits: None available.

Description

Email protocols (such as SMTP, POP, IMAP, MIME) were designed to deliver messaging functionality rather than security. It is relatively simple to spoof a sender and/or their domain using email. Yet, the bulk of business communication remains driven through email. Email is also the primary vector used for malware attacks, phishing attacks, business email compromise and other attacks. What to do? Can you trust the source of that the email you received? We discuss strengths and drawbacks of existing technical standards (such as SPF, DKIM, DMARC) to prevent email spoofing and secure email protocols such as S/MIME. We discuss AI/ML- and reputation-based approaches to improve confidence in email origination as well as a novel known-sender-profiling approach that can further protect a user against email spoofing.

Learning Objectives:
  • Identify the weaknesses of standard email protocols and how spoofed emails can result in serious cybersecurity and business compromise.
  • Identify and implement existing technical protocols that prevent attackers from spoofing their domain and/or senders, while realizing that these techniques are not very helpful in preventing attackers from sending spoofed emails to users within their own domain.
  • Learn about and apply additional existing tools and techniques as well as a novel known-sender profiling technique to achieve a higher level of protection against email spoofing.

Speaker(s):

Tags: Intermediate

Credits

  • 1.00 - CPE

You must be logged in and own this session in order to post comments.