Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Application Security

1/2/2018
10:45 AM
Dark Reading
Dark Reading
Products and Releases
50%
50%

DHS Directive Increases Federal DMARC Adoption 38 Percent in 30 Days

Agari Analytics Indicate Illicit Email Traffic Sharply Declines for Early Adopters of DMARC; Department of Homeland Security to Keynote DMARC Implementation Breakfast on January 18

SAN MATEO, Calif. – January 2, 2018 – Agari, a leading cybersecurity company, today announced the publication of  a new research report, “U.S. Federal Government DMARC Adoption,” which reveals that federal domain adoption of DMARC increased 38 percent (13 percentage points) in 30 days, from 34 percent on November 18, 2017 to 47 percent on December 18, 2017. This increase of 151 domains shows rapid adoption of DMARC, a critical email authentication standard, ahead of the initial, January 15, 2018, deadline for the Department of Homeland Security (DHS) Binding Operational Directive (BOD) 18-01. Agari will present this research at a Federal Breakfast Workshop on January 18, 2018, where DHS Assistant Secretary for the Office of Cybersecurity and Communications Jeanette Manfra will provide keynote remarks.

“DMARC has proven to be an effective solution to secure our federal domains, but more work is needed to protect all federal domains. The time to act is now –deadlines to comply with BOD 18-01 are imminent,” said Jeanette Manfra, assistant secretary for the Office of Cybersecurity and Communications, Department of Homeland Security. “Cybersecurity is a critical component of our homeland security policy, but it is also a shared responsibility. It is crucial for U.S. citizens to trust that an email from a government agency is legitimate.”

Agari research also shows the effectiveness of the DMARC security control across federal agencies. Of the billions of emails sent across the more than 400 federal government domains secured by Agari, ninety-six percent of the emails are protected by the strongest DMARC policy (p=reject) nearly a year ahead of the BOD 18-01. As a result, those federal domains protected by DMARC at p=reject, including the U.S. Senate, Veterans Affairs, Health and Human Services, and the U.S. Post Office have seen attempted fraud send rates decrease to less than two percent in December.

“This research shows that DMARC does more than protect federal domains, it protects all of us – even our mothers and fathers – from billions of phishing emails every day,” said Patrick Peterson, Founder and Executive Chairman, Agari. “The increase in adoption is a smashing early success. We hope that all agencies with follow Agari’s federal agency clients, including the U.S. Senate, Health and Human Services, Customs and Border Protection, U.S. Census Bureau, Veterans Affairs and the U.S. Postal Service, to comply with the directive and help eliminate phishing and spam related to domain spoofing and ensure a trusted digital channel for US citizens.”

DHS announced BOD 18-01 on October 16, 2017, during a Global Cybersecurity Alliance (GCA) event in New York City. BOD 18-01 mandates that all federal domains implement DMARC, TLS and HTTPS to prevent domain name spoofing and to secure email communication. Federal departments and agencies have 90 days to implement DMARC at its lowest setting (monitoring, P=none) and one year to implement DMARC at its highest setting (P=reject), which prevents unauthorized mail from being sent.

Since the DHS announcement, DMARC adoption rates among federal domains have improved across the board. Thirty-one percent have deployed DMARC as p=none, compared to 20 percent on November 18, and 16 percent have deployed DMARC to quarantine or reject unauthenticated email, compared to 14 percent on November 18. Still, 53 percent still have not deployed DMARC, just weeks ahead of the DHS deadline.

More than 20 federal agencies have achieved 100 percent DMARC adoption across their domains, including the Federal Communication Commission, the Federal Trade Commission, and the Department of Veterans Affairs. Additionally, the Department of Health and Human Service is the only federal agency to have deployed DMARC across more than 100 domains.

 

***ALERT***

Agari Federal Breakfast Workshop: How to Comply with BOD 18-01

When:             January 18, 2018

Where:            The City Club of Washington DC

Agenda:          7:30 am EST – Keynote Remarks – Jeanette Manfra, Assistant Secretary for the Office of Cybersecurity and Communications, DHS

8:00 am EST – Federal DMARC Research – Patrick Peterson, Founder & Executive Chairman Agari

                        8:30 am EST – DMARC Deployment Panel

                                                Phil Reitinger, GCA

                                                Matt Shallbetter, Director of Security Design,  DHHS

9:15 am EST – Closing Remarks – Jeanette Manfra, Assistant Secretary for the Office of Cybersecurity and Communications DHS

                       

Download the updated report: “U.S. Federal Government DMARC Adoption

Register for the “Federal Breakfast Workshop: How to Comply with BOD 18-01

 

About Agari
Agari, a leading cybersecurity company, is trusted by leading Fortune 1000 companies to protect their enterprise, partners and customers from advanced email phishing attacks. The Agari Email Trust Platform is the industry’s only solution that ‘understands’ the true sender of emails, leveraging the company’s proprietary, global email telemetry network and patent-pending, predictive Agari Trust Analytics to identify and stop phishing attacks. The platform powers Agari Enterprise Protect, which help organizations protect themselves from advanced spear phishing attacks, and Agari Customer Protect, which protects consumers from email attacks that spoof enterprise brands. Agari, a recipient of the JPMorgan Chase Hall of Innovation Award and recognized as a Gartner Cool Vendor in Security, is backed by Alloy Ventures, Battery Ventures, First Round Capital, Greylock Partners, Norwest Venture Partners and Scale Venture Partners. Learn more at http://www.agari.com and follow us on Twitter @AgariInc.

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
97% of Americans Can't Ace a Basic Security Test
Steve Zurier, Contributing Writer,  5/20/2019
How Security Vendors Can Address the Cybersecurity Talent Shortage
Rob Rashotte, VP of Global Training and Technical Field Enablement at Fortinet,  5/24/2019
TeamViewer Admits Breach from 2016
Dark Reading Staff 5/20/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
Building and Managing an IT Security Operations Program
As cyber threats grow, many organizations are building security operations centers (SOCs) to improve their defenses. In this Tech Digest you will learn tips on how to get the most out of a SOC in your organization - and what to do if you can't afford to build one.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-7068
PUBLISHED: 2019-05-24
Adobe Acrobat and Reader versions 2019.010.20069 and earlier, 2019.010.20069 and earlier, 2017.011.30113 and earlier version, and 2015.006.30464 and earlier have an use after free vulnerability. Successful exploitation could lead to arbitrary code execution .
CVE-2019-7069
PUBLISHED: 2019-05-24
Adobe Acrobat and Reader versions 2019.010.20069 and earlier, 2019.010.20069 and earlier, 2017.011.30113 and earlier version, and 2015.006.30464 and earlier have a type confusion vulnerability. Successful exploitation could lead to arbitrary code execution .
CVE-2019-7070
PUBLISHED: 2019-05-24
Adobe Acrobat and Reader versions 2019.010.20069 and earlier, 2019.010.20069 and earlier, 2017.011.30113 and earlier version, and 2015.006.30464 and earlier have an use after free vulnerability. Successful exploitation could lead to arbitrary code execution .
CVE-2019-7071
PUBLISHED: 2019-05-24
Adobe Acrobat and Reader versions 2019.010.20069 and earlier, 2019.010.20069 and earlier, 2017.011.30113 and earlier version, and 2015.006.30464 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.
CVE-2019-7072
PUBLISHED: 2019-05-24
Adobe Acrobat and Reader versions 2019.010.20069 and earlier, 2019.010.20069 and earlier, 2017.011.30113 and earlier version, and 2015.006.30464 and earlier have an use after free vulnerability. Successful exploitation could lead to arbitrary code execution .