M3AAWG Issues New Papers Explaining Password Security, Multifactor Authentication, Encryption Use and DDoS Safeguards; Announces 2017 Leadership and Committee Chairs
April 2017 by M3AAWG
Addressing current threats such as DDoS attacks and Internet of Things security, the Messaging, Malware and Mobile Anti-Abuse Working Group has released five new best practices papers and created new special interest groups to develop cybersecurity approaches that will help protect end-users. The organization also announced its 2017 leadership and committee chairs who are responsible for supporting the group’s ongoing collaborative efforts and identifying new areas of online vulnerability.
The new best practices papers outline recommended processes to help companies and service providers better safeguard their networks and are based on the experience of anti-abuse experts in computer security, business, public policy and academia.
The papers are:
• M3AAWG Initial Recommendations: Arming Businesses Against DDoS Attacks - outlines the various types of attacks and explains how to prepare for them, including the steps to take during and after an assault
• M3AAWG Multifactor Authentication Recommendations - explains why and when multifactor authentication should be used
• M3AAWG Recommendations Around Password Managers - a short overview defining when comprehensive password managers provide value
• M3AAWG Password Recommendations for Providers - guidelines on setting password requirements that balance security with complexity and cost
• M3AAWG Describes Costs Associated with Using Crypto - a brief guide to help plan for encryption deployments
M3AAWG currently has 42 papers available on its website under the For the Industry tab in its Best Practices section at https://www.m3aawg.org/published-do.... These best practices and tutorials address both emerging and ongoing anti-abuse challenges, such as methods to counter pervasive monitoring, abuse desk processes, anti-phishing and spam techniques, recommended senders best practices and other relevant topics.
Special Interest Groups Focus on Global Issues
M3AAWG also formed a new Internet of Things SIG to coordinate members’ efforts in resolving abuse issues from compromised IoT devices. The new special interest group will develop reputation guidelines and processes for the supply chain while promoting consumer security awareness and working with manufacturers to build better security into devices. The M3AAWG DDoS SIG is focused on helping ISPs, hosting companies and third-party DDoS security service providers understand existing and emerging Distributed Denial of Service attack types. It is developing additional papers that will explain prevention methods, monitoring and mitigation architectures, and business strategies.
2017 Leadership Takes the Helm
Along with finalizing the papers during the M3AAWG 39th General Meeting in San Francisco last month, Severin Walker, senior manager, Comcast Anti-Abuse Engineering, was elected the new Chairman of the M3AAWG Board. He has contributed to the organization over the past five years as a Board member and a chair of the M3AAWG Technical Committee.
Also elected at the February 23 Board meeting were vice chairpersons Janet Jones, senior security program manager in Microsoft’s Trustworthy Computing Security organization; Len Shneyder, SendGrid, Inc. vice president of industry relations; and Matthew Stith, Rackspace anti-abuse specialist. Sam Silberman, Endurance International Group director of standards and industry relations, will serve his fourth term as treasurer and Jerry Upton continues as executive director. Most of the work and best practices in M3AAWG are generated through dialogue among industry professionals in topical committees. The committees meet on regularly scheduled conference calls and during the three M3AAWG working meetings each year to develop the anti-abuse recommendations and other projects.
"M3AAWG provides a critical space where hundreds of subject matter experts from across the spectrum can collaborate in a trusted and vetted environment and, because of this, our work is important for the long-term security of the internet. M3AAWG committees provide the structure — they are the super-highways that ensure these discussions are meaningful and address the critical issues. So eventually, the volunteer M3AAWG committee chairs are the ones who keep the energy and our work flowing," Walker said in announcing the 2017 committee chairs:
• Abuse Desk Co-Chairs Charles Helstein, PayPal; Tobias Knecht, Abusix, Inc.; and Justin Paine, Cloudfare
• Academic Committee Co-Chairs Dr. Manos Antonakakis, Georgia Tech, and Carel, Spamhaus
• Anti-Phishing SIG Co-Chairs Carlos Alvarez, ICANN, and Chelsea Maldonado, Mailchimp
• Awards Committee Co-Chairs Christine Borgia, Return Path, and Neil Schwartzman, CAUCE
• Brand SIG Co-Chairs Ryan Boyd, Groupon, and Mike Hammer, AG Interactive
• Collaboration Committee Co-Chairs Stephen Ford, Adobe Systems Inc.; Sven Krohlas, 1 & 1 Internet SE; and Mary Youngblood
• DDoS SIG Co-Chairs Mike Glenn, Cable Television Laboratories, Inc., and Glen Pirrotta, Comcast
• Hosting Committee Co-Chairs Matthew Stith, Rackspace, and Justin Lane, Endurance International Group
• Information Sharing SIG Co-Chairs Chris Boyer, AT&T, and Doug Pearson, REN-ISAC
• Internet of Things SIG Co-Chairs M3AAWG Senior Technical Advisor Michael O’Reirdan and Chris Roosenraad, NeuStar
• M3AAWG Guides Co-Chairs Alyssa Nahatis, Adobe Systems, Inc., and M3AAWG Privacy Advisor William Wilson, Breckenhill Inc.
• M3AAWG meeting Open Round Tables Co-Chairs Melinda Plemel, Proofpoint, and Vincent Schonau, Abusix
• Pervasive Monitoring SIG Co-Chairs Janet Jones, Microsoft, and Alex Brotman, Comcast
• Program Committee Co-Chairs Kurt Andersen, LinkedIn; Dennis Dayman, Return Path; and Len Shneyder, SendGrid, Inc.
• Public Policy Committee Co-Chairs Frank Ackerman, M3AAWG Public Policy Advisor; Chris Boyer, AT&T; and Chris Roosenraad, NeuStar
• Senders Committee Co-Chairs Andrew Barrett, Adobe Systems, Inc., and Tara Natanson, Endurance International Group
• Technical Committee Chair Severin Walker, Comcast. The Technical Committee area co-chairs are:
• Messaging - Peter Goldstein, ValiMail, and James Hoddinott, Cloudmark, Inc.
• Malware - Jeremy Demar, Vigilant By Deloitte, and Loucif Kharouni, Deloitte
• Training Committee Co-Chairs Christine Borgia, Return Path; Kurt Diver, SendGrid, Inc.; Annalivia Ford, IBM; and Udeme Ukutt, Splio
• Voice and Telephony Abuse SIG Co-Chairs Alex Bobotek, AT&T, and Dr. Mustaque Ahamad, Georgia Tech
• Women in Messaging Abuse/Diversity and Inclusion Chair Janet Jones, Microsoft Additionally, M3AAWG Senior Technical Advisor John Levine, founder of Taughannock Networks, was appointed M3AAWG liaison to ICANN. Jesse Sowell continues as a special M3AAWG representative to LACNIC, the Latin America and Caribbean Network Information Center, and is helping to develop joint anti-abuse work with that organization.
About the Messaging, Malware and Mobile Anti-Abuse Working Group (M3AAWG) The Messaging, Malware and Mobile Anti-Abuse Working Group (M3AAWG) is where the industry comes together to work against bots, malware, spam, viruses, denial-of-service attacks and other online exploitation. M3AAWG (www.M3AAWG.org) members represent more than one billion mailboxes from some of the largest network operators worldwide. It leverages the depth and experience of its global membership to tackle abuse on existing networks and new emerging services through technology, collaboration and public policy. It also works to educate global policy makers on the technical and operational issues related to online abuse and messaging. Headquartered in San Francisco, Calif., M3AAWG is driven by market needs and supported by major network operators and messaging providers.
M3AAWG Board of Directors: AT&T; CenturyLink; Cloudmark, Inc.; Comcast; dotmailer; Endurance International Group; Facebook; Google; LinkedIn; Mailchimp; Microsoft Corp.; Orange; Rackspace; Return Path; SendGrid, Inc.; Vade Secure; and Yahoo! Inc.
M3AAWG Full Members: 1&1 Internet AG; Adobe Systems Inc.; Agora, Inc.; AOL; Campaign Monitor Pty.; Cisco Systems, Inc.; CloudFlare; Dyn; Exact Target, Inc.; IBM; iContact; Intel Security; Internet Initiative Japan; Liberty Global; Listrak; Litmus; MAPP Digital; Mimecast; Nominum, Inc.; Oracle Marketing Cloud; OVH; PayPal; Proofpoint; Spamhaus; Sparkpost; Sprint; Symantec; and USAA.