Every few weeks, a technology writer proclaims the impending death of email. The litany of new and emerging social media, mobile and other technologies certainly have their place in today’s digital communications. Despite the proliferation of communication methods, though, email usage continues to grow steadily. In fact, Radicati Research predicts that by the end of 2019, the number of worldwide email users will increase to over 2.9 billion.
The reality is, there is an overwhelming preference for email over all other communication forms, according to the Future of Digital Communication report.
Why is email security important?
Hackers have found that email systems are typically the weakest link in an organization’s security, particularly compared to its firewall. Consequently, an estimated 91 percent of cyberattacks begin with an email. Often, hackers will use “script kiddies” in an email, which are scripts intended to infiltrate a company’s network.
In addition to the relative ease of email-based attacks, the cost of a security breach is often significant. The Ponemon Institute estimates that a security breach cost averaged $3.5 million in 2017 and there is a 27 percent probability that a U.S. company will experience a breach in the next 24 months, which will cost them between $1.1 million and $3.8 million.
Does your email security solution adequately protect you?
While there are numerous email security solutions available today, and many do a good job of protecting the majority of threats, they still have holes that hackers can exploit. The challenge of email defenses is that email security threats are constantly evolving. Traditional email security often focuses primarily on the origin of threats (IP reputation) and on the content of threats (fingerprinting and sandboxing). Yet attackers have developed sophisticated attacks that are short wave, low volume, polymorphic and much more difficult to catch.
Why layered email security helps
Traditional email security systems only go so far in protecting companies from malicious email threats. That’s why supplementing a traditional email security solution with an additional email security layer is necessary to detect unknown and evolving threats. As Gartner notes in its “Market Guide for Secure Email Gateways” (May 2017) “advanced threats are easily bypassing the signature-based and reputation-based prevention mechanisms for email security. (We recommend organizations) supplement gaps in the advanced threat defense capabilities of an incumbent SEG by adding a specialized product tailored for this purpose…”
Traditional email security filters that leverage the signature-based and reputation-based prevention mechanisms noted by Gartner are only effective at blocking known threats. With these tools, the signature or IP of a bad sender must be first identified, analyzed, and an update to the filter published, before similar threats can be blocked. This approach fails altogether to stop low-volume, short-duration, polymorphic attacks and thus many of these tools have a catch rate as low as 70 percent.
In order to block all threats, including unknown and evolving threats, you must complement your security tools with a specialized solution that is predictive. some key capabilities that power a predictive security layer for your email defense:
Artificial Intelligence (AI)
An email security layer powered by artificial intelligence can identify and block threats that are not yet known, including polymorphic threats that dynamically change the origin (e.g. email, IP) and content of the message and attachment. These technologies holistically analyze how an email and its attachment have been crafted, using data from past threats (such as leveraging global threat reports or feeds) to thwart new attacks. AI can also identify sudden changes in behavior for previously legitimate senders, automatically creating temporary rules that block messages from a single IP, or even entire IP ranges depending on the context. With AI, all known, unknown and multi-form threats can be stopped at the first email iteration, or the “zero hour” email.
In addition, m , which is a subset of AI, can be used to train algorithms that analyze a set of technical “features” relating to an email or page, in order to return a probability that it is malicious. This approach proves particularly useful for identifying spearphishing or Business Email Compromise (BEC) attacks, which attempt to trick recipients by spoofing known senders through minor modifications to email addresses or domains that are virtually imperceptible to humans. It’s also highly effective at identifying and blocking phishing URLs and web pages using similar techniques.
Global Threat Center Databases
An email security layer with access to a global database at a threat center can provide more comprehensive, global protection. It allows the ability to capture and analyze in real-time, which is critical to achieve advanced protection. A 24/7 global threat detection center can analyze the context of inbound emails according to:
- IP addresses
- Previous context
- User interactions
- Domain names
- And more
Closing the Gap with Predictive Email Defense layer
Predictive email security defense goes far in closing the security gaps posed by traditional email security systems. For example, a Vade Secure customer who used Microsoft EOP for email security as well as Vade Secure found that in one month alone, Vade Secure’s solution blocked 350 instances of malware and more than 9,000 spam emails that EOP failed to catch.
Being able to detect unknown and evolving threats, mean that you must complement your solution with a specialized solution which can be predictive. The following are…