Spam Filters

We touched on this earlier, but spam filters are a very important first line of defense. Greater than 99.9% of all spam is caught by a quality filter. Also to note that false identification of emails as spam should be less than 1/10,000 (or 0.01%). Machine learning and massive amounts of data are key in ensuring that you are protected in real time.

Malicious URLs

Malicious URLs are an essential tool for criminals.

Masking URLs, changing them at time of click and more, they are the bridge to many phishing, malware and ransomware attacks. URL Defense is a relatively new tool that provides defense both at email delivery and at point of click to ensure that the destination is not dangerous.

Attachment Defense

Attachments can contain everything from Trojans, to Viruses to Malware and anything in between.

Before your emails are delivered, malicious attachment defense looks at the email to ensure that there’s nothing suspicious about it. This includes scanning zipped files for malicious content, Office documents for malicious macros, and many others for any viruses, malware and ransomware they may contain.

Sandboxing brings a lot of fun to mind, but it’s actually a very advanced method of detecting individual threats and malicious pieces of software. Advanced solutions for email are now putting individual attachments (every single one that comes to your organization) through a multi-tiered approach to prevent bad outcomes, including: analysis based on reputation and known threats, analysis in a virtual device when downloaded and if “installation” is required (this is usually a dead giveaway of bad intentions), analysis on a physical, real-life device, and then if that all passes through, analysis by an actual threat intelligence expert who decides the likelihood of something being a threat. It may seem like a lot, but that’s how much care is really needed to keep you safe.

SPF and DMARC

Three tools that are designed to ensure that the sender is who they say they are.

SPF (Sender Policy Framework) is a policy that anybody with an email server can publish a group of IP addresses authorized to send email on behalf of your domain. This could be multiple servers for your company, email marketing solutions or other tools for backend functions, but the point is that you can authorize what represents you. This means that if someone pretends to be from your domain but doesn’t have an authorized IP address, their phony email won’t get through.
DMARC (Domain-based Message Authentication, Reporting and Conformance) gives organizations a way to use both SPF and DKIM (DomainKeys Identified Mail) to ensure that an email is authentic. SPF, like above, indicates what IP addresses are authorized to send email on a domain’s behalf, while DKIM uses a “public key” and a “private key” to ensure that a particular email was allowed to be sent from a domain. If you fail both of these policies, you’re most likely sending some kind of spam or phishing message. An organization that is checking emails against DMARC will then block them.

Phishing Protection

Phishing protection is not a unique feature per say, but rather the combination of the various defensive tools, such a URL Protections, Spam Filtering and Spoofing protection to ensure that nearly all phishing attacks are intercepted.

Email Continuity

Less about defensive email security and more about limiting downside risk in the worst case scenario, Email Continuity Solutions will allow you to send and receive email, and operate as usual even through an ongoing outage or attack. From an overall business continuity perspective, archiving of emails also applies here – archiving can function as an insurance policy of sorts to ensure you can continue business even under dire conditions by restoring any lost data, while also being able to retain and retrieve records for compliance or legal purposes.

Email Encryption

Encryption is often required for regulation and protection of highly sensitive information.

As we touched on a bit earlier that the structure of email isn’t inherently secure. Encryption is required to protect email in transit (while it is being sent), while it is at rest, and with connections to email servers. The level of encryption should depend on the level of security your industry needs or is legally required for you to have. Encrypting your data is absolutely a must, so that in the worst case scenario that you are hacked, even if confidential information is stolen, it cannot be viewed by the criminals.

Awareness + Tools = Peace of Mind

A lapse in judgement is a critical cause of many email security breaches.

With awareness, judgement is improved. With the right tools, you can rest assured that you’ll see less of the bad stuff. Combined, you should some degree of peace of mind.

But no system is perfect. The incentive and payoff for criminals can be too great – meaning they look to evolve their attacks to outsmart first the technology, and then the end user. Even if you have all the necessary protection in place, billions of emails go back and forth each day – you could still be part of the .00001% that sees something malicious in their day to day work. That’s when it’s important to remember one thing: YOU are the last line of defense, and when a malicious email does present itself to you, it’s up to you to identify and report it.

Which is why if we intend to provide a complete security picture, it is important that we augment our email security awareness with a few general tips on general cyber security.