Trustwave Unveils New Offerings to Maximize Value of Microsoft Security Investments. Learn More

Trustwave Unveils New Offerings to Maximize Value of Microsoft Security Investments. Learn More

Managed Detection & Response

Eliminate active threats with 24/7 threat detection, investigation, and response.

Co-Managed SOC (SIEM)

Maximize your SIEM investment, stop alert fatigue, and enhance your team with hybrid security operations support.

Advisory & Diagnostics

Advance your cybersecurity program and get expert guidance where you need it most.

Penetration Testing

Test your physical locations and IT infrastructure to shore up weaknesses before exploitation.

Database Security

Prevent unauthorized access and exceed compliance requirements.

Email Security

Stop email threats others miss and secure your organization against the #1 ransomware attack vector.

Digital Forensics & Incident Response

Prepare for the inevitable with 24/7 global breach response in-region and available on-site.

Firewall & Technology Management

Mitigate risk of a cyberattack with 24/7 incident and health monitoring and the latest threat intelligence.

Offensive Security
Solutions to maximize your security ROI
Microsoft Exchange Server Attacks
Stay protected against emerging threats
Rapidly Secure New Environments
Security for rapid response situations
Securing the Cloud
Safely navigate and stay protected
Securing the IoT Landscape
Test, monitor and secure network objects
Why Trustwave
About Us
Awards and Accolades
Trustwave SpiderLabs Team
Trustwave Fusion Security Operations Platform
Trustwave Security Colony
Technology Alliance Partners
Key alliances who align and support our ecosystem of security offerings
Trustwave PartnerOne Program
Join forces with Trustwave to protect against the most advance cybersecurity threats

MailMarshal: Protecting Against Email-based Threats Has Become Survival of the Fittest

Email security is not a simple check-box item. The need to have a strong email security solution in place has never been greater. Email is ubiquitous, and the average employee receives so many emails on a daily basis that they often open and click on messages without giving a second thought to any potential problem they might pose.

This means an organization must have an email security solution in place to find and block suspicious emails before someone mistakenly clicks on a link.

It is obvious from the large number of email-based attacks that have been tracked by industry and governments globally that the email security technology many organizations use is not sufficient to protect them from highly sophisticated threats.

In fact, most organizations have little idea how vulnerable they are to an email-based attack, nor do they have the capability to properly defend themselves.

The Threat Surface

Phishing remains the top attack vector used by hackers. The FBI’s Internet Crime Complaint Center (IC3) 2021 Internet Crime Report noted that phishing scams were extremely prominent, with 323,972 complaints being made in the U.S. in 2021, compared to 241,342 the previous year. Adjusted losses resulting from these attacks is more than $44 million, a $10 million decrease from 2020.

Specific to organizations, Business Email Compromise (BEC) is one of the most widely committed crimes by cybercriminals. IC3 received 19,954 BEC/Email Account Compromise (EAC) complaints with adjusted losses of over $2.4 billion in 2021 alone. The number of complaints was about flat year-over-year, but losses increased by about $600 million, the FBI report stated.

Additionally, new threats are being uncovered on a regular basis. For example, Trustwave SpiderLabs recently discovered a ‘chameleon’ phishing email campaign that leads to a credential capture page.

What is unique about this campaign is that the malicious credential capture landing page uses the victim’s email address to change how the landing page looks, making it more appealing to the recipient and thus more likely to be opened.

If the victim has a Gmail account, it will use Google graphics and assets to make it look like they're logging back into Gmail. If the victim has an Outlook account, it will pull Microsoft graphics and assets to make the malicious page look like a genuine Microsoft page.

Read this case study to understand how Trustwave helped a client reduce BEC attacks. 

What’s the right way to solve for your email security challenges?

Email security is not a one-size fits all game. Properly preparing for email-based threats means understanding and addressing two key aspects:

  1. Your email deployment scenario: cloud, on-premises, hybrid, or service-provider
  2. Your current email security posture:
    • Is your current approach fitting your requirements?
    • Are you relying solely on “built-in” security features of Office 365?

Trustwave MailMarshal: By the Numbers

What is needed to properly defend an organization from an email-based attack? Training workers to stop and think before they click on a link or email attachment is paramount, but even the most dedicated and conscientious staffer will make a mistake.

So, what organizations need is a system that will back stop the employees and that is where Trustwave MailMarshal comes in to play.

MailMarshal has an exemplary of protecting clients:

  • Number of clients infected with ransomware: 0
  • Regularly priced one-third lower than our closest competitors.
  • File types recognized for scanning and blocking of malicious attachments: 400+
  • Malware and exploit capture rate: 99.99%
  • Average client tenure with Trustwave MailMarshal: 16 years
  • Able to inspect 5 times the number of email attachment types than our competitors
  • Deploy on premises or in the cloud 

These capabilities are a result of MailMarshal’s 25-year history as an email security tool and the email threat intelligence that is gathers from Trustwave 5,000 global Managed Security Service (MSS) clients. As a threat is spotted and stopped with one client the information is shared throughout our organization making all of our clients safer.

A Trustwave MailMarshal Success Story

The Trustwave MailMarshal team recently helped a large American multinational telecommunications conglomerate that operates in 150 countries with more than 2,300 retail stores serving over 160 million clients.

The challenge presented by the client was to migrate its Microsoft Exchange to Workspace. The company used an email security service which was unable to integrate that product into the client’s global security operations center’s (SOC) extensive monitoring systems and native applications.

The client’s SOC was responsible for monitoring all outbound traffic for data loss prevention, conduct content inspections, and cyber intelligence delivered to decision makers.

The client adopted Trustwave’s MailMarshal On-Premises solution which was used to rewrite header rules to blind copy every outbound email passing through Proofpoint for content inspection and machine / human analysis.

The MailMarshal team also constructed comprehensive custom scripts to filter all outbound traffic for content inspection and created extensive rules with different criteria to trigger alerts with varying degrees of risk.

Trustwave MailMarshal: Try it Today

In a nutshell, we make sure inbound and outbound emails, links and attachments are clean, while enforcing your acceptable use and data loss prevention (DLP) rules.  Let us know any questions and try it today.


Learn more about both editions:


Trustwave MailMarshal Secure Email Gateway

Trustwave MailMarshal Secure Email Gateway

It’s no surprise that threat actors continue to rely on email to distribute malware, phishing scams, and spam. Email can be easily disguised to appear legitimate and remains the simplest way to gain access to employees, data, and money because end users receive email whether wanted or not.





Trustwave MailMarshal Service Provider Edition

Built on the award-winning Trustwave MailMarshal Secure Email Gateway, Trustwave MailMarshal Service Provider Edition (SPE) was designed from the ground up for service provider environments to help you manage your common business issues as well, such as administration, policy management, provisioning and workflow.



Latest Trustwave Blogs

Trustwave Webinar: Getting Started with Microsoft Copilot for Security

As a Microsoft security partner, Trustwave has committed itself to helping clients get the most out of their Microsoft E5 license, including properly setting up one of E5's primary features -...

Read More

Think Pink

There are some people who say, "I already conduct red team exercises, why would I need something different that is nothing more than a watered-down red team?"

Read More

Unlock Zero Trust: Why Database Security is the Missing Piece

As organizations consider their journey to establishing a strong Zero Trust culture, they must adopt a data-centric approach, and this begins with ensuring database security.

Read More