Trustwave SpiderLabs Uncovers Critical Cybersecurity Vulnerabilities Exposing Manufacturers to Costly Attacks. Learn More

Trustwave SpiderLabs Uncovers Critical Cybersecurity Vulnerabilities Exposing Manufacturers to Costly Attacks. Learn More

Managed Detection & Response

Eradicate cyberthreats with world-class intel and expertise

Managed Security Services

Expand your team’s capabilities and strengthen your security posture

Consulting & Professional Services

Tap into our global team of tenured cybersecurity specialists

Penetration Testing

Subscription- or project-based testing, delivered by global experts

Database Security

Get ahead of database risk, protect data and exceed compliance requirements

Email Security & Management

Catch email threats others miss with layered security & maximum control

Co-Managed SOC (SIEM)

Eliminate alert fatigue, focus your SecOps team, stop threats fast, and reduce cyber risk

Microsoft Exchange Server Attacks
Stay protected against emerging threats
Rapidly Secure New Environments
Security for rapid response situations
Securing the Cloud
Safely navigate and stay protected
Securing the IoT Landscape
Test, monitor and secure network objects
Why Trustwave
The Trustwave Approach
Awards and Accolades
Trustwave SpiderLabs Team
Trustwave Fusion Platform
SpiderLabs Fusion Center
Security Operations Centers
Technology Alliance Partners
Key alliances who align and support our ecosystem of security offerings
Trustwave PartnerOne Program
Join forces with Trustwave to protect against the most advance cybersecurity threats

Trustwave MailMarshal PageML Scanner Detects 30% More Phishing Attempts

Trustwave’s MailMarshal received a major update this month with the addition of PageML to the Blended Threat Module. The BTM enables the email security solution to conduct in-depth, real-time scans when a URL in an email is clicked to determine if the URL is malicious. PageML boosts the BTM’s ability to detect malicious URLs by one-third by applying machine learning techniques to page content in real time.

The new scanning feature is named PageML, short for Page Machine Learning. It is a real-time scanning module that inspects HTML content, extracts features, and applies an ML-based classifier to determine if the page is likely phishing or other suspicious content. MailMarshal rolled out PageML to all MailMarshal clients in early March.

PageML is a Trustwave-developed, SpiderLabs-managed URL classifier that is running live in the Trustwave section of VirusTotal and analyzing millions of URLs daily. Testing has shown PageML detects a significant amount of live phishing pages missed by other validators, so it is a welcome addition in the fight against phishing.

Including  PageML within MailMarshal, which was done automatically to all MailMarshal clients, will result in end users and admins finding more phishing sites blocked and warnings displayed. Early estimates show at least 30% more phishing URLs will be detected. It’s important to note that no action is necessary by clients, PageML is autonomous.

The PageML validator has two modes of action: block and warn. Higher confidence scores are blocked, and the user cannot click through. PageML classes lower scores as only "suspicious" and will show the end user a warning page. 

If a suspicious URL is discovered, the end user will see this message:


Top Email Security Recommendations

Email remains the most likely attack vector a cybercriminal will use so it is imperative that an organization not only have a power email security solution, but builds defense in depth to protect this vulnerable area:

  • Enable Multi-Factor Authentication MFA/2FA on accounts wherever possible to invalidate credential account attacks. Microsoft found that 99% of compromised Microsoft accounts they observed did not have MFA.
  • Have a second form of verification and validation before changing bank details or sending payments over email.
  • Provide annual security refreshers for the whole organization. Covering phishing and overall security awareness will teach employees what attacks they may individually face and give them a plan of action.
  • Use a Secure Email Gateway (SEG), optimized for your organization.
  • Set a policy on how the organization will handle different file types that are sent over email.

The Right Tool for the Job

A proper SEG is critical to your email security success. An SEG helps ensure malicious emails and spam don’t make your way into your network by quarantining and flagging problematic emails and email attachments. But every SEG is different--the right one must be flexible enough to work with the policy you set in place and have comprehensive visibility into your incoming email to get ahead of hackers trying to evade detection.

It’s also important for an SEG to be able to unpack or discover items that may be hidden in other files or attachments. For example, an SEG may block emails with certain .exes but may not see that those same files are embedded in an excel document, or zipped in an archive file format such as a .zip or .rar. An SEG also must be able to find and extract potentially malicious files in complicated office document formats, such as a macro within a Word document.

The Power of Trustwave MailMarshal: Battle-Tested Email Security Defender

Trustwave MailMarshal offers a sophisticated multi-layered approach to email security to reduce false positives and protect against spam, gateway attacks, viruses, phishing attempts, and malicious URLs embedded in an email. In addition, it provides complete email protection against phishing and business email compromise (BEC).

Trustwave MailMarshal contains a specialized BEC Engine to protect against advanced BEC attacks.

These capabilities are reflected in the fact that MailMarshal:

  • Is utilized by thousands of businesses ranging in size from SME to large Fortune 500 firms.
  • Protects more than 3 million users in the public and private sectors via our on-premises edition, cloud, service provider partners, and Trustwave Managed Security Services
  • Enjoys an average client loyalty of 15 years.



Latest Trustwave Blogs

Unlock the Power of Your SIEM with Co-Managed SOC

Security information and event management (SIEM) systems play a pivotal role in cybersecurity: they offer a unified solution for gathering and assessing alerts from a plethora of security tools,...

Read More

Trustwave SpiderLabs: LockBit 3.0 Ransomware Most Common Malware Used to Attack the Manufacturing Sector

As the manufacturing sector continues its digital transformation, Operational Technology (OT), Industrial Control Systems (ICS), and Supervisory Control and Data Acquisition (SCADA) are becoming...

Read More

Trustwave’s Observations on the Recent Cyberattack on Aliquippa Water Treatment Plant

The attack last week on the Municipal Water Authority in Aliquippa, Penn., that gave threat actors access to a portion of the facility’s pumping equipment has spurred the Cybersecurity &...

Read More