Trustwave SpiderLabs Uncovers Ov3r_Stealer Malware Spread via Phishing and Facebook Advertising. Learn More

Trustwave SpiderLabs Uncovers Ov3r_Stealer Malware Spread via Phishing and Facebook Advertising. Learn More

Services
Capture
Managed Detection & Response

Eliminate active threats with 24/7 threat detection, investigation, and response.

twi-managed-portal-color
Co-Managed SOC (SIEM)

Maximize your SIEM investment, stop alert fatigue, and enhance your team with hybrid security operations support.

twi-briefcase-color-svg
Advisory & Diagnostics

Advance your cybersecurity program and get expert guidance where you need it most.

tw-laptop-data
Penetration Testing

Test your physical locations and IT infrastructure to shore up weaknesses before exploitation.

twi-database-color-svg
Database Security

Prevent unauthorized access and exceed compliance requirements.

twi-email-color-svg
Email Security

Stop email threats others miss and secure your organization against the #1 ransomware attack vector.

tw-officer
Digital Forensics & Incident Response

Prepare for the inevitable with 24/7 global breach response in-region and available on-site.

tw-network
Firewall & Technology Management

Mitigate risk of a cyberattack with 24/7 incident and health monitoring and the latest threat intelligence.

Solutions
BY TOPIC
Microsoft Exchange Server Attacks
Stay protected against emerging threats
Rapidly Secure New Environments
Security for rapid response situations
Securing the Cloud
Safely navigate and stay protected
Securing the IoT Landscape
Test, monitor and secure network objects
Why Trustwave
About Us
Awards and Accolades
Trustwave SpiderLabs Team
Trustwave Fusion Security Operations Platform
Trustwave Security Colony
Partners
Technology Alliance Partners
Key alliances who align and support our ecosystem of security offerings
Trustwave PartnerOne Program
Join forces with Trustwave to protect against the most advance cybersecurity threats

Trustwave MailMarshal’s Blended Threat Module Offers Maximum Protection Against Phishing

Trustwave MailMarshal is a highly dependable and adaptable email security solution that has established itself as a leader in the industry, earning recognition over many years. With the inclusion of Trustwave MailMarshal's Blended Threat Module (BTM), it now offers enhanced protection against phishing attacks, utilizing the power of machine learning for security measures.

A Blended Threat refers to a method of compromising information security that employs multiple tactics. In the context of email, attackers skillfully craft Blended Threat messages to appear as if they originate from a trusted source. These emails often contain links that lead to websites hosting malicious code or attempting to manipulate users into revealing personal information. Sometimes threat actors specifically target Blended Threat emails at individuals or a specific group.

The BTM of Trustwave MailMarshal employs various validation techniques, including real-time behavioral analysis, content inspection, and insights from reputable industry sources. These methods allow the BTM to identify and block websites that distribute suspicious or malicious code. Since the validation process occurs in real-time through a cloud service when an email recipient clicks a link, it ensures superior effectiveness in detecting and neutralizing new exploits for all users, regardless of their device or location.

Here's How the BTM Functions

For background, the Blended Threat Module within MailMarshal scans incoming emails and modifies links before delivering them to the recipient. The Trustwave Link Validator cloud service is activated when a user clicks on a link.

The Link Validator submits the link to one or more validation services, which include reputable link reputation services that check if the link is associated with phishing or other malicious activities. Additionally, Trustwave's Smart Link Classifier, based on continuously trained machine learning technology, performs real-time content checks on the linked pages to identify phishing and other threats. Real-time scanning is crucial in detecting new threats before they are added to reputation lists.

Based on the validation results, the Link Validator either allows the request to proceed to the original site or blocks it if deemed unsafe.

New and Improved BTM

In March 2023, Trustwave's MailMarshal underwent a significant update, introducing PageML as part of the Blended Threat Module. With this addition, the email security solution gained the capability to perform thorough and real-time scans when a URL within an email is clicked, allowing it to determine whether the URL is malicious.

PageML, short for Page Machine Learning, leverages machine learning techniques to analyze page content in real-time, enhancing the BTM's ability to identify malicious URLs by a third.

PageML serves as a real-time scanning module that examines HTML content, extracts relevant features, and applies a machine learning-based classifier to assess whether the page exhibits characteristics of phishing or other suspicious content. The deployment of PageML to all MailMarshal clients took place in early March.

Developed by Trustwave and managed by SpiderLabs, PageML operates as a URL classifier and actively functions within the Trustwave section of VirusTotal. It analyzes millions of URLs daily. Testing has demonstrated that PageML successfully detects a significant number of active phishing pages that other validators might miss. Its inclusion in the arsenal against phishing is, therefore highly valuable.

The Benefits of Trustwave MailMarshal

  • Protects against ransomware attacks, Business Email Compromise (BEC), phishing scams, malware, and Zero-Days
  • Zero clients reported ransomware infection in 20+ years
  • 99% malware and exploit capture rate
  • < 0.001% spam false positives
  • Layered threat intelligence, powered by telemetry from 5,000+ global MSS/ MDR clients and ML-powered algorithms
  • Granular control of internal SMTP traffic
  • Decades of leadership in email security supported by Trustwave SpiderLabs elite threat detection security team
  • Deploy on prem or hybrid cloud
  • Complements Microsoft 365 and other cloud email.

Top Email Security Best Practices

To safeguard against cybercriminals, organizations must prioritize email security and establish a comprehensive defense strategy to protect this vulnerable attack vector. Here are some essential measures to implement:

  • Deploy a robust email security solution: It is crucial for organizations to have a powerful email security solution in place. This solution should offer advanced protection mechanisms to detect and mitigate various email-based threats.
  • Enable Multi-Factor Authentication (MFA)/Two-Factor Authentication (2FA): Organizations should enforce MFA/2FA on all accounts wherever possible. This additional layer of security helps invalidate credential-based attacks. Microsoft research has shown that a staggering 99% of compromised Microsoft accounts did not have MFA enabled.
  • Conduct regular security training: Providing annual security training refreshers for all employees is essential. This training should cover topics such as phishing awareness and overall security practices. By educating employees about the types of attacks they may encounter, organizations empower them with the knowledge to recognize and respond to threats. Security teams should remind staff members request a second form of verification and validation before making any changes to bank details or initiating payments over email.
  • Implement a Secure Email Gateway (SEG): Organizations should adopt a Secure Email Gateway tailored to their specific needs. This gateway should be optimized to detect and block email threats effectively. Additionally, organizations must establish clear policies on how different file types sent via email will be handled to mitigate risks associated with malicious attachments.

By incorporating these measures into their email security strategy, organizations can significantly enhance their defenses and reduce the risk of falling victim to email-based attacks.

Latest Trustwave Blogs

Defending Healthcare Databases: Strategies to Safeguard Critical Information

The healthcare sector continues to be a primary target for threat actors, with 2023 seeing a record number of data breaches and compromised records. While successful attacks are inevitable, it’s...

Read More

Trustwave SpiderLabs: Ransomware Gangs Dominate 2024 Education Threat Landscape

The security teams manning the defenses at the higher education and primary school system levels often find themselves being tested by threat actors taking advantage of the sector's inherent cyber...

Read More

LockBit Takedown: Law Enforcement Disrupts Operations, but Ransomware Threats Likely to Persist

The news that US, UK, and other international law enforcement agencies disrupted LockBit is welcome, as stopping any threat group activity is always a positive. The unfortunate aspect is this blow...

Read More