Trustwave MailMarshal is a highly dependable and adaptable email security solution that has established itself as a leader in the industry, earning recognition over many years. With the inclusion of Trustwave MailMarshal's Blended Threat Module (BTM), it now offers enhanced protection against phishing attacks, utilizing the power of machine learning for security measures.
A Blended Threat refers to a method of compromising information security that employs multiple tactics. In the context of email, attackers skillfully craft Blended Threat messages to appear as if they originate from a trusted source. These emails often contain links that lead to websites hosting malicious code or attempting to manipulate users into revealing personal information. Sometimes threat actors specifically target Blended Threat emails at individuals or a specific group.
The BTM of Trustwave MailMarshal employs various validation techniques, including real-time behavioral analysis, content inspection, and insights from reputable industry sources. These methods allow the BTM to identify and block websites that distribute suspicious or malicious code. Since the validation process occurs in real-time through a cloud service when an email recipient clicks a link, it ensures superior effectiveness in detecting and neutralizing new exploits for all users, regardless of their device or location.
For background, the Blended Threat Module within MailMarshal scans incoming emails and modifies links before delivering them to the recipient. The Trustwave Link Validator cloud service is activated when a user clicks on a link.
The Link Validator submits the link to one or more validation services, which include reputable link reputation services that check if the link is associated with phishing or other malicious activities. Additionally, Trustwave's Smart Link Classifier, based on continuously trained machine learning technology, performs real-time content checks on the linked pages to identify phishing and other threats. Real-time scanning is crucial in detecting new threats before they are added to reputation lists.
Based on the validation results, the Link Validator either allows the request to proceed to the original site or blocks it if deemed unsafe.
In March 2023, Trustwave's MailMarshal underwent a significant update, introducing PageML as part of the Blended Threat Module. With this addition, the email security solution gained the capability to perform thorough and real-time scans when a URL within an email is clicked, allowing it to determine whether the URL is malicious.
PageML, short for Page Machine Learning, leverages machine learning techniques to analyze page content in real-time, enhancing the BTM's ability to identify malicious URLs by a third.
PageML serves as a real-time scanning module that examines HTML content, extracts relevant features, and applies a machine learning-based classifier to assess whether the page exhibits characteristics of phishing or other suspicious content. The deployment of PageML to all MailMarshal clients took place in early March.
Developed by Trustwave and managed by SpiderLabs, PageML operates as a URL classifier and actively functions within the Trustwave section of VirusTotal. It analyzes millions of URLs daily. Testing has demonstrated that PageML successfully detects a significant number of active phishing pages that other validators might miss. Its inclusion in the arsenal against phishing is, therefore highly valuable.
To safeguard against cybercriminals, organizations must prioritize email security and establish a comprehensive defense strategy to protect this vulnerable attack vector. Here are some essential measures to implement:
By incorporating these measures into their email security strategy, organizations can significantly enhance their defenses and reduce the risk of falling victim to email-based attacks.