Loading...
Blogs & Stories

Trustwave Blog

The Trustwave Blog empowers information security professionals to achieve new heights through expert insight that addresses hot topics, trends and challenges and defines best practices.

When it Comes to Email Security Good Enough is Not Enough

There is an underlying constant when it comes to creating a strong defense—the more layers of defense in place, the better. Sure, having a single stout wall in place might be strong enough to deter some attackers, but it is simply not enough to counter a foe determined to gain entry.

This holds true whether the defender is a castle, sports team, or an organization. An attacker can usually figure out how to defeat an initial defensive structure, but the more obstacles placed in the way will either defeat the attack or, more likely, just convince the threat actor to move along to an easier target. Either way, you are safe.

This line of reasoning is particularly true when it comes to email security. Email is still the method most cybercriminals choose when it comes to launching an attack. The reason for this is relatively straightforward, emails lead to human beings, and people are generally an organization's weakest link. 

How weak?

The FBI's Internet Crime Complaint Center (IC3) 2021 Internet Crime Report noted that phishing scams were extremely prominent, with 323,972 complaints being made in the U.S. in 2021, over 34% higher than the previous year and representing more than $44M in adjusted losses.

Specific to organizations, Business Email Compromise (BEC) is one of the most widely committed crimes by cybercriminals. IC3 received 19,954 BEC/Email Account Compromise (EAC) complaints with adjusted losses of over $2.4 billion in 2021 alone. The FBI report stated that losses increased by about $600 million year over year.

Out of the Box Security is Not Enough

All major email solutions come out of the box with some built-in security. These steps can include requiring two-factor authentication to log in; some have encryption options, and most request the end-user has a strong password. But, as was noted, adversaries do not seem to have a problem circumventing these basic fortifications.

The answer to this problem is for an organization to build its wall higher by bringing on additional security developed by a company specializing in email security. There is, of course, additional cost involved, but the price tag is minimal compared to the potential loss of being breached through a phishing or BEC attack.

When searching for an email security firm, one should look for a company that can protect against all types of email attacks, supply filters to weed out spam, analyze attachments, and has cybersecurity researchers and analysts who are always on duty working to search out the latest attack trends. 

An organization needs a partner that brings more to the table than just security, the ability to bring threat intel, dedicated security researchers, and the ability to examine malicious emails and deconstruct the problem. 

Trustwave has the Answer

Trustwave's MailMarshal email security solution offers unparalleled protection to our customers. For example, no MailMarshal clients have reported infections with ransomware to date and MailMarshal stopped the notorious Wannacry and Netwalker ransomware at our gateway even before signatures for this infamous malware were available.

This amazing response was possible due to Trustwave's proprietary email filters backed by 100 million threat intel records, curated from investigations and threat hunts conducted on behalf of 5,000 global MSS/MDR Trustwave clients. In addition, our proprietary spam filters that use in-house SpiderLabs handcrafted heuristic rules to zero in on bot and spammer traits. A heuristic capability is critical as it allows us to focus on forward-looking, repeatable patterns, enabling us to detect unknown spam campaigns. When combined with automated signatures and handcrafted heuristics means better protection.

Email attachments, such as Excel or Word documents, are the primary tools threat actors use to sneak malware onto a victim's computer. So, the best way to ensure these emails are not opened is by spotting and blocking them before they reach the recipient.

MailMarshal's embedded granular content inspection capability recognizes five times more email attachment file types hidden in file sub-components and unpacks every layer and component of an email and its contents to uncover any hidden attacks and malicious code before delivery.

MailMarshal's predictive BEC scanning engine can spot and counter BEC threats by running hundreds of heuristic checks, rules, filters and thousands of known fraud signatures.

Trustwave MailMarshal is the only email gateway that supports Microsoft Azure Information Protection (AIP) and Rights Management Services (RMS). Our solution can decrypt Azure RMS email for Microsoft 365 to enforce all outbound policy controls before re-encrypting and sending, thus eliminating security blind spots created by email encryption. MailMarshal can also enforce Azure RMS controls based on policy triggers even if the user forgets them.

email security

The Elite Trustwave SpiderLabs Team

Trustwave SpiderLabs email security researchers have spent 16 years developing the email threat detection capabilities included in MailMarshal. SpiderLabs is our in-house security team staffed by hundreds of highly trained security experts dedicated to discovering and thwarting the latest email attack trends.

Trustwave SpiderLabs has created a vast threat intelligence library curated from investigations and threat hunts on behalf of our 5,000 global MSS/MDR clients, as well as intel from our partners and includes a dedicated email and malware research team that monitors traits associated with spam and malware delivery systems.  

As we have seen, using heuristics is a key MailMarshal component. When protecting email, the SpiderLabs team's primary purpose is to detect any change in how threat actors deliver malware and issue a timely heuristic update.

The combination of threat intel, research and threat hunting has proven highly successful, resulting in a 0.001% false-positive rate, a 99.999% malware and exploit capture rate, and its findings are beneficial not only to our clients but to the cybersecurity community in general. 

A SpiderLabs email and malware security research team uncovered a new malware family while reverse-engineering malware found in our client's systems. This high level of dedication and hard work led to the discovery of a new malware family, dubbed GoldenSpy, for example. The team found this malware embedded in tax payment software that a Chinese bank required corporations to install to conduct business operations in China.

The malware was caught and mitigated before any nefarious activity could occur to our client.

The takeaway is that when it comes to email security, please do not be complacent sitting behind a single defensive barrier; build your wall higher.