Trustwave SpiderLabs Uncovers Ov3r_Stealer Malware Spread via Phishing and Facebook Advertising. Learn More

Trustwave SpiderLabs Uncovers Ov3r_Stealer Malware Spread via Phishing and Facebook Advertising. Learn More

Managed Detection & Response

Eliminate active threats with 24/7 threat detection, investigation, and response.

Co-Managed SOC (SIEM)

Maximize your SIEM investment, stop alert fatigue, and enhance your team with hybrid security operations support.

Advisory & Diagnostics

Advance your cybersecurity program and get expert guidance where you need it most.

Penetration Testing

Test your physical locations and IT infrastructure to shore up weaknesses before exploitation.

Database Security

Prevent unauthorized access and exceed compliance requirements.

Email Security

Stop email threats others miss and secure your organization against the #1 ransomware attack vector.

Digital Forensics & Incident Response

Prepare for the inevitable with 24/7 global breach response in-region and available on-site.

Firewall & Technology Management

Mitigate risk of a cyberattack with 24/7 incident and health monitoring and the latest threat intelligence.

Microsoft Exchange Server Attacks
Stay protected against emerging threats
Rapidly Secure New Environments
Security for rapid response situations
Securing the Cloud
Safely navigate and stay protected
Securing the IoT Landscape
Test, monitor and secure network objects
Why Trustwave
About Us
Awards and Accolades
Trustwave SpiderLabs Team
Trustwave Fusion Security Operations Platform
Trustwave Security Colony
Technology Alliance Partners
Key alliances who align and support our ecosystem of security offerings
Trustwave PartnerOne Program
Join forces with Trustwave to protect against the most advance cybersecurity threats

When it Comes to Email Security Good Enough is Not Enough

There is an underlying constant when it comes to creating a strong defense—the more layers of defense in place, the better. Sure, having a single stout wall in place might be strong enough to deter some attackers, but it is simply not enough to counter a foe determined to gain entry.

This holds true whether the defender is a castle, sports team, or an organization. An attacker can usually figure out how to defeat an initial defensive structure, but the more obstacles placed in the way will either defeat the attack or, more likely, just convince the threat actor to move along to an easier target. Either way, you are safe.

This line of reasoning is particularly true when it comes to email security. Email is still the method most cybercriminals choose when it comes to launching an attack. The reason for this is relatively straightforward, emails lead to human beings, and people are generally an organization's weakest link. 

How weak?

The FBI's Internet Crime Complaint Center (IC3) 2021 Internet Crime Report noted that phishing scams were extremely prominent, with 323,972 complaints being made in the U.S. in 2021, over 34% higher than the previous year and representing more than $44M in adjusted losses.

Specific to organizations, Business Email Compromise (BEC) is one of the most widely committed crimes by cybercriminals. IC3 received 19,954 BEC/Email Account Compromise (EAC) complaints with adjusted losses of over $2.4 billion in 2021 alone. The FBI report stated that losses increased by about $600 million year over year.

Out of the Box Security is Not Enough

All major email solutions come out of the box with some built-in security. These steps can include requiring two-factor authentication to log in; some have encryption options, and most request the end-user has a strong password. But, as was noted, adversaries do not seem to have a problem circumventing these basic fortifications.

The answer to this problem is for an organization to build its wall higher by bringing on additional security developed by a company specializing in email security. There is, of course, additional cost involved, but the price tag is minimal compared to the potential loss of being breached through a phishing or BEC attack.

When searching for an email security firm, one should look for a company that can protect against all types of email attacks, supply filters to weed out spam, analyze attachments, and has cybersecurity researchers and analysts who are always on duty working to search out the latest attack trends. 

An organization needs a partner that brings more to the table than just security, the ability to bring threat intel, dedicated security researchers, and the ability to examine malicious emails and deconstruct the problem. 

Trustwave has the Answer

Trustwave's MailMarshal email security solution offers unparalleled protection to our customers. For example, no MailMarshal clients have reported infections with ransomware to date and MailMarshal stopped the notorious Wannacry and Netwalker ransomware at our gateway even before signatures for this infamous malware were available.

This amazing response was possible due to Trustwave's proprietary email filters backed by 100 million threat intel records, curated from investigations and threat hunts conducted on behalf of 5,000 global MSS/MDR Trustwave clients. In addition, our proprietary spam filters that use in-house SpiderLabs handcrafted heuristic rules to zero in on bot and spammer traits. A heuristic capability is critical as it allows us to focus on forward-looking, repeatable patterns, enabling us to detect unknown spam campaigns. When combined with automated signatures and handcrafted heuristics means better protection.

Email attachments, such as Excel or Word documents, are the primary tools threat actors use to sneak malware onto a victim's computer. So, the best way to ensure these emails are not opened is by spotting and blocking them before they reach the recipient.

MailMarshal's embedded granular content inspection capability recognizes five times more email attachment file types hidden in file sub-components and unpacks every layer and component of an email and its contents to uncover any hidden attacks and malicious code before delivery.

MailMarshal's predictive BEC scanning engine can spot and counter BEC threats by running hundreds of heuristic checks, rules, filters and thousands of known fraud signatures.

Trustwave MailMarshal is the only email gateway that supports Microsoft Azure Information Protection (AIP) and Rights Management Services (RMS). Our solution can decrypt Azure RMS email for Microsoft 365 to enforce all outbound policy controls before re-encrypting and sending, thus eliminating security blind spots created by email encryption. MailMarshal can also enforce Azure RMS controls based on policy triggers even if the user forgets them.

email security

The Elite Trustwave SpiderLabs Team

Trustwave SpiderLabs email security researchers have spent 16 years developing the email threat detection capabilities included in MailMarshal. SpiderLabs is our in-house security team staffed by hundreds of highly trained security experts dedicated to discovering and thwarting the latest email attack trends.

Trustwave SpiderLabs has created a vast threat intelligence library curated from investigations and threat hunts on behalf of our 5,000 global MSS/MDR clients, as well as intel from our partners and includes a dedicated email and malware research team that monitors traits associated with spam and malware delivery systems.  

As we have seen, using heuristics is a key MailMarshal component. When protecting email, the SpiderLabs team's primary purpose is to detect any change in how threat actors deliver malware and issue a timely heuristic update.

The combination of threat intel, research and threat hunting has proven highly successful, resulting in a 0.001% false-positive rate, a 99.999% malware and exploit capture rate, and its findings are beneficial not only to our clients but to the cybersecurity community in general. 

A SpiderLabs email and malware security research team uncovered a new malware family while reverse-engineering malware found in our client's systems. This high level of dedication and hard work led to the discovery of a new malware family, dubbed GoldenSpy, for example. The team found this malware embedded in tax payment software that a Chinese bank required corporations to install to conduct business operations in China.

The malware was caught and mitigated before any nefarious activity could occur to our client.

The takeaway is that when it comes to email security, please do not be complacent sitting behind a single defensive barrier; build your wall higher.

Latest Trustwave Blogs

Defending Healthcare Databases: Strategies to Safeguard Critical Information

The healthcare sector continues to be a primary target for threat actors, with 2023 seeing a record number of data breaches and compromised records. While successful attacks are inevitable, it’s...

Read More

Trustwave SpiderLabs: Ransomware Gangs Dominate 2024 Education Threat Landscape

The security teams manning the defenses at the higher education and primary school system levels often find themselves being tested by threat actors taking advantage of the sector's inherent cyber...

Read More

LockBit Takedown: Law Enforcement Disrupts Operations, but Ransomware Threats Likely to Persist

The news that US, UK, and other international law enforcement agencies disrupted LockBit is welcome, as stopping any threat group activity is always a positive. The unfortunate aspect is this blow...

Read More