Skip to main content

Three "E"s of Modern Email Security for Phishing: #1 Enhanced Technology

June 25, 2014

Every day, over a billion emails are sent containing malicious links and attachments, tempting users to take the bait and effectively launch an attack on your organization. Phishing emails are nothing new, but according to the Anti-Phishing Working Group, 2013 was one of the most active years for phishing. The problem is most users aren’t able to recognize a phishing attempt and companies don’t have an effective strategy to address the issue – leaving your organization susceptible to an attack.

The recipe to tackle phishing is the following: two cups of defense in depth, stirred with three cups of reduced attack surface, combined with a dozen incident response plans. In all seriousness, the approach to help you solve this issue is three-pronged. We like to call it the “Three 'E's of Modern Email Security for Phishing”:
1.  Enhanced technology
2.  Employee focus
3.  Enterprise visibility

Enhanced technology offers improved protection and works to limit the delivery of phishing emails to users within your organization – in order to reduce your attack surface.

Most organizations I work with are trying to use spam filters as the primary means to block email phishing attacks. But they are only effective when an email is sent from a questionable source, and many times in spear-phishing the email is coming from a reputable source and bypasses the spam filter. New email security technologies are utilizing innovative features, designed to limit the delivery of phishing emails to users, and leverage concepts from Forrester’s “zero trust model.”

Attachment Sandboxing New technologies are able to determine if an inbound email contains a malicious attachment by using a sandbox to open the file. This allows the file to be tested in a separate environment to ensure that it doesn’t contain a virus or malware, without causing harm to the host computer.

URL Sandboxing If there are any links in an inbound email, the technology is able to follow the link (in a sandbox) to determine if the destination is malicious. It is able to detect hidden iFrames and other elements that can direct the user to an environment containing an exploit or malware.

URL Wrapping for On-Click Analysis Another tactic email security technologies use is changing and redirecting the URL. If a URL appears suspicious, it rewrites the URL and will do an analysis if and when a user clicks the link.

Hybrid Delivery via Cloud/On-Premise An email is first delivered to a cloud environment, where the technology is able to examine it before it is delivered to an on-premise set of servers or appliances, after it has been deemed “safe”. This allows you to keep the malware and the malicious emails off your environment entirely. The hybrid approach also allows URL wrapping to work from anywhere, on or off of your network.

Make it part of your job to explore new technologies, understand how threats are evolving, and innovate your approach to security. In my next blog post I will discuss the second "E" of modern email security for phishing, Employee focus.

 


    James Robinson

By: James Robinson

Vice President, Third-Party Risk Management

See More

Related Blogs

June 30, 2014

Three "E"s of Modern Email Security for Phishing: #3 Enterprise Visibility

In response to the persistent threat from phishing attempts, a three-pronged approach focusing on the “Three 'E's of Modern Email Security for Phishin...

See Details

June 26, 2014

Three "E"s of Modern Email Security for Phishing: #2 Employee Focus

The first "E" of modern email security for phishing is Enhanced technology that works to limit the delivery of phishing emails to users within your or...

See Details

November 25, 2014

'Tis the Season for Phishing

It’s that time of year again, the holiday season. A time filled with friends, family, good food, and celebration. But of course it has its downsides a...

See Details

How Can We Help?

Let us know what you need, and we will have an Optiv professional contact you shortly.


Privacy Policy

Related Insights

September 16, 2014

Phishing with Smitty: A Unique Tool for Solicitation Attacks

This post will introduce you to the Smitty SMTP utility, which is a fully featured email client. We use this tool as a means to effectively deliver em...

See Details

November 25, 2014

'Tis the Season for Phishing

It’s that time of year again, the holiday season. A time filled with friends, family, good food, and celebration. But of course it has its downsides a...

See Details

March 08, 2017

Be on Alert for Phishing Scams during Tax Season!

Once again tax season is upon us, and with it brings increased phishing attempts targeted at obtaining tax information from both for-profit and non-pr...

See Details

Stay in the Know

For all the latest cybersecurity and Optiv news, subscribe to our blog and connect with us on Social.

Subscribe

Join our Email List

We take your privacy seriously and promise never to share your email with anyone.

Stay Connected

Find cyber security Events in your area.