Advanced Phishing Threat Protection Requires Security at the Mailbox Level

Written by

Even as cyber-criminals seek new ways to bypass enterprise security, they continue to target what they perceive to be the weakest link – humans.

With more than 269 billion emails sent every single day worldwide, it’s no surprise that email phishing remains the primary attack vector, as it is the easiest, and most proven method, to target vulnerable people.

Currently, the cybersecurity market is oversaturated with server-level email security solutions, such as secure email gateways (SEGs), which struggle to prevent and detect advanced phishing attacks, such as business email compromise (BEC) and ransomware, among others.

To better mitigate risk of today’s advanced phishing threats that are no match for server-level safeguards, organizations are beginning to adopt mailbox-level solutions as an additional backstop for fraudulent emails that make it through email gateways, and to better identify threats in real-time.

Server-based email security no match for BEC attacks
In the midst of phishing attacks becoming exponentially more sophisticated and targeted, the majority of SEGs continue to only offer signature-based and behavioral signature solutions that scan links and attachments, determine domain reputation and verify sender-receiver relationship, among other futile safeguards at the server level.

This can be beneficial, but without a more advanced and dynamic method of profiling, not nearly good enough.

Today, SEGs fail to address new threat models because of insufficient advanced threat defense capabilities. For example, an impersonated email message can easily evade legacy gateway detection, arriving into an employee’s inbox, where it can lay idle for days, weeks or months. With minimal to no post email delivery detection and response capabilities, a SEG will not recognize this type of email as malicious because the attack lacks links and attachments to analyze. Other limitations and vulnerabilities of SEGs include:

  • The misguided reliance on content filtering (URLs/attachments), and signatures despite hyper-targeted messages increasingly bypassing traditional email security controls.
  • Sender-recipient reputation-based context prevention mechanisms are too reliant on static VIP lists and similar algorithms such as fuzzy hash.
  • Relatively basic post email delivery capabilities easily defeat signature-based email security solutions by using polymorphism techniques. This includes changing email artifacts like the sender’s IP, subject lines and elements of the email body.
  • Not all inbound emails can be sandboxed or sanitized using Content Disarm and Reconstruction (CDR) technology.

Many organizations, especially the enterprise, are beginning to come to terms with the fact that their employees are now targeted and falling victim to all types email phishing attacks. As such, mitigating phishing risk requires stakeholders to rethink their approach to security to one that prioritizes automated advanced phishing threat protection at the mailbox level.

Improve phishing mitigation by moving email security from server to the mailbox
Because it is inevitable that phishing messages will land in employees’ inboxes, it is essential that every employee have mailbox-level detection. For one, mailbox-level security offers the ability to leverage machine learning to analyze an account’s information and communication habits. In turn, this can add to the expanse of knowledge on how to better identify these messages in the first place.

Additional benefits of mailbox-level email security include:
Inbox Behavioral Analysis - Once it has established a framework for what defines normal communications and messaging between the two parties, the system can then apply that monitoring to every mailbox inside and outside the organization, carefully scoring the content of the correspondence and looking for anomalies. 
Dynamic Sender Reputation Scoring - A mailbox-level solution has the ability to deeply scan and analyze every mailbox individually, offering a better view of the communication habits between the sender and the receiver. When used with machine learning technology, it can create a baseline for what “normal” communications between the two parties should look like to gauge the credibility of the sender’s reputation based on multiple data points and prior communications and habits. 
Augmenting Machine Intelligence – Providing end-users with in-mail alerts to flag and to act upon advanced phishing attacks such as BEC that cannot be determined by the human eye due to well-crafted social engineering. 
While phishing attempts are certainly growing more frequent and harder to detect and prevent, organizations can greatly reduce risk by moving phishing detection and prevention down the stack by putting a backstop in the mailbox itself.

What’s hot on Infosecurity Magazine?