Email is your company’s best friend, and also its greatest threat. The very things that make it such a potent business tool — its ease of use and ways it can be used to communicate and collaborate — make it vulnerable to phishing, malware, ransomware, impersonation attacks, and spam.
Every year, protecting email becomes harder, because attacks are becoming more sophisticated. Now, determined attackers spend time on reconnaissance activities, to attack specific individuals with highly crafted emails. If these targeted individuals take the bait, then they can unwittingly bypass security systems. And the scale of attacks has grown exponentially. Email is the top attack vector used by Targeted Attack Groups according to Symantec’s Internet Security Threat Report When it comes to impersonation attacks, the losses companies suffer as a result are considerable – more than $12.5 billion and growing at an alarming rate, according to the FBI.
Businesses are also harmed in ways that transcend the financial. Consider Business Email Compromise attacks, in which an attacker sends an email impersonating a company employee. What should an employee do when she gets an email from what appears to be a business’s Chief Financial Officer, asking for another employee’s tax records, or to make a financial transaction? She doesn’t know if it’s a legitimate request and whether to act on it. Businesses run on trust; trust which is severely eroded by impersonation attacks.
Even more harmful is the way in which email attacks can destroy the reputation you have with consumers and business partners. That can happen when an impersonator sends out emails that appear to be from your organization but are used to attack your customers by sending dangerous attachments or routing them to a malicious web site to steal information from them. The damage to your brand’s reputation can be enormous – and trust, once lost, is hard to regain.
In general, organizations face these three types of email security problems:
- How do you trust the sender of an email?
- Is a link safe? If you don’t know, what can you do to make it safe?
- How can you be sure that email is effective in securing your wider organization?
In the rest of this blog post, I’ll explain why they’re serious issues, and how Symantec’s Email Security solution which includes Email Fraud Protection, Email Threat Isolation and Email Threat Detection and Response solves them all.
Who Can Be Trusted?
Whether you should trust the sender of an email is a complex problem. You know you should only trust email from legitimate senders, but it can be extremely difficult to identify which are legitimate and which aren’t. That’s because many third-parties, use marketing automation tools that legitimately send email from an organization’s domain. This open approach to sending email on other domains lends itself to email being hijacked by imposters.
This problem affects not just recipients of emails, but businesses doing the sending, who want to make sure their emails aren’t used to attack their customers and business partners. An important defense against this is to publish a list of all approved senders (organizations that issue email from your domain), using sender authentication standards such as DKIM, DMARC and SPF. Using this published information, recipients can determine which email sender to allow or block — and businesses can stop malicious email being sent from their domains.
But the vast majority of organizations haven’t been able to enforce these standards. The task of enforcing sender authentication is complex and high stakes. You need to ensure changes to DNS are accurate and kept up to date, a task complicated as you need to track multiple senders and their underlying email sender details (e.g. IP addresses). Overstretched security and messaging teams often don’t have the necessary expertise or resources to do it.
Symantec Email Fraud Protection solves the problem by automating and maintaining the use of such lists. Firstly, it helps you audit who is sending email on your behalf, allowing you to confirm that these senders are legitimate. Once identified, you can authorize all legitimate senders, and use Email Fraud Protection to maintain this list. Incidentally, Symantec will also monitor the underlying email services used and keep these detailed records up to date. Now, a single DNS change enables you to attain, and maintain, sender authentication; drastically reducing the amount of staff time needed while achieving enforcement in a considerably shorter timescale.
Is That Link Safe?
Many attacks use email to send links to websites that either infect the user’s device or attempt to steal their credentials. It’s especially difficult to protect against this, because some sites are “grey websites”, i.e. websites that cannot yet be classified as simply good or bad. This may be because a website is new (so doesn’t have an established reputation), or is involved in sending spam (not necessarily bad) or is in a dormant state before becoming weaponized. This presents a classic security dilemma. If safe websites are blocked, then people’s productivity suffers, and their frustration levels increase. The challenge is to find a way to make email links to grey websites safe.
Symantec Email Threat Isolation does this by incorporating Symantec’s website isolation capability. When a user opens an email link to a potentially risky website, the site is run in a secure, isolated container. That lets the user click on links to risky sites but keeps malware away from users and their devices. Moreover, risky downloads hosted on these links are scanned to ensure they are safe before being sent from the isolated container to users. An additional benefit is that these websites can be run in a ‘read-only’ state, safeguarding the end user from credential phishing attacks.
Is Email an Effective Component of My Wider Security System?
Email security doesn’t live in isolation. It needs to be an integral part of an enterprise’s entire security system. That’s best achieved with the right analytics, so your team can focus on the most pressing email issues and apply that towards wider threats impacting the organization.
Now you can integrate Symantec Email Security with Symantec Information Centric Analytics to fully appreciate security and user-based risk. Already, the Symantec email security solution provides a broad range of analytics (more than 60 data points) to help messaging and security teams improve security. You can feed the email analytics we provide into a wider security management system, such as security information and event management software (SIEM), an advanced threat protection system or your Security Operations Center (SOC). In addition, the integration with Symantec Information Centric Analytics builds a complete view, bringing together other security data feeds, and user behavior analytics to give a full, risk based view on threats - allowing you to assess what threats are active so you can protect against them.