Email is the number-one threat vector for cyber attacks, according to the Cisco 2015 Annual Security Report. The increasing amount of business-sensitive data sent by email means the potential for leakage is great. Hacking is now industrialized, and targets campaigns are more sophisticated. Email virus attacks and spear-phishing schemes are on the rise, delivering malware designed to infiltrate data centers where high-value data resides. The advanced malware that malicious actors deploy can easily evade point-in-time security solutions and spread quickly through a network.
By scouring social media websites, criminals now find information on intended victims and create sophisticated and highly targeted attacks using personal information and social engineering tactics that may be tied to global news events.
Clearly, hackers are benefiting from the expanded attack surface: As the Cisco Talos Security Intelligence and Research Group (Talos) researchers noted that in the Cisco 2014 Annual Security Report, “Security is no longer a question of if a network will be compromised. Every network will, at some point, be compromised.”
In today’s treat landscape, where the security perimeter has been pushed to the cloud and data is a prime target for attack, the chance of a compromised network is essentially assured. That’s why today’s organizations need an email security with the following capabilities.
REQUIREMENT 1: PROVIDES PROTECTION ACROSS THE ENTIRE ATTACK CONTINUUM – BEFORE, DURING, AND AFTER AN ATTACK
Employees once checked text-based email from a workstation behind a company firewall. Today they access rich HTML messages from multiple devices, anytime and anywhere. Ubiquitous access creates new network entry points that blur the lines of historically segmented security layers.
Today’s email security solutions provide continuous monitoring and analysis across the extended network, so enterprises have greater ability to stop threats and protect users across the full attack continuum – before, during, and after an attack. And when compromise inevitably occurs, security personnel will be better positioned to determine the scope of the damage, contain the event, remediate, and bring operations back to normal as quickly as possible.
REQUIREMENT 2: STAYS AHEAD OF THE EVOLVING THREAT LANDSCAPE
Modern web security requires the ability to block malware from both suspicious and legitimate sites before it reaches a user. Business tools that increase productivity can significantly increase the probability that users will encounter malware. Even legitimate websites can pose a threat by malware designed to hide in plain sight. Web security is in this environment must be capable of dynamic reputation – and behavior – based analysis. It also must be nuanced enough to support policies that give employees customized access to the sites they need while selectively denying the use of undesired sites and features like web-based file sharing.
REQUIREMENT 3: HANDLES THE WIDE VARIETY OF SPAM AND VIRUSES
Phishing continues to prove its value to criminals as a tool for malware delivery and credential theft because users still fall prey to familiar spam tactics, according to the Cisco 2015 Annual Security Report.
Although there is no such thing as 100% protection from spam and viruses, organizations can reach a catch rate higher than 99% by layering and integrating multiple antispam engines and multiple antivirus engines. A security architecture that tightly integrates multiple engines and allows them to work together automatically and transparently not only increases protection levels, but also reduces false-positive rates, as they serve as a check and balance against each other.
In addition, filters that look at the reputation of the sender’s IP address can help protect against attacks that hijack IP address ranges.
REQUIREMENT 4: PROTECTS SENSITIVE DATA AND PREVENTS IT FROM LEAVING THE ORGANIZATION
Research by Cisco Talos suggests that organizations may not be able to prevent all malware from infiltrating their networks. However, modern small security solutions can help reduced the chance that critical data will leave the network either by accident or by design.
Organizations need the ability to detect, block, and manage risks in outbound email. Solutions with content-aware, policy-based data loss prevention (DLP) and encryption capabilities can offer that protection. Outbound antispam and antivirus scanning, along with outbound rate limiting, helps organizations keep compromised machines or accounts from ending up on email blacklists.
REQUIREMENT 5: ADDRESSES NEW ATTACK VECTORS AS THEY EMERGE
Preventing data from leaving the network and ending up in the hands of unauthorized users also requires organizations to know at all times which users are attempting to gain access to the network, from what location, and from what type of device. This requires a highly secure mobility solution that can provide information on user identity and location, device operating system and version, and user access privileges. Next-generation firewalls can then enforce network access based on context.
Enterprises should look for email security solutions that offer flexible deployment options that encompass physical applications, virtual appliances, the cloud, and hybrid offerings. In addition, solutions should be able to scale form hundreds to thousands of users with little disruption.
5thColumn, LLC is a full service information technology company centered on next generation cyber threat protection and enterprise data security. We are true technology partners who take the time to understand your business requirements and build a strategy to mitigate the risk of data breaches and ensure system reliability across the entire enterprise.
Our services have been developed and refined over time to help you incorporate best practices and increase the return on existing IT investments. This approach is built on decades of technical leadership and practical, real-world experience assessing, designing, implementing and operating security solutions in most complex environments.