Email Soaring to the Cloud Requires Advanced Threat Protection

The economics of cloud email is compelling. In an era of limited resources, having your business email communications managed by the supplier is a triple win:

• Enterprises get the benefits of email with the supplier managing the system
• Costs are significantly lower than on-premises email
• End-users love it (higher adoption rate than most other systems)

Yet, protecting cloud email is more challenging than on-premises email because:

• Criminals need only figure out one vulnerability and they can launch the same attack against everyone using that platform
• It’s easy to test by simply setting up their own Gmail or MS Outlook.com account
• Once they compromise an email system, any email they send will appear to be an internal email, which typically is not scanned by email security solutions

Evasive malware and phishing schemes easily bypass detection to deliver keyloggers, ransomware and more, resulting in account takeovers and compromised personal or confidential data. And organizations don’t have much time before real damage is done (although time typically is not the criminals’ challenge). According to the Verizon 2018 Data Breach Investigations Report, 87% of compromises took only minutes, while 68% of compromises took companies months to discover.

Email security controls for the cloud must provide protections in three key areas:

• Advanced threat detection
• Advanced anti-phishing
• Account takeover protection

Advanced Threat Detection

One of the key characteristics of advanced malware is the use of many tactics to evade detection. In addition to defeating signature-based detection products and behavior-based detection tools, there are hundreds of evasion techniques that advanced malware uses to avoid detection. Moreover, a malware object will typically deploy multiple tactics. While there are hundreds of specific tactics, they fall into broad categories:

• Stalling delays
• Action-required delays
• Intelligent suspension of malware
• Fragmentation
• Return-oriented programming
• Rootkits

Conventional, virtual sandboxes are no longer up to the challenge. Threat actors create malware that spots virtual sandbox environments and takes evasive actions. Only “bare metal” full system CPU emulation can remain hidden from malware so that its payload is accurately detonated. This approach is highly accurate with vastly fewer false positives.

Advanced Anti-Phishing

Basic anti-phishing functionality uses techniques to examine the headers, subject, and body. They also provide URL filtering with data resources such as URL blacklists. More advanced anti-phishing systems also analyze the links in an email and the content they point to. What’s needed to boost the effectiveness of these methods is deploying machine learning that can block zero fonts and evaluate historical emails to determine the trust relationships between sender and receiver.

Account Takeover Protection

Even with anti-phishing measures, users may still lose their credentials. Cloud security must analyze login and account activity to detect and block account takeovers. This can be done by correlating login events with past activity based on:

• Geography
• Time of day
• Sending outgoing phishing emails
• Sending a high volume of emails
• Emails with a large number of recipients

Of note here is that scanning outbound and internal emails are as important as scanning inbound. One obvious indicator of account takeover is detecting an internal user’s email account is sending phishing emails. Without outbound and internal scanning, this is likely to be missed.

Conclusion

Cloud email offers many benefits to enterprises of all sizes — including government agencies. Protecting email from advanced threats should be a top priority for all organizations. Basic anti-virus and anti-spam features are not enough to protect an organization, its people, and its data and IP. When considering cloud email security solutions, it’s important to consider the strength of malware detection, advanced anti-phishing functions, and protection from account takeover.

Lastline Email Defender-Cloud^TM is one example of a solution that offers the right combination of advanced malware detection with very few false positives, machine learning supported anti-phishing algorithms, and outstanding protection from account takeover. Enterprises will gain all the simplicity of cloud email and all the power of Lastline^® to defeat threats. Lastline Email Defender-Cloud can be quickly deployed and easily maintained because of the reliable native cloud API architecture that eliminates the need to change MX routing.