Three "E"s of Modern Email Security for Phishing: #1 Enhanced Technology

By James Robinson ·

Every day, over a billion emails are sent containing malicious links and attachments, tempting users to take the bait and effectively launch an attack on your organization. Phishing emails are nothing new, but according to the Anti-Phishing Working Group, 2013 was one of the most active years for phishing. The problem is most users aren’t able to recognize a phishing attempt and companies don’t have an effective strategy to address the issue – leaving your organization susceptible to an attack.

The recipe to tackle phishing is the following: two cups of defense in depth, stirred with three cups of reduced attack surface, combined with a dozen incident response plans. In all seriousness, the approach to help you solve this issue is three-pronged. We like to call it the “Three 'E's of Modern Email Security for Phishing”:
1.  Enhanced technology
2.  Employee focus
3.  Enterprise visibility

Enhanced technology offers improved protection and works to limit the delivery of phishing emails to users within your organization – in order to reduce your attack surface.

Most organizations I work with are trying to use spam filters as the primary means to block email phishing attacks. But they are only effective when an email is sent from a questionable source, and many times in spear-phishing the email is coming from a reputable source and bypasses the spam filter. New email security technologies are utilizing innovative features, designed to limit the delivery of phishing emails to users, and leverage concepts from Forrester’s “zero trust model.”

Attachment Sandboxing New technologies are able to determine if an inbound email contains a malicious attachment by using a sandbox to open the file. This allows the file to be tested in a separate environment to ensure that it doesn’t contain a virus or malware, without causing harm to the host computer.

URL Sandboxing If there are any links in an inbound email, the technology is able to follow the link (in a sandbox) to determine if the destination is malicious. It is able to detect hidden iFrames and other elements that can direct the user to an environment containing an exploit or malware.

URL Wrapping for On-Click Analysis Another tactic email security technologies use is changing and redirecting the URL. If a URL appears suspicious, it rewrites the URL and will do an analysis if and when a user clicks the link.

Hybrid Delivery via Cloud/On-Premise An email is first delivered to a cloud environment, where the technology is able to examine it before it is delivered to an on-premise set of servers or appliances, after it has been deemed “safe”. This allows you to keep the malware and the malicious emails off your environment entirely. The hybrid approach also allows URL wrapping to work from anywhere, on or off of your network.

Make it part of your job to explore new technologies, understand how threats are evolving, and innovate your approach to security. In my next blog post I will discuss the second "E" of modern email security for phishing, Employee focus.

James Robinson

Vice President, Third-Party Risk Management

As vice president, third-party risk management, Robinson oversees Optiv’s Third-Party Risk Management practice which includes the development and operations of TPRM-as-a-Service and Evantix. During his tenure at Optiv, he has worked as a core contributor around strategic internal initiatives including threat management, risk management, third-party risk management, vulnerability management and data program protection. He also develops and delivers a comprehensive suite of strategic services and solutions that help chief experience officer (CXO) executives evolve their security strategies through innovation.