In this email security blog series, we’ve examined the most common phishing tactics (Part 3), the techniques most commonly leveraged by threat actors (Part 2), and the many puzzle pieces found in email authentication standards and protocols (Part 1).

So now that we better understand the robust and ever-shifting email security threat landscape, one question remains: how can you protect your organization?

In this blog post, we will first take a look at the various email security tools, solutions and platforms in today’s market and show how they help to protect organizations from various phishing threats. Spoiler alert: some work better than others. Then we will examine the advanced technologies that power these solutions.

A comprehensive guide to anti-phishing solutions

• Anti-phishing behavioral conditioning (APBC)
  – A specific type of anti-phishing employee training with the goal of educating employees about common types of phishing threats and reducing the number of incidents where an employee takes the bait left out by a threat actor.
• Common Vulnerabilities and Exposures (CVE)
  - A list of security vulnerabilities and exposures records allowing companies to better classify, identify and organize phishing threats with the goal of accelerated remediation.
• Content Disarm & Reconstruction (CDR)
  – A computer security technology that removes malware from code. It is commonly offered as part of a larger email security solution as a bolt-on focused on cloud-based email endpoints.
• Cloud Email Security Supplement (CESS)
  – This type of solution first gained mainstream attention as a result of Gartner’s 2019 Market Guide for Email Security. CESS solutions target a very narrow subset of advanced threats, unlike Integrated Email Security Solution (IESS) vendors (see below for more).
• Data Leak Prevention (DLP)
  – A capability of some email security solutions that prevents sensitive information or data from leaving an organization via email. This is a common add-on service offered by email providers such as Microsoft.
• Extended Detection and Response (XDR)
  – Similar to SIEM, XDR solutions aggregate data across endpoints, including antivirus, firewall, and more. Security analysts leverage XDR to provide a full picture of an organization’s threat landscape, which, of course, includes email.
• Indicator of Compromise (IoC)
  – IoC-focused email defenses are commonly found in SEGs, which rely on technology to identify phishing threats that contain a malicious payload (URL, attachment). However, this technology is ineffective in remediating the rise of social engineering attacks.
• Integrated Email Security Solution (IESS)
  – This is where many modern email security solutions sit, including IRONSCALES. While the efficacy and integrated advanced technologies vary, most email security companies claim to offer robust advanced threat capabilities to prevent all types of phishing techniques that would normally breach Secure Email Gateways.
• Email Security Orchestration, Automation and Response (M-SOAR)
  – This solution is commonly deployed by email security companies, including IRONSCALES, with end-to-end security to identify and remediate threats while continuously learning to better improve the process.
• Phishing Button
  – This is a common feature found across many email security products. The button empowers users who receive a suspicious email to quickly click “spam alert” or “phishing” so that the email is then routed to a phishing mailbox for further investigation.
• Phishing Mailbox/Spam Mailbox/Abuse Mailbox
  – These terms often get used interchangeably but the distinctions are important.
  1. Phishing Mailboxes: these mailboxes received user/employee-reported email threats.
  2. Spam Mailbox: these mailboxes are commonly found in most email clients as “spam” folders where junk and/or spam email is automatically routed.
  3. Abuse Mailbox: these mailboxes are where emails are automatically sent in organizations that have SOAR solutions (i.e. suspicious emails are automatically quarantined here rather than requiring any action by users).
• Phishing Simulation and Training
  – While phishing training is a commonplace solution, many businesses are not investing in the use of advanced phishing protection education to help employees identify and mitigate more complex threats like socially engineered attacks and business email compromise (BEC).
• Sandbox
  – An extremely common solution for a variety of technologies used by engineers and other users can safely test new technologies before they are widely deployed into production. However, sandboxes differ in email security, referring to the isolation of a suspicious URL or attachment in a phishing email. This is particularly useful for zero-day attacks that bypass existing technical defenses.
• Secure Email Gateway (SEG)
  – Some of the most commonly deployed email security solutions, SEGs as identified by Gartner, “provide basic message transfer agent functions; inbound filtering of spam, phishing, malicious and marketing emails; and outbound data loss prevention (DLP) and email encryption.” So what is the problem with SEGs? IRONSCALES research shows advanced phishing attacks bypass leading SEGs at a nearly 50% clip.
• Security Information and Event Management (SIEM)
  – Email security solutions often integrate with SIEM tools. The email security tools send logs to the SIEM, which then consolidates logs from all connected security technologies, analyzes the data and then generates alerts for analysis and reporting. Some IRONSCALES SIEM integrations include Micro Focus ArcSight, IBM QRadar and Splunk.

Breaking down the advanced technology that powers modern email security

The lifeblood of the solutions described above is the advanced technology that powers the software and keeps organizations secure. While almost every company will claim to use “advanced technologies”, it is important to understand the basic mechanics of what these technologies entail in order to discern when companies are full of hot air.

For example, SEGs may claim to use AI and machine learning, but without emerging technologies to automatically understand both the content and intent (“what”) of suspicious messages, and at the same time validating sender identity and domain authenticity (“who”), they’re unable to stop the rise of social engineering threats.

• Artificial Intelligence (AI)
  – Big picture, AI utilizes machine learning algorithms to conduct tasks in smart ways. When many people are asked to define AI, there’s a wide range of reactions from fully autonomous futuristic humanoid robots seen in movies to smart technologies like Alexa, Siri and Roombas. For the purposes of this blog, AI enables decisions to be made on trending and zero-day phishing attacks without human intervention. In fact, it’s the basis of how we founded the IRONSCALES self-learning email security platform.
• Computer Vision
  – An advanced technology that helps to prevent credential harvesting and PII leaks by looking at visual deviations from the norm common with fake web pages. By comparing the visual similarity of legitimate landing pages to spoofed ones, computer vision provides a critical additional layer of defense since they do not rely on simple pattern matching technologies.
• Machine Learning
  – Fundamentally, machine learning is the ability for machines to become smarter through experience. Machine learning makes AI possible and uses algorithms to query vast amounts of data, discover patterns and generate insights. In email security, machine learning can automate the task of phishing attack discovery via scanning messages and other proprietary analytics.
• Natural Language Understanding (NLU)
  – An emerging advanced technology used in many technology sectors. In email security, it leverages advanced machine learning and neural networks to automatically detect and respond to the most common types of BEC attacks. Importantly, NLU is what allows IRONSCALES to understand both the “what” and the “who” of suspicious messages.