Recently we teamed up with research-firm Aberdeen Group to host a webinar discussing the obstacles email security currently faces as well as solutions that include a blend of advanced technology and human intelligence. In a guest post below, Derek Brink, CISSP, vice president and research fellow at Aberdeen Group, provides a summary of the webinar, including what steps can be taken to have an effective email security solution.
--
It’s generally understood that in their ongoing battles, highly focused and financially motivated attackers need to be successful only once — but enterprise defenders need to be successful every time.
In email security, it’s even worse than that.
In my day job at Aberdeen, I was fortunate to be given the opportunity to analyze empirical data from a leading email security solution provider — IRONSCALES — which illustrates the incredible leverage currently enjoyed by attackers. For every uniquely identified phishing email attack:
In plain language: Every phishing email attack affects multiple mailboxes at multiple organizations — which requires hundreds of successful detections by the collective email security capabilities of enterprise defenders.
Doing the math: Based on the empirical data, a straightforward Monte Carlo analysis shows that every phishing email attack requires a median of 180 detections by all affected defenders, with a range from 20 to more than 840. That is, there’s still a 10% likelihood that it will be greater than 840.
Even in an era of more specifically targeted attacks (e.g., spear phishing), the empirical data illustrates how significantly email security threats are being amplified.
Unfortunately, it’s getting even worse going forward.
Empirical data from IRONSCALES further shows that more than 40% of phishing email attacks are polymorphic — meaning that they undergo at least one permutation that’s designed to evade traditional email security controls. The most sophisticated attackers are already implementing polymorphic phishing email attacks that undergo hundreds of permutations to evade traditional defenses, in addition to multiple mailboxes and multiple enterprises.
Again, we can do the math. An extended Monte Carlo analysis shows just how much these techniques increase the total number of detections required by enterprise defenders — the “blast radius,” if you will — as compared to that of traditional, single-signature attacks:
Visually, this fundamental asymmetry between attackers and defenders is depicted in the following chart.
To adapt and evolve with financially motivated and technically sophisticated attackers, effective email security requires a purpose-built blend of advanced technologies, human intelligence, and user behaviors.
Strategically, it seems to me that the two biggest opportunities for more effective email security are found in the following high-level capabilities:
Accelerate the time to detection / prevention / remediation
For these reasons, it seems clear to me that enterprises should establish their email security solution selection criteria — from specialist service providers such as IRONSCALES — in line with the above.
For more information, watch the full webinar below.