Defense in depth is a common practice in both the physical and the cyber security realms. We create multiple layers to complement each other; each layer assumes its predecessor failed.
I travel a lot, and I find aviation security fascinating. It is a well-thought, well-orchestrated security process designed to detect and prevent various threats, most of which are based on known events. When you look at how aviation handles security and compare it to email security, you can see similarities as well as opportunities to build stronger parameters.
I might be oversimplifying it because I am sure there are a few other checks happening behind the scenes that we might not even be aware of, but, generally speaking, the following routine is what we experience after we check in to our flight.
Those checks are trying to answer a basic yet important question–who is taking what on board?
When you think about it, there are a lot of similarities, and as a matter of fact, the same applies to the cyber security world, specifically in email security.
Gateway solutions are trying to answer a similar basic question – Who is sending what?
They go and validate senders (sending IPs and more), looking for spoofs and imposters – Who? And scan the links, attachments, and even the body copy to identify the “What.” If all checks are clear, they allow the email to the inbox.
In the aviation security world, security doesn’t stop at the gate. In some cases, there is a marshal on the plane.
This last line of defense, the inner layer, was put in place to detect and respond to threats after the plane already took off. This layer inspects suspicious behavior and responds quickly before something bad happens. It is focused on the human element. It assumes the ”Who” and the “What” checks failed because some new and unexpected type of threat has emerged.
This also applies to email security. A modern email security approach is no longer solely relying on the gateway security checks because bad actors have discovered ways to bypass those. Next-gen mailbox-level protection allows for continuous behavioral analysis of emails already delivered to the mailbox. It can detect anomalies and quickly respond to threats by clawing emails back from all employees’ mailboxes.
As always, time is of the essence. We have a few seconds to respond before something bad happens. We don’t have time to waste on search queries and manual responses; we need to be able to act immediately before the first click is lured.
Put a marshal in your inbox.
We invite you to download our new report "The Business Cost of Phishing", where you can discover the true cost of phishing on organizations as well as what IT and Security professionals believe is coming next. You can get the report at https://secure.ironscales.com/the-business-cost-of-phishing/report-download