In our final installment of this four-part series, we explain adaptive email protection. To start at the beginning of the series, click here. To download the entire series, check out our “Future of Email Security in the Cloud” white paper.
An Introduction to Adaptive Email Protection
Adaptive email protection embraces the cyclical approach to security and remediation, similar to what is outlined in Gartner’s CARTA model. Instead of using static analysis to score emails against only known threat indicators, this model embraces the nuances of context to identify threats that typically evade traditional security solutions. Rather than only focusing on what makes an email “bad,” the cyclical approach also analyzes what makes an email “good”—creating a baseline for understanding the expected communication patterns for a given organization and a given individual. Advanced technology can then be used to identify the anomalies of the patterns that can indicate a threat.
The Inner Workings of Adaptive Email Protection
Unlike the traditional approach, which acts on known information about existing threats, adaptive email protection leverages advanced analytics on sender relationships and behavior to detect anomalies beyond the known, and uses the results to enrich a growing dataset to continuously improve efficacy. Ideally, this cycle is continuously improving via machine learning and policy refinement as it learns and adapts to an organization’s unique communication patterns, threat profile, and risk tolerance. As a result, this approach has the critical ability to identify the payload-free phishing attempts that bypass other security measures.
For example, many popular consumer email services—like Gmail—contain features that make spoofing sender information simple. Because Gmail meets typical authentication standards and the spoofed name may be familiar, this impersonation attempt would not trigger alert or quarantine from traditional email security solutions. Yet with an adaptive email solution in place, such an email would be flagged as a potential threat after applying context based on what has been seen previously compared to the current situation.
For instance, has this user received an email from this sender via Gmail before? Does this user typically only communicate with internal users? Has anyone else in the organization been contacted by this address before? Does the return path match the sender? The answers to these questions not only determine point-in-time action, but also feed the continuous cycle of security and remediation.
The ability to use context to evaluate risk also provides an opportunity for additional user awareness training. Whereas most security awareness programs rely either on generic training sessions or targeting users through “educational” attacks, organizations employing this adaptive email protection can provide users with context as to why a given email could be a threat. This has a two-fold effect—one, users gain in-context training as to what to be aware of, and two, security professionals can be less restrictive about which emails they quarantine or block, minimizing the negative impact security can have on business operations.
Secure Email Gateways (SEGs) vs. Adaptive Email Protection
As organizations increasingly move toward a more open IT infrastructure that embraces cloud technology, it’s critical that they also rethink how they incorporate security. An adaptive email security approach provides much more comprehensive protection than the static, perimeter-based model.
Email is the most widely used and trusted business system, yet it remains the least secure. The increasing sophistication of email-based threats and the concurrent modernization of IT infrastructure present unique challenges that demand a new approach to security. Secure Email Gateways (SEGs) inherently lack the ability to effectively secure cloud-based email from the multitude of threats that are constantly growing in sophistication and volume.
Organizations using cloud-based email cannot expect adequate protection from traditional options that are not responsive enough to function with dynamic cloud environments.
Instead, you should seek responsive, agile, cloud-native solutions with the following capabilities:
Anomaly-based Threat Detection
The ability to integrate deep relationship analytics with user and organizational profiling to identify the anomalies that typify social engineering campaigns but aren’t detected by binary methods of analysis.
Emergent Threat Intelligence
The ability to block known and emerging global threats by combining real-time, global user data with threat intelligence feeds from third-party providers.
Context-based User Engagement
Automated, contextual warnings and reminders that help employees make better decisions by providing contextual information (e.g., warning banners on emails or link protection with a destination site preview.)
The ability to easily adjust automated response actions (e.g. quarantine, user warnings, etc.) based on an organization’s risk tolerance, business processes, and enforced policies.
Post-Delivery Incident Response
The ability to identify breadth of exposure from newly identified threats and remove them from user inboxes, even post-delivery, with no time restrictions.
Organizations should also consider solutions that connect users to resources—for instance, reminders about corporate wire transfer policies or links to tips for identifying phishing attempts—in real time, enables them to make informed choices about what action to take in the moment. This in-context user awareness training can augment mandatory, periodic awareness training, creating a more educated, effective workforce.
It’s time for a new approach.
We hope you have enjoyed this four-part series on the Future of Cloud Email Security. The time has come for the transformation of email security from binary, static email filtering to a cloud-first, context-based strategy that embraces adaptive email protection and transforms users from “the weakest links” into IT partners.
GreatHorn simplifies email security by automating the cycle of email security—through continuous threat detection, defense, and incident response. Office 365 and G Suite customers using GreatHorn not only gain enterprise-class protection against both sophisticated phishing attacks and traditional threats, they also reduce complexity, manual remediation time, and negative impact on business operations.
By combining deep relationship analytics with continuously evolving user and organizational pro ling, GreatHorn’s cloud-native email security platform provides adaptive, anomaly-based threat detection that secures email from malware, ransomware, executive impersonations, credential theft attempts, business services spoofing, and other targeted phishing attacks. More information is available at www.greathorn.com.