Email Security
SKALES reviews typical email security solutions to help with company email security, such as reducing or to stop spoof emails, protect staff, or provide that general email protection service.
Security Email Gateway (SEG)
Nearly all organisations today use one. Even free email vendors provide email protection as a standard email security solution. Providers such as Hotmail or G-Mail offer a security email gateway, otherwise known as a spam filter as standard. A SEG is a fundamental security solution that aims to stop spoof email and other related phishing emails arriving in staff mailboxes. Spoofed mail for example are messages that masquerade as a legitimate source. Unfortunately SEG are far from perfect and do not protect email by allowing unwanted messages through. Thankfully additional solutions are available to fight phishing that do arrive in staff mailboxes. SKALES works with all security email gateways and advanced features such as URL rewrite. Contact us now to find out more.
Phish Simulation
A solution used by security professionals which simulates the attack of a cybercriminal, but without disastrous consequences. Phish simulation provides professionals with the mechanism to send phishing emails, with many solutions offering known templates used by attackers. It is the standard process for security teams to understand their staff susceptibility, however, organisations such as the NCSC discouraged this process. Organisations have been known to deliver phishing simulation tests that border ethical practices, such as promising bonuses. Whilst a cybercriminal may use such types of social engineering techniques, the impact to the culture and social mindset within a business can be tainted. Phish simulations must be performed carefully to not cause distrust between security teams and staff. SKALES, however, provides risk metrics that identify staff weaknesses and strengths without simulation. By using real data, SKALES informs security teams the overall human-layer risk to phishing and where to pinpoint security awareness programmes.
Security Training
Security training has become essential in providing staff with knowledge in to the threat of phishing, and how to spot it. There are countless training providers on the market offering literature, videos, interactive games, and tests. There are typically three ways to receive such training;
- A company DLE (development learning environment)
- A provider website
- In-person training
SKALES however, offers an alternative. Training is delivered direct in to staff mailboxes. It was observed the majority of training required a link sent via email for staff to click and follow… the irony we typically advise staff not to click links in emails was not lost on us! That is why we deliver multiple forms of training direct to staff with no hyperlinks! Videos, literature and tests are all performed by SKALES in an individual’s mailbox. Try today for free with SKALES freemium, and begin training staff with NCSC’s security awareness training.
Reporting
Trained staff will not only identify phishing emails but will know what to do. Security teams need staff to report messages, and it is up to the security team to decide what ‘reporting’ actually does – which is typically dictated by maturity of the security programme. Reporting an email may simply delete it, pass it to the security team for analysis, or return it to the solution for automated analysis and learning. Some organisations use a report button while others request the email is sent to the security mailbox. It is considered a low level maturity function, but not every organisation adopts reporting as part of their email security solution due to the burden of actioning reported messages. SKALES supports the automation of this process but it also adds value through the ‘community of defenders’. By individuals reporting an email, it collectively supports everyone on the system dynamically impacting the threat score.
Warning Banners
‘This is an external email, be careful’ is a regular email banner adopted by many businesses today in order to offer a level of email protection service. Typically businesses set a rule to add a yellow banner at the top of an email that reminds their staff of the source of the received message. However, psychologist from Cardiff University have discouraged this practice, advising where every email presents this banner it becomes the ‘norm’ and therefore humans become complacent adding no additional value. SKALES does not provide static banners and instead provides a dynamic alert feature. Check it out below.
DMARC / SPF / DKIM
A security feature that supports the aim to stop spoof email and improve a company email security service. These features help email solutions to identify legitimate senders and what to do when an email does not conform. Many organisations are yet to adopt these features, there is little reason not to, however, it is not to be entirely relied upon. Threat actors such as Emotet have realised security email gateways were limiting mail which was not conforming to these features, so it began to adopt them. So just because a message aligns to DMARC / DKIM does not mean it can be trusted. SKALES identifies where these security features have not been adopted, but does not necessarily identify them as entirely malicious.
2FA / MFA
Two factor or multi-factor authentication are security functions that provide an alternative mechanism to identify an individual. The two best known MFA techniques are receiving an SMS / text message or an email with a code when logging in to a bank. Other techniques are using authentication apps, and it is highly recommended using MFA where possible.
Report Categorisation
Security teams encourage staff to report suspicious messages, however, this can put an additional strain on the security team. Processing countless emails which are simply unwanted newsletters can put an unnecessary strain on resourcing. By categorising messages, security teams receive emails needing review and automated processes action the noise. SKALES goes a step further by having individuals not only report messages but identify the areas of concern, such as ‘the account number has changed’ would only be known by the individual and not security personnel.
Policies and Processes
Policies and processes are an operational business activity and not exclusive to technology, but can provide email protection. By documenting defined processes and enforces policies, human actions can counter threats where technology fails. A key process highly recommended to businesses is the response to payments. Many organisations have saved substantial sums by simply calling their client and confirming the action over the phone. Such documentation must be defined for your business and take in to account such techniques as deepfake used by cybercriminals.
Dynamic Alerting
SKALES most unique feature is dynamic alerting, providing a ‘nudge’ to staff when messages look suspicious. Where messages are blocked, the SEG should ensure such messages do not arrive within the mailbox, however there are always indicators. SKALES identifies such indicators and ‘nudges’ staff, encouraging staff to BREAK any autonomous response or action, THINK about the situation and the threat that this email may pose, RECALL the training already invested in to them, and ACT in the best interest of the organisation, such as report.
SOAR / API
Security Orchestration Automated Response provides security teams to process large amounts of data and alerts through defined actions or rulesets. SKALES APIs provide businesses to adopt SOAR and provide a mature email protection service.
Threat Intelligence
SKALES is developed by Askari Blue, a security intelligence company. Intelligence was one of the fundamental attributes when creating SKALES for which provides relevant intelligence through dynamic threat feeds. Organisations determine to what threat level they wish to receive intelligence, adjusting their threat appetite easily and acquiring IOCs manually or integrating with SOAR. Where companies have unsuccessfully been able to protect email, such as criminals intercepting or gaining accessed to non-encrypted messages, often this data is leaked in to the public domain and data within can be used as an IOC, identifying when data leaks have occurred. A powerful capability to safeguard any organisation.