By Mark Zigadlo, Cofense
According to Verizon’s Data Breach Report, 96% of breaches start with a phishing email. Though not news to us at Cofense, the statistic is still alarming. This got me thinking about some of the reasons Cofense customers, myself included, have been largely insulated from ransomware, business email compromise (BEC), credential phishing and other such attacks.
While I was reviewing the Threat Policies in the Office 365 Security and Compliance center (what you get as part of your E5 license) in advance of my upcoming Mimecast renewal, I learned that all of the same security controls I was currently leveraging in Mimecast were built into the O365 threat policies.
I quickly realized: I did not have to renew our Mimecast services. But really? I could completely eliminate a layer of protection and not only decrease my cost and number of vendors but lower my risk? Seems too good to be true. But it is.
I easily made the decision to not renew because although you need email security at your gateway to stop the “easy” email attacks, the old, slow-to-deploy legacy technology, secure email gateways (SEGs), don’t catch everything. We had been using one and paying for one we didn’t use.
With our expensive third-party gateway gone, I actually noticed a decrease in malicious emails making it into inboxes. That doesn’t mean no phish made it past Microsoft, it just means the Microsoft controls were working better than Mimecast at stopping the “easy” email attacks. With Microsoft’s security controls plus Cofense, I now have a complete solution that stops the volume emails at the gateway, identifies through Computer Vision (from our recent Cyberfish technology acquisition) the emails that get past the gateway, and provides a final net – people report suspected phish based on their simulation training. The best of all worlds with a system that continues to get smarter and faster as it learns. Reduced cost, risk and complexity. What could be better?
Cofense has the largest repository in the world of human verified phishing threats, and this repository of threat intelligence grows larger every day. With nearly 30 million people in our global network reporting suspected phish – call it “the network effect” — we have visibility into the (in)effectiveness of almost all secure email technologies and are able to alert our customers to zero-day phishing attacks, operationalize this information, and then publish into our products and services on day one. With the global network, when an attack is identified in one organization, that intelligence is used to stop attacks in other organizations, often before the phishing campaign is reported. With the legacy SEG vendors, and even Microsoft, there can be lags of days and weeks detecting new attacks in the wild.
The table below shows SEGs are doing a decent job stopping malicious attachments –the “easy” email attacks. But, as we all know, those are not the only threats trying to make their way through the gateways. Today’s malware, BEC, ransomware and credential phishing emails are coming through in a variety of delivery techniques. Given that you’re likely already paying for Microsoft’s email security protection, it makes sense to stop spending your money on solutions that do not add value. Why not use what you’re already paying for, combined with Cofense products and services, to stop what is getting past? Not only can you reduce your risk, but you can simultaneously reduce your cost and, in some cases, save hundreds of thousands of dollars – or even millions (depending on the size of your organization) – in old, legacy, slow-to-deploy SEG technology and, of course, have one less vendor.
Companies moving to the cloud and consolidating vendors need to strongly consider migrating away from their legacy SEGs, use Microsoft Threat Policies in Microsoft Defender for O365 to provide basic protections, and then leverage a cloud email security solution like Cofense to remove malicious emails proactively from their inboxes. Legacy email security tools, like the gateways, have failed to address the innovative techniques developed by attackers.
The Next Step
Want to really test your SEG and see how it compares to the table above? Soon you’ll be able to “validate” your SEG with our new assessment service designed to provide insight into how your email filtering strategy responds to real-world phishing threats. This is the world’s first objective SEG performance service. Real, live phishing threats identified by Cofense will be sent, with specific attention to security so no employees encounter the phishing threat, through your SEG to see how it measures up against active threats. You’ll be able to realize instant ROI by receiving reports with actionable information. With our new SEG assessment service, you’ll be able to see the value of the Cofense solutions by seeing first-hand how vulnerable your organization is to threats we see every day.
SEGs alone cannot ensure security. But when you couple Microsoft (or Google) email security with the Cofense suite of products, you can feel confident about your security position.
Learn more about Cofense Phishing Detection and Response solutions, here.
- Stop Threats
Defend your organization with a complete email security solution designed to identify, protect, detect & respond to threats.
Condition your workforce against today’s latest threats and transform them into your front line of defense.
Protect your organization with our deep analysis into the current threat landscape and emerging trends.
See why the Cofense Intelligent Email Security suite stands out against the competition
Business Email Compromise (BEC)
BEC amounts to an estimated $500 billion-plus annually that’s lost to fraud. Ensure your business is protected.
Phishing is the #1 attack vector for ransomware attacks. Stop phishing attacks in their tracks.
Protect your user’s credentials and avoid a widespread, malicious attack.
- Solutions
Email Security for the Enterprise
Complete threat protection, detection and response tailored for enterprise businesses.
Email Security for Managed Service Providers (MSPs)
Best-in-Class Phishing Protection and Simulations designed for MSPs, from the ground up.
Managed Email Security Solutions
Protect your organization from attacks with managed services from the Cofense Phishing Defense Center™.
Automatically identify and quarantine email threats across your organization in minutes.
Analyze & Remediate Reported Threats
Accelerate threat detection and response, empowering fast resolution.
Actionable Insight into Emerging Threats
Protect your organization with our deep analysis into the current threat landscape and emerging trends.
Easily Report Suspected Threats
Report suspicious threats with just one click.
Train employees through an with award-winning Learning Management System.
Condition your workforce against today’s latest threats and transform them into your front line of defense.
- Clients
Businesses from all industries rely on Cofense to safeguard their teams.
Global organizations trust Cofense to protect their most critical assets.
- Resources
Check out our resource library of solution content, whitepapers, videos and more.
Come see us at a local event or join us at an upcoming webinar.
Stay current on cybersecurity trends, market insights and Cofense news.
See the real threats that are currently evading your Secure Email Gateway (SEG).
- About
Cofense stops email security threats and protects your company through our network of 35+ Million human reporters.
See the latest articles, press releases and more in our news center.
It’s an honor to be recognized in the cybersecurity market. Check out our recent awards.
Grow your business, drive new revenue streams, and improve your competitive posture through our Partner Program.
We’re looking for passionate people to join us in our mission to stop all email security threats for organizations around the globe.
Get to know our management team.