Is Less Really More for Email Security?

By Mark Zigadlo, Cofense According to Verizon’s Data Breach Report, 96% of breaches start with a phishing email. Though not news to us at Cofense, the statistic is still alarming. This got me thinking about some of the reasons Cofense customers, myself included, have been largely insulated from ransomware, business email compromise (BEC), credential phishing and other such attacks. While I was reviewing the Threat Policies in the Office 365 Security and Compliance center (what you get as part of your E5 license) in advance of my upcoming Mimecast renewal, I learned that all of the same security controls I was currently leveraging in Mimecast were built into the O365 threat policies. I quickly realized: I did not have to renew our Mimecast services. But really? I could completely eliminate a layer of protection and not only decrease my cost and number of vendors but lower my risk? Seems too good to be true. But it is. I easily made the decision to not renew because although you need email security at your gateway to stop the “easy” email attacks, the old, slow-to-deploy legacy technology, secure email gateways (SEGs), don’t catch everything. We had been using one and paying for one we didn’t use. With our expensive third-party gateway gone, I actually noticed a decrease in malicious emails making it into inboxes. That doesn’t mean no phish made it past Microsoft, it just means the Microsoft controls were working better than Mimecast at stopping the “easy” email attacks. With Microsoft’s security controls plus Cofense, I now have a complete solution that stops the volume emails at the gateway, identifies through Computer Vision (from our recent Cyberfish technology acquisition) the emails that get past the gateway, and provides a final net – people report suspected phish based on their simulation training. The best of all worlds with a system that continues to get smarter and faster as it learns. Reduced cost, risk and complexity. What could be better? Cofense has the largest repository in the world of human verified phishing threats, and this repository of threat intelligence grows larger every day. With nearly 30 million people in our global network reporting suspected phish – call it “the network effect” — we have visibility into the (in)effectiveness of almost all secure email technologies and are able to alert our customers to zero-day phishing attacks, operationalize this information, and then publish into our products and services on day one. With the global network, when an attack is identified in one organization, that intelligence is used to stop attacks in other organizations, often before the phishing campaign is reported. With the legacy SEG vendors, and even Microsoft, there can be lags of days and weeks detecting new attacks in the wild. The table below shows SEGs are doing a decent job stopping malicious attachments –the “easy” email attacks. But, as we all know, those are not the only threats trying to make their way through the gateways. Today’s malware, BEC, ransomware and credential phishing emails are coming through in a variety of delivery techniques. Given that you’re likely already paying for Microsoft’s email security protection, it makes sense to stop spending your money on solutions that do not add value. Why not use what you’re already paying for, combined with Cofense products and services, to stop what is getting past? Not only can you reduce your risk, but you can simultaneously reduce your cost and, in some cases, save hundreds of thousands of dollars – or even millions (depending on the size of your organization) – in old, legacy, slow-to-deploy SEG technology and, of course, have one less vendor. Companies moving to the cloud and consolidating vendors need to strongly consider migrating away from their legacy SEGs, use Microsoft Threat Policies in Microsoft Defender for O365 to provide basic protections, and then leverage a cloud email security solution like Cofense to remove malicious emails proactively from their inboxes. Legacy email security tools, like the gateways, have failed to address the innovative techniques developed by attackers. The Next Step Want to really test your SEG and see how it compares to the table above? Soon you’ll be able to “validate” your SEG with our new assessment service designed to provide insight into how your email filtering strategy responds to real-world phishing threats. This is the world’s first objective SEG performance service. Real, live phishing threats identified by Cofense will be sent, with specific attention to security so no employees encounter the phishing threat, through your SEG to see how it measures up against active threats. You’ll be able to realize instant ROI by receiving reports with actionable information. With our new SEG assessment service, you’ll be able to see the value of the Cofense solutions by seeing first-hand how vulnerable your organization is to threats we see every day. SEGs alone cannot ensure security. But when you couple Microsoft (or Google) email security with the Cofense suite of products, you can feel confident about your security position. Learn more about Cofense Phishing Detection and Response solutions, here.

All third-party trademarks referenced by Cofense whether in logo form, name form or product form, or otherwise, remain the property of their respective holders, and use of these trademarks in no way indicates any relationship between Cofense and the holders of the trademarks. Any observations contained in this blog regarding circumvention of end point protections are based on observations at a point in time based on a specific set of system configurations. Subsequent updates or different configurations may be effective at stopping these or similar threats. Past performance is not indicative of future results.

The Cofense® and PhishMe® names and logos, as well as any other Cofense product or service names or logos displayed on this blog are registered trademarks or trademarks of Cofense Inc.