We spoke with Karen Krivaa, Perception Point about the email security challenges organizations are facing, how cloud has changed risk posture, and what organizations can do to ensure their email defenses can combat the threat of cyber attacks.
Why are companies still being breached via email?
With the current emphasis in the mainstream press on large-scale cybersecurity issues such as hacks, ransomware, and targeted attacks by state-level actors, it can seem incredible that cyber threats are still making their way through our email systems and duping users. However, with more than half of the globe using email and it being the primary way we organize our professional lives, threat actors have a pool of around 4 billion potential victims, and the more people they target the more likely someone will fall victim to one of their attacks. In fact, more people than ever are falling victim, with recent reports indicating that 82% of breaches suffered by companies are caused by human error.
Currently, many email security systems are unable to deal with the evermore sophisticated methods of threat actors. The versatility of email means that threat actors can always keep one step ahead of most security systems. For example, a recent phishing campaign caught by Perception Point’s Incident Response teams used URLs containing strings of lesser-used characters or unusual sequences because many email detection platforms do not flag these sequences as suspicious URLs. This meant that attackers were able to hide in plain sight and any email recipient could easily click on the text and be redirected to malicious sites.
Many email security systems are not equipped with the necessary technology to detect these advanced threats. There are many reasons why sophisticated threats evade email security solutions, including:
-
Packed programs hide malware that cannot be analyzed. Packing malware makes it difficult for malware analysts to reach the original code and analyze it.
-
Systems rely on signatures, which is not a comprehensive method of scanning potential malware as sophisticated hackers are able to modify their code to evade detection.
-
Traditional sandboxes that detect APTs are slow and can easily be bypassed. For example, certain types of malware require command lines in order to be executed, or are set to sleep for a time frame before beginning to execute commands. Traditional sandboxing technology is challenged by these methods, which hinders their accuracy and also their efficiency.
-
Not all emails and their content are dynamically scanned due to overall inefficient dynamic scanning capabilities as well as challenges with scale.
-
Blacklists are not enough as hackers can send emails from a new sender or even sometimes a “legitimate” sender.
-
Email security vendors do not respond quickly to new attack trends as many lack agility, thus leaving their customers vulnerable.
Despite the strides that email security has made over the past two decades, traditional methods are not able to keep up. Organizations are not assessing their existing systems and are thus prone to breaches. Newer, next-gen tools that leverage AI-based image recognition, machine learning, URL lexical analysis, anti-evasion techniques, supply chain graphs and other novel technologies are needed to deal with increasingly advanced threats. These can be easily deployed on top of existing solutions to quickly show value. Additionally, cloud-native solutions that can be optimized on-the fly to detect new and evolving threats provide the best ongoing protection to their customers
How has cloud migration and digital transformation trends changed the way threat actors target businesses?
The era of cloud migration and digital transformation has driven enterprises to rely on a range of modern digitized tools including email, collaboration tools, storage, and web applications, to solve various issues that come with the decentralized workspace. These include collaboration and storage tools such as OneDrive, Google Drive, Sharepoint, Dropbox, Google Drive, Box, Slack, S3 Buckets, and more, as well as SaaS apps such as CRMs like Salesforce and in-house proprietary apps. The impact of digitization and the shift to SaaS and web-based applications have exacerbated the threat landscape and the number of channels that attackers can exploit. Although the majority of attacks are still email-based and increasingly browser based, threat actors know that enterprise security teams may still have gaps and not deployed solutions that protect these newer channels, and threats to these access points are gradually increasing in number and ferocity.
In many cases enterprises may deploy multiple security solutions to cover different threats and different channels and apps, but this results in yet another challenge – overload on the SOC teams. When different systems are deployed, the multiple deployments, management and configuration as well as the lack of threat intelligence sharing, connectivity and integrations become a huge overhead challenge for the already overburdened SOC teams.
This has spurred an increased demand for comprehensive solutions that support security stack consolidation. Perception Point, as an Integrated Cloud Email Security (ICES) solution, delivers one SaaS platform that protects organizations from all threat types across not only their email, but also the many attack vectors including the web browser, cloud collaboration apps, cloud storage, proprietary apps and more.
What makes Perception Point different from other enterprise security vendors?
Although the majority of attacks are still email-based and increasingly browser based, next-gen threat actors take advantage of multiple attack vectors that include the plethora of communication and collaboration channels that users leverage on a daily basis. Perception Point isolates, detects and remediates all threats across these attack vectors from a single platform. The SaaS solution protects all of these channels and leverages the threat intelligence derived from each one to deliver even better protection. The ability to consolidate the cybersecurity stack with a SaaS solution reduces management overhead to almost zero, all while allowing enterprise security teams to use their time more effectively. In Perception Point’s case, the result is unmatched detection speed and scale, with the solution lowering dynamic threat analysis time from minutes into seconds, scanning 100% of content.
Additional differentiators which set Perception Point apart from other vendors are:
Highest detection accuracy in the market for all threat types
Perception Point’s solution is powered by seven layers of next-gen advanced threat detection capabilities against any type of attack based on text, files and URLs, resulting in the best detection rates in the market, with the lowest false positive rates, as published by SE Labs in its most recent third-party testing. SE Labs ranked Perception Point’s email security solution as number 1, reporting that the system achieved a ‘remarkable’ 100% Total Accuracy rating with 0% false positives in their assessment of the leading vendor email security services.
The solution covers all attack types such as phishing, BEC, ATO, malware, ransomware, APTs and zero-days.
Speed and Scale to dynamically scan 100% of content – text, files and URLs
The system dynamically scans 100% of content (including embedded files and URLs) at an average of 10 seconds. Named the Hardware-Assisted Platform (HAP™) because it leverages novel CPU level technology, this detection layer, one out of seven detection layers, doesn’t rely on known signatures and delivers a verdict at the exploit stage for precise APT prevention. The next-gen sandbox is not only more accurate but also efficient on both Microsoft and Mac, does not tamper with files and does not impact productivity – a combination that other solutions have not been able to achieve.
Meanwhile, Perception Point’s Advanced Browser Security is the only solution that leverages market-leading detection capabilities and combines them with patented isolation technology to add enterprise-grade security to native Chrome and Edge browsers. This ensures full protection, and a seamless browser experience for users, as opposed to comparable web security products that use proprietary browsers unfamiliar to enterprise staff members and have minimal detection capabilities. The solution can be simply deployed via a browser extension or a secure browser on PC or Mac and is easily managed from the cloud.
Managed Incident Response, free of charge
Perception Point includes a state-of-the-art managed Incident Response (IR) service at no additional cost which acts as a force multiplier for SOC teams, who are increasingly overburdened and understaffed. The combination of automation, ML and cybersecurity experts provides in-depth reporting, deep-level incident analysis, rapid remediation, and ongoing detection optimization, all of which can save up to 75% of SOC teams’ resources, managing incidents and remediating threats.
Enterprise security for all
The Perception Point service is available for any size of organization, ranging from Fortune 500 to SMBs (via MSPs). All customers receive the same level of protection and the free Incident Response service.
What are the advantages of cloud-native cybersecurity systems?
Modern cloud-native cybersecurity tools are characterized by their speed, scale, and agility. They have been engineered to be compatible with contemporary tools such as cloud email, commonly used web browsers as well as cloud-based apps and collaboration tools increasingly utilized by modern enterprises. Cloud-native software is highly flexible and can adapt to the needs of business demands without impacting performance. Algorithms and logic can be seamlessly updated, vulnerabilities can be plugged, and patches can be automatically uploaded for all customers. The adaptability of cloud-native solutions allows enterprises to keep up to date with modern business environments, despite how quickly they are changing.
Although it’s true that many traditional solutions have shifted to be cloud-compatible, the fact that they are not cloud-native means these solutions lack the speed, autonomous scale, and agility of cloud-native SaaS applications, whether it be in configuration, deploying updates, or supporting new features. In fact, most traditional solutions are point-specific and cannot keep up with the rapidly expanding threat surfaces or the growing number of channels that hackers leverage – an ability that is particularly important, especially when new or unique threats are identified. Cloud-native cybersecurity systems operate significantly faster than traditional systems and can also autonomously scale according to the demands of the user while retaining performance.
This article first appeared in Enterprise Security Tech on September 14, 2022.