A deep dive into the world of CRM-based attacks. Learn how Salesforce can be a threat to your organization
Perception Point has been ranked #1 in SE Labs’ last independent testing. Competing against global companies such as Microsoft, G-suite, Mimecast, Fortimail and Kaspersky. The test was performed in Q1 of 2020 and published in early April by SE Labs, a prominent email security pen-testing company. Perception Point received the highest detection rate (96%), coupled with a 0% false-positive rate, as a result, awarded with the AAA Email Security Services Protection Award.
These are the formal result. However, we believe it is more interesting to understand what made us stand out in this testing, and why we believe that we will top other tests like this in the future.
In the below article, I will describe how the test was conducted, why it’s unique in comparison to previous tests, and what type of samples where scanned in order to determine Detection rate/ FP rate. The first section should give you a good indication of why Perception Point and other vendors included in the test are the ones to focus on.
In the second section, I will present some of the pillars upon which Perception Point is built. This will allow you to understand why we stand out and how we can provide enterprises with the added value they need – even in this tough time.
“A Test like Never Before” – or What’s Unique about this test…
Pen-testing is one of the best buyers’ tool. After all, what can be better than having a 3rd party, independent vendor that provides you with a professional recommendation. This is why there are many companies that have gained expertise in checking and testing security products.
Generally speaking, up until 4-5 years ago, the main focus of these pen-test companies was the endpoint security vector. But as years went by and due to the growing number of email security vendors, all claiming to be “the best solution”, the demand for pen-testing of email security vendors increased significantly. Today, it is fair to say, that SE Labs is one of the most prominent email pen-testing companies in the world. We believe that their positioning is due to the fact that they evolve at the same pace attackers do.
And to prove that, one can look at the names of companies being tested. Until the last test, most of the email security companies were part of their public test. In the last test, however, many of those companies chose to drop out. And the reason? SE Labs adjusted the test to reflect what they currently see in the wild – i.e. they made it even more up to date and more useful for buyers.
This change has put some vendors on the fence. The rule Is that you can only decide whether to be included in the public report, before the test Is performed. As a result of this, a lot of the vendors were reluctant to participate. Why? We leave this to what SE Labs mentioned in their report: “Over the last 24 months we’ve worked with most of them privately, but this is a new test and, frankly, they are worried about their results.”
We respect our competitors. They have strong teams, brands and experience. However, we share more respect to the companies who tested out in the open field. We know that attacks are ever changing – there is no perfect test – but we believe this test is an industry leader. We hope that security experts will ask themselves “which companies are not afraid to face the creative attackers of today?”
Perception point is constantly being tested privately by prospects, customers and 3rd party vendors (e.g. Cymulate). We are proud with our results which regularly shows that we identify both malicious incidents and dummy threats (samples of clean emails to check the False Positive rate of the solution). This means we know what is of interest for clients and for their advisors.
Although there is never a perfect test (and we will also mention later what we think can be improved), this test by SE Labs was comprehensive and relevant, and included a wide variety of the threat vectors we see in the email domain.
The test included commodity malware, advanced threats, spam, targeted phishing, social engineering, and BEC (Business Email Compromise) threats. It also included a respectful amount of legitimate emails that looked similar to the actual threats, but were actually clean, to make sure no vendor is “cheating” by using rules or advanced mechanisms.
Source: SE Labs
To make sure all is set, SE Labs took a very strict approach. For example, any catch made by Office 365 or G-Suite that was not caught by the vendor was considered a miss. It is important to note that the test also included the security plans of Office 365 and G-Suite. Their offering is considered free (e.g. Office ATP is part of the E5 plan), and many companies are tempted to use them. But this test (and many other publications, see for example Gartner’s 2019 Email Security Market Guide) shows that “cheap” is expensive – and in this case the cost is poorer detection and accuracy. They may be good at catching spam and simple attacks, but as attackers become more and more sophisticated and change over time, they are simply not enough. If you want to be truly protected from today’s attacks, you need to engage with a vendor focused on cybersecurity, and not a vendor that has as a “side-kick”.
Looking at the results, Perception Point is proud not just by its high score of malware detection but also by having zero FPs. As you can imagine, vendors can try and score high on detection of malicious content if you catch also clean samples, but scoring high while not accidently catching any legitimate email is a tedious and careful task. As we will show below, you always need to remember not to only check how the vendor scores on detection, but also how the vendor operates day after day to ensure these results will be relevant in the future – since the threat landscape is always changing.
Until the early 2000’s Anti-Virus software (AVs) were dominant. With signature-based anti-viruses, URL reputation engines and threat intelligence, companies were covered against most attacks.
Around 2005, a new type of threat emerged which was much harder to detect with static detection methods: Advanced Persistent Threat (APT). To cope with that, new email security technology, including sandboxes emerged. Many of the security vendors we see in the market today evolved during that time.
However, as almost any innovation, with time it becomes mature. And with maturity, unfortunately, too many times we see some level of stagnation. And in the world of cybersecurity stagnation leads to loopholes waiting to be exploited. After so many years of doing the same thing, the email security market has been crying for a paradigm change in order to be able to fight back at the rapidly changing tactics of cybersecurity attackers. An email cyber security solution can no longer claim that it has one new silver bullet (even if it does), but has to constantly evolve to protect against new threats proactively.
Below I will describe how Perception Point became number #1 and what it requires to stay #1 – both from a technology perspective as well as from a process and organizational state of mind.
Using static methods such as signatures, patterns, and reputation is an endless race and does not detect APTs in general and Zero-days by definition . To detect unknown attacks, most solutions rely on sandboxes. Sandbox protection is a behavior-based detection method, providing the malware with a place to “play” and act. This allows the system to wait and see what the content is going to do and estimate if it’s malicious or not. But traditional sandboxes are easy to evade and being done in almost every attack.
Perception Point employs a different approach for protecting against APTs and Zero-day attacks – using a deterministic technology that does not simply wait for the malicious content to “do something” or “act”. Our HAPTM (Hardware Assisted Platform) x-rays the code at the CPU level (rather than checking behavior or statistics-based method) to detect the use of exploit techniques before the malware is even delivered.
You can read more about how we “killed” the sandbox here.
Our 7 layers of next-gen static and dynamic engines work together to prevent any content-based attacks and various techniques including: Zero-days, N-days, BEC, phishing, spam, malware, and evasion. Bu using advanced techniques in every layer, we can uncover any threat recursively to its basic components, scan dynamically 100% of traffic, and provide a clear verdict in up to 40 seconds – regardless to size or volume. No shortcuts and no filtering, saving you up to 40x of your scan time.
This is not just a number – it’s a shift in the way the enterprise thinks. For example, no more “releasing” suspicious files to end-user, hoping that the sandbox will later check it. Now, you can do things in prevention mode and intercept the attack before it reaches your employees inbox. And this is only one example – In a world of digital transformation – this can translate to your ability to better serve you customers and retain them.
Other platforms contains endless configurations and requires the user to properly construct the platform in order to be properly protected. Many customers buy those platforms feeling they are protected, but in reality, many things pass through the strainer.
Perception Point’s email security solutions are designed to save this overhead and keep you protected at all times. On top of automated processes making sure the solution is properly configured, we provide a dedicated group of email experts and incident response personnel to ensure no email slips away and that every customer is protected.
No solution can protect against 100% of the attacks. The question is how fast it adapts to new threats. While exploring every missed incident with a dedicated team as we are doing is a good start, but it’s not enough. It needs to be completed with the following components to make sure the “detection machine” works seamlessly:
We believe that innovation happens all the time. Every threat to email is considered a threat that needs to be stopped.
While we value tremendously the results of the test and are very proud to be #1, you should not trust only these results. We welcome you to test us for yourself. A test is never complete and there are many areas we believe can be added in the future to better compare between the complete service each vendor offers. You as a buyer, an expert or just someone who is into IT, Cyber and innovation, should look and see if the vendor you choose delivers the whole package you’re looking for.
For example, you need to make sure that the deployment of your security service is easy and almost seamless and unnoticed. You need to make sure that it is scalable as needed and that the delay of your emails as less as it can by acting fast. And you need to think beyond emails. Threats can come these days into your organization not just through emails, but also through collaboration channels, such as Dropbox, OneDrive, and G drive, through CRMs apps such as Salesforce and messaging and communication apps such as Teams, Zoom, and Slack.
Perception Point is a Prevention-as-a-Service company, built to enable digital transformation. Its continuously expanding platform protects against the full range of threats, across the most targeted channels, in one simple solution that is incredibly easy to deploy, maintain, and update according to the newest attack techniques.
Perception Point’s cloud-native platform enables the company to deploy updates to the platform on a daily basis, and its incident response team continually provides insight into the latest trends and techniques. It provides next-gen security with cutting-edge prevention of phishing, BEC, malware, and APT attacks with the speed, scale and agility of the cloud.
Perception Point’s platform works for you instead of you working for the platform.
Learn more about Perception Point’s service here.
Read the report here.
A deep dive into the world of CRM-based attacks. Learn how Salesforce can be a threat to your organization
Connect with our team to:
* Learn more
* Get a live demo
* Get a quote
* Set up a free 30 day trial
We will respond to your enquiry within 24 hours.