- Do you know by 2019 every 14 seconds, a new business will become hot target of cyber criminals and hackers?
- Are you aware of the ransomware and advanced malware-driven damages rising 15 times, within a span of 2 years?
- Damages caused by cyber crimes will literally double up to $6 trillion annually by 2021
These are few statistics to make every Organization understand the rising threat of Email frauds and that no one is immune . The rule is to stay safe and protected by deploying foolproof mechanisms.
Cloud Email Security & Email Advance Threat Protection
Logix Cloud Email Security service filters unsolicited Bulk email messages and protecting your mailboxes from targeted attacks. The service is built using best of breed technologies, Cisco Ironport, Proofpoint, Sophos & F-Secure to deliver highly effective and accurate email security. Transport Layer Protection a Built-In feature ensures the connection is encrypted between servers. Supports Microsoft Office 365, Google Apps, on premises or hosted Microsoft Exchange, and other mail services.
We are glad to announce the new feature that can now detect spoofing based on Display-Name. This will be an add-on feature for our existing domain-based spoof control under our Cloud ATP module, where spoofing from organisation domains are detected via DMARC policy actions. (ie. quarantine or reject) and getting subject tagged as “[Possibly Spoofed]”.
This is going to provide deep visibility in extending our intelligence to all emails scanned by Logix Email Security service to both domain-name based & display-name Business Scam Email Compromise attacks which have recently become a significant threat to businesses and individuals.
With this new feature, Logix Cloud email Security with ATP is now a full-service solution designed to protect medium & large enterprise organisations email security solution that delivers clean email with high reliability, and the peace of mind.
How does Spoofing take place?
Email spoofing is forging an email header to make it look like it came from somewhere or someone other than the actual source. It is often an attempt to trick the recipient into making a damaging statement or releasing sensitive information, such as passwords & mostly to trick recipient to approve commercial transaction. Companies across the globe lost more than $1 billion from October 2013 through June 2015
SPF & SenderID , DKIM ,DMARC & rDNS are technologies used to correctly identify Spoofed correctly.
If a mail or set of mails are infected with suspected virus, trojans or other malicious ones, they are sent to the Quarantine from Logix Mail Server and only clean mails get delivered. In the whole process, mails are not getting stored or read anywhere with Logix; they are just getting checked for various potential threats. Being a spam filtering provider Logix also guarantees real time protection against inbound as well as outbound security threats.
Outbound Mail Scanning
Spammers are using very innovative techniques to use customer’s network & Mail Server resource to carry out spamming activities. User systems infected with Botnets or Trojans can send out thousands of mails within seconds.
Weak password policy can also be one of the ways spammer exploits customer’s network. User activity like Mass Mailing Activity can result in IP & Domain blacklisting, resulting in your domain mails being blocked.
Our Cloud Email Security provides Outbound Scanning feature, where in mails send from your network are routed to our anti-spam / anti-virus gateways, scanned for Spam & Virus. Only Clean mails are delivered to the Internet.
If mails are found are detected by our Anti-spam engine as spam, automatically the IP or User (In case of Email Hosting) will get blocked. Administrator has to then clean up the infection or stop the mass mail activity and request for release of IP/ User account.
Benefits of Outbound Mail Scanning
1. Increases mail delivery, Eliminated possibility of mail getting bounced because of spam.
2. IP & Domain Reputation is maintained. Thus ensuring smooth mail flow.
Cloud Email ATP uses combination of various techniques to accurately identify spoofed email, The various techniques used are:
SPF & SenderID
Sender Policy Framework (SPF) is an email validation system, designed to prevent unwanted emails using a spoofing system. To check this common security problem, SPF going to verify the source IP of the email and compare it with a DNS txt record with a SPF content.Since it was derived from SPF, Sender ID can also validate the MAIL FROM. But it defines the new PRA identity to validate, and defines new sender policy record tags that specify whether a policy covers MAIL FROM (called MFROM by Sender ID), PRA, or both
DomainKeys Identified Mail (DKIM), is a method to associate the domain name and the email, allowing to a person or company assume the responsibility of the email.
Domain-based Message Authentication, Reporting & Conformance (DMARC) is a technical specification created by a group of organizations that want to help reduce the potential for email-based abuse by solving a couple of long-standing operational, deployment, and reporting issues related to email authentication protocols.DMARC standardizes how email receivers perform email authentication using the well-known SPF and DKIM mechanisms.
The reverse DNS (rDNS) resolution is a determination of the domain name that is associated to an IP. Some email companies like AOL, for example, will reject any email that doesn’t have a valid rDNS.
Boundary TLS Encryption
Email encryption allows organizations to protect sensitive messages and increase their compliance with privacy regulations. One common encryption method, known as opportunistic TLS, automatically tries to secure the path that messages take when they travel to recipient email systems. Since this type of encryption is completely transparent to users, organizations often utilize opportunistic TLS to comply with privacy and security regulations. Cloud Email ATP supports opportunistic TLS both for Inbound & Outbound email delivery.
Zero Hour Protection
A proven preventive solution, Cisco Virus Outbreak Filters™ provide a critical first layer of defense against new outbreaks hours before signatures used by traditional anti-virus solutions are in place. Real world results show an average lead time over reactive anti-virus solutions of 13 hours, along with an extremely high catch rate and near zero misclassifications. Integrated into Cisco’s email security appliances, outbreak filters perform a threat assessment of inbound and outbound messages, and quarantine suspicious messages temporarily.
Advance Malware Protection
Cloud Email ATP now includes Cisco Advanced Malware Protection. Featuring file reputation scoring and blocking, static and dynamic file analysis (sandboxing), and file retrospection for the continuous analysis of threats, even after they have traversed the email gateway. Users can block more attacks, track suspicious files, mitigate the scope of an outbreak, and remediate quickly.
How is Logix Cloud Email ATP different from Logix Cloud Email security, the following table will give an insight:
||Cloud Email Security
||Cloud Email Advance Threat Protection
||Spam mails Quarantined
||Mail Tagged as [ Virus Infected ] and quarantined with attachment
|Potential Dangerous Attachment
||Attachment is stripped & Mail is quarantined
||Inbound & Outbound
||Mail identified as spoof mail is tagged as [ Possibly Spoofed ] and delivered after 1 hour
||Malware infected mail is quarantined with attachment
|Zero Hour Protection
||Infected mail is quarantined with attachment