Why Secure Email Gateways Miss Phishing Emails

Jane Wasson |@Area1Security| Area 1 Security

Phishing continues to be the number one threat vector for data and financial breaches — and the most effective tool in a hacker’s toolbox. In fact, 95 percent of cyberattacks start with phishing.

Businesses invest heavily in secure email gateways (SEGs) to protect them from email threats.

Although SEGs have long reported 99.99 percent effectiveness against spam, phishing attacks keep evading detection. In a recent survey, 76 percent of infosec professionals indicate their organizations experienced phishing attacks in 2017.

Why? SEGs optimize for spam detection, but spam is a different beast than phishing.

With spam, attackers target many victims and send out large volumes of similar, nuisance messages, creating a productivity sink. Even if very few of these emails get through to victims, the attacker can still succeed. To protect from attacks, spam filters rely on collection and analysis of large volumes of threat samples from active campaigns. Data extracted from the samples identifies malicious domains, IPs, and malware and is then used to create signatures and threat intelligence optimized for large-scale bulk email detection.

Phishing Attacks Are Different

With phishing campaigns, however, attackers use social engineering to personalize emails and lure victims to click a link or download a file. Another popular phishing technique is business email compromise (BEC). In this case, the victim is urged to respond to a request for information, or to take an action such as transferring funds, leading to data and financial loss.

These phishing attacks are typically low in volume; campaigns often launch and then shut down within hours. Because spam filter defense strategies rely on threat data from analysis of active attacks and large quantities of threat samples, SEGs fail to detect phishing.

To close the phishing gap, spam filters have added advanced threat protection features: sandboxing of suspicious files and time-of-click link analysis are intended to help detect threats missed by reputation- and signature-based defenses. Nevertheless, phishing attacks continue to evade detection. For example, the Financial Services Information Sharing and Analysis Center (FS-ISAC), an industry forum for sharing data about critical cybersecurity threats facing the banking and finance industries, recently reported that a successful phishing attack on one of its employees was used to launch additional phishing attacks against FS-ISAC members. In this case, the FS-ISAC’s Microsoft Office 365 and Proofpoint email threat defenses missed the phish email and the attack succeeded.

Early Detection of Phishing Campaigns

Organizations urgently need a new approach to detect phishing campaigns. Waiting until after a campaign launches to start collecting and analyzing threat data is too late to defend against phishing campaigns. Protecting an organization from attacks calls for earlier insight into phishing sites and campaigns.

Fortunately, advances in computer processing, artificial intelligence, and machine learning now make possible proactive new methods of hunting and identifying malicious phishing sites and infrastructure before campaigns launch.

Area 1 Security pioneered early detection of phishing campaigns. Using high-speed web crawlers and network sensors, the Area 1 Horizon™ anti-phishing service gathers in-depth threat actor information and critical attack data across 150+ parameters. The technology collects, tracks, monitors, and parses live data from email, web, and network streams. Detailed, real-time visibility reveals crucial information, such as who the actors are, and how and when they deliver their attacks. This exposes early, accurate threat information, enabling Area 1 Security to defeat the attack.

Adding Area 1 Security anti-phishing service to your security infrastructure reduces risk by closing the phishing security gap that other technologies miss.

Learn more about effectively shutting down phishing:

• How phishing attacks evade secure email gateways
• The breakthroughs that fortify defenses and stop phishing attacks
• How to augment existing spam filters to stop phish
• How early insight into phishing campaigns effectively protects a Fortune 500 business from attacks

Watch the webinar “Why Secure Email Gateways Miss Phishing Emails.”