Cloud email security solutions are the most cost-effective way to cut spam levels and address dangers posed by phishing, malware and ransomware.
With no hardware to buy and no software to download, cloud-based email security solutions are quick and easy to configure, straightforward to manage and inexpensive to operate – typically costing less than $10.00 per year per staff member.
However, not all cloud email security solutions are identical. With spam detection rates averaging around 97%, many solutions permit 3% of spam emails to pass through their filters undiscovered. With hackers becoming increasingly complex in how they carry out phishing and malware attacks, the likelihood is that 3% of spam emails that go undetected are more dangerous than the rest.
Spam detection rates differ depending on the mechanisms used by cloud-based email security solutions to filter emails and how they are applied. Most cloud email security solutions use URIBL and SUBRL filters that review the IP addresses of incoming emails against blacklists of known sources of spam. Many also have the option of applying recipient verification protocols and Sender Policy Frameworks in order to block emails addressed to non-existent mailboxes and spoofed emails.
Normally, cloud email security solutions also have some form of “machine learning” mechanism to set spam ratings for emails according to their content and construction, or how they are most frequently dealt with. These methods can go under various names such as “Bayesian Analysis”, “Neural Networks” or Adaptive Spam Filtering”. Administrators can change “acceptable spam thresholds” based on how well these techniques are recognizing spam emails and the number of genuine emails they block by mistake.
Manual intervention aside, the best spam detection rates are achieved by cloud-based email security solutions with a greylisting function. When turned on, this function prevents emails from unknown sources of spam passing through its filters by blocking every email and asking for them to be resent. Spammers´ mail servers, being too busy sharing out fresh spam, never respond to “resend” requests, and spam emails are never returned. This action can raise the spam detection rate beyond 99.9%. This mechanism is often used along with whitelists to ensure there are no delays to business-critical emails. With whitelisting in place, emails from trusted senders are not subjected to greylisting.
The majority of security-conscious businesses implement two-way cloud-based email security – scanning their inbound and outbound emails. The aim of outbound scanning is to identify email accounts that may have been compromised by hackers and to stop outbound emails being sent for distributing malware to business contacts and conducting phishing and company business email compromise attacks. Such emails can seriously damage the reputation of a business and could also lead to a business´s IP addresses being blacklisted – not only negatively affecting communications, but also any websites linked with the blacklisted domain.
Compromised email accounts are of particular value to hackers. Trusted accounts (i.e. corporate accounts with a good email history) can be used to share malware-infected spam emails to the business´s contacts more efficiently than trying to target each contact individually from a blacklisted IP address. For the business from which the spam emails are sent, the loss of credibility among its contacts can be just as damaging as if it had sustained a malware or ransomware attack itself.
Not all impacted outbound emails are due to the actions of a hacker. In some instances it could be possible that an employee has introduced malware into the network through an infected USB flash drive or by connecting their malware-infected mobile device to the business’s network.
Outbound scanning identifies strange patterns and malware in sent emails to ensure the business´s primary channel of communication remains open and so that its IP address is not blacklisted by mistake. Specific data types can also be tagged and outbound emails containing those data types will be prevented, as a form of data loss prevention.
Copyright © 2021 ComplianceHome