Cyber Security Weekly Podcast

Cyber Security Weekly Podcast

Episode 184 - Mimecast's Email Security 3.0 approach and Quarterly Threat Intel Report findings

January 13, 2020

Interview with Garrett O'Hara, Principal Consultant with Mimecast discussing the recent acquisition of SegaSec and Mimecast's Email Security 3.0 approach.

We also dive into the Mimecast Quarterly Threat Intelligence Report: Risk and Resilience Insights, where researchers analysed global attack activity from July to September and uncovered a mixture of simple, low effort and low-cost attacks targeting Mimecast customers. At the same time, the data highlights complex, targeted campaigns leveraging a variety of vectors and lasting several days. These sophisticated attacks are likely carried out by organized and determined threat actors, employing obfuscation, layering, exploits, and encryption to evade detection. This research will explore these themes through the lens of the four main categories of attack types discovered in the quarter: spam, impersonation, opportunistic, and targeted.

Mimecast has set out the future of email security comprises into three distinct zones, alongside an API-led approach, that organisations need to recognise:

Zone 1 – Perimeter

The email security perimeter is focused on keeping users and data safe by protecting email against spam and viruses, malware and impersonation attempts, and data leaks. Organisations need global visibility that offers rapid detection of sophisticated threats to protect their entire customer, partner and vendor ecosystem.

Zone 2 – Inside the Perimeter

Compromised users whose accounts are being taken advantage of, lateral movement using credential harvesting links, social engineering and employee errors are threats and risks that manifest inside the perimeter. Organisations should combine security inspections of internal and outbound email traffic with capabilities to build a stronger human firewall through dynamic user awareness training and testing programs. They also need rapid remediation capabilities to extract threats and shut down access to compromised accounts. This will help to ensure that an organisation’s internal network, made up of people and machines, is robust and capable of defending itself when attacks occur.

Zone 3 – Beyond the Email Perimeter – Pervasiveness

Organisations need the ability to protect their brands and domains from being explicitly spoofed or hijacked to defraud customers and partners. This requires the ability to implement DMARC efficiently as well as to hunt for and take action against threats where attackers present themselves fraudulently to an organisations customers or partners using deception and impersonation.

Beyond the Zones: API-driven Security Ecosystem Integration

To move from perimeter to pervasive email security requires an extensible architecture that allows organisations to fully integrate the value of the telemetry and intelligence gathered through observing email attacks with their existing technologies such as SOARs, SIEMs, endpoints, firewalls and broader threat intelligence platforms. An API-driven approach further helps deliver pervasive security throughout all zones. This allows organisations to make their teams and other security investments even more effective.

Recorded in Sydney, January 9, 2020. Interview organised courtesy of Espresso Communications.