Why Defense In Depth approach is required for Email Security

Everyone’s life in today’s world starts with the use of e-mails. The fact is that a significant portion of cyber attacks these days originates through e-mail only, such as phishing emails carrying attachments and links. And with respect to privacy, misuse of e-mail carries the potential to disclose either the contents of your message, or give a spammer first hand information about you.

Today, e-mail is the primary means of business and personal communication for millions of people. Billions of messages are transmitted back and forth across the Internet on a daily basis. Unfortunately, according to the MessageLabs Intelligence 2005 Annual Security Report, almost 70 percent is unsolicited commercial e-mail, commonly referred to as spam, and 1 in every 36 e-mails contains a virus or malware of some sort.

So email used in a corporate organization needs to be given a multi-layer of security. Why is a single layer protection not enough? Here you go with my justifications:

  • Mere Anti-Virus engines may not be able to handle modern day cyberattacks because they use new or highly obfuscated malware, for which no signature exists.
  • Spam filters may not be able to handle modern day cyberattacks because they are one off, low volume, or they have few suspicious traits to analyze.
  • Reputation filters often miss attacks that may come from newly created or spoofed email addresses, or from IP addresses with no “bad” history.
  • Policy rules that block all unusual and risky email attachment types (such as .EXE and .LNK) cannot be used on the malicious .DOC, .PDF,.XLS, and .PPT files favored by targeted cyber attacks, as these are common business documents.
  • URL filters may miss cyber attacks because the malicious URL is hidden inside a PDF file, or within macros hidden inside document files.
  • Web scanners are sometimes evaded by sending a harmless URL, but then placing malicious code behind the URL later after it has already passed the gateway.

This warrants a defense in depth approach for email security.

Browse

Article by channel:

Read more articles tagged: Featured, Hacking, Ransomware

Cyber Security