TALKING
business
‘‘
//////////////////////////
Here’s why it works. Traditional security
tools work by analysing emails in isolation,
measuring them against static blacklists
of ‘known bads’. By way of analogy, the
gateway tool here is acting like a security
guard standing at the perimeter of an
organisation’s physical premises, asking
every individual who enters: ‘Are
you malicious?’
The binary answer to this sole question is
extracted by looking at some metadata
around the email, including the sender’s
IP, their email address domain and any
embedded links or attachments. They
analyse this data in a vacuum, and at face
value, with no consideration towards the
“
AS EMAIL
THREATS GET
EVER MORE
SOPHISTICATED,
THE ‘INNOCENT
UNTIL PROVEN
GUILTY
APPROACH’ IS
NOT ENOUGH.
relationship between that data, the recipient
and the rest of the business. They run
reputation checks, asking ‘have I seen this IP
or domain before?’ Crucially, if the answer is
no, they let them straight through.
To spell that out, if the domain is brand new,
it won’t have a reputation and as these
traditional tools have a limited ability to
identify potential harmful elements via any
other means, they have no choice but to let
them in by default.
For a comprehensive ch
want to ask: does the do
previous relationship wi
The organisation as a w
look suspiciously visuall
domains? Is this the firs
an inbound email from
anybody in the organisa
a link with this domain?
visited this link?
Legacy tools are blatant
questions, to which atta
answers. And usually, th
inattentive security guar
few pennies for new dom
How to buy your wa
Let’s look at the situatio
perspective. They just ne
land and it could be keys
an upfront purchase of a
domains will almost inev
they’d pay the price as l
and they’re profiting.
This is exactly what atta
Newly-registered doma
get through gateways u
traditional tools are arm
information to determin
are bad, by which point
even millions of emails
successfully delivered.
As soon as the attack in
worn out, the attackers
very easily just purchase
set of domains.
And so, the vicious cycle
a game of ‘whack-a-mo
‘solutions’ will continue
on recognised ‘bad’ em
more malicious domains
These methods barely scratch the surface of
a much wider range of characteristics that
a malicious email might contain. And as
email threats get ever more sophisticated,
the ‘innocent until proven guilty approach’
is not enough.
40 INTELLIGENTCIO