Intelligent CIO Europe Issue 30 | Page 78

TALKING business ‘‘ ////////////////////////// Here’s why it works. Traditional security tools work by analysing emails in isolation, measuring them against static blacklists of ‘known bads’. By way of analogy, the gateway tool here is acting like a security guard standing at the perimeter of an organisation’s physical premises, asking every individual who enters: ‘Are you malicious?’ The binary answer to this sole question is extracted by looking at some metadata around the email, including the sender’s IP, their email address domain and any embedded links or attachments. They analyse this data in a vacuum, and at face value, with no consideration towards the “ AS EMAIL THREATS GET EVER MORE SOPHISTICATED, THE ‘INNOCENT UNTIL PROVEN GUILTY APPROACH’ IS NOT ENOUGH. relationship between that data, the recipient and the rest of the business. They run reputation checks, asking ‘have I seen this IP or domain before?’ Crucially, if the answer is no, they let them straight through. To spell that out, if the domain is brand new, it won’t have a reputation and as these traditional tools have a limited ability to identify potential harmful elements via any other means, they have no choice but to let them in by default. For a comprehensive ch want to ask: does the do previous relationship wi The organisation as a w look suspiciously visuall domains? Is this the firs an inbound email from anybody in the organisa a link with this domain? visited this link? Legacy tools are blatant questions, to which atta answers. And usually, th inattentive security guar few pennies for new dom How to buy your wa Let’s look at the situatio perspective. They just ne land and it could be keys an upfront purchase of a domains will almost inev they’d pay the price as l and they’re profiting. This is exactly what atta Newly-registered doma get through gateways u traditional tools are arm information to determin are bad, by which point even millions of emails successfully delivered. As soon as the attack in worn out, the attackers very easily just purchase set of domains. And so, the vicious cycle a game of ‘whack-a-mo ‘solutions’ will continue on recognised ‘bad’ em more malicious domains These methods barely scratch the surface of a much wider range of characteristics that a malicious email might contain. And as email threats get ever more sophisticated, the ‘innocent until proven guilty approach’ is not enough. 40 INTELLIGENTCIO