Our team is currently involved in a case at a university where IP addresses are continually being blacklisted by multiple security vendors, due to their email system being identified as a threat. This leaves us with two questions: what happened? Why did this happen? One possibility is that an employee working remotely clicked on something that turned out to be ransomware. Either that or the attackers discovered that the mail server can be used to send other messages in order to find other potential targets.
What does an attack look like? It is usually done using an e-mail and an attached file. One click and malicious code is loaded on the system. At this point, it is usually too late. But how can we prevent this? Visibility is the key. Using a postfix mail server as your mail gateway can give you a mail log, but it won’t protect you. And while there is some protection, most administrators don’t read log files all day.
Email Security – Here’s what the solution looks like.
In the above case, we had to find the cause of the problem and find out what precautions to take to prevent similar cases from happening again in the future. Our solution? We use a system that creates visibility. This helps us understand where emails come from and where they are going. If you combine that with the right protection, you are looking for a secure system.
This is exactly what Trend Micro’s Deep Discovery Email Inspector does. It uses innovative technologies such as sandboxing and whitelisting and blacklisting to recognize and divert spear-phishing emails that are used to trick students and teachers into activating dangerous and complex malware and ransomware. Every attachment to an email is subjected to virus testing and it is possible to check where these emails go and what exactly is allowed.
Protection against spear-phishing emails.
Email Inspector is integrated downstream of the email gateway. The solution recognizes and removes spear phishing emails that lead attacks through malicious email attachments and URLs and other complex and ransomware threats. This offers clear advantages for educational institutions, such as more comprehensive protection through transparency, extended recognition technology and high flexibility.
In addition, 99.3% of all attacks are carried out by email, whether in the public sector, in universities or schools, or in private companies. Opening a malicious email is not only stressful, but also time consuming and costly, which makes a good backup essential.
We have also recommended that our customers ensure that the subject of email security plays a role for employees, as this is essential in preparing them for future attacks. The decision was taken to regularly inform users of any suspicious activity and incident by mail.
Email Security – Where Did the Attack Come From?
If the attack is successful, the business needs to ask where the attack came from. How far do we have to row to make a clean system work again? The most important question, however, is how do I secure my systems again?
As a general rule, you should always stick to holistic approaches. In places where dual-vendor strategies were followed a few years ago, it may now be a good idea to unify communications and the exchange of product information.
Suppose, for example, that while scanning emails, a file containing malicious code was found. This information can be passed to the AV endpoint which will then search the systems for this file and remove all traces of it.
Interested in learning more about Trend Micro security solutions for the education industry? So please contact us.