CYBERSECURITY
Selecting Security Tools Part 1 - Email Security Solutions
Phillip Kittelson | 04 Mar 23 |
3 min read
|
This will be a three-part blog post about cybersecurity tools, and the factors you should consider when selecting tools to implement on your network.
Email use is a fact of life. Just about every platform you sign up for an account requires you to submit your email address. Your address becomes your username, your contact method, and so much more. Your organization surely uses email to communicate, whether you are using a business domain, or a private Gmail account. Attackers and scammers know this too. Email phishing ranks in the top three ways attackers gain access to your company network, and sadly, your defenses are only as strong as your weakest links: the classic people, processes, or technology.
People. Your users are often the weakest link in email security. Non-technical users click on links contained in malicious emails and attachments every day.
Processes. Do you have a process where you manually add an email address to a block list? This process is slow, cumbersome, and prone to human error.
Technology. Have you implemented email filtering and security solution? How well does that system work? Is it easy to you, on the front-end for your users, and the back end for your analyst?
Lets go over what I think are important considerations when you select an email security solution.
Main Features
Intelligence. Can your solution take advantage of open, and closed, source intelligence streams? Often trends arise from the attacker community, and having the ability to understand these trends from intelligence sources can boost the effectiveness of an email security tool.
Machine Learning. Machine learning (ML), or a type of artificial intelligence, has become the rage lately. There are strong, and weak, implementations of ML all over the place. Can your tool learn and adapt?
Automation. Are you leveraging automated processes? Or do you have to manually enter spam senders on a per-user basis? I have seen both.
Interoperability and Analyst Experience
Centralized Dashboards. Is your solution easy to use and navigate on the bend end? Does it have a centralized dashboard an analyst can perform all actions from?
Original Header Information. Does your solution offer the ability to review original email header information? Sadly, some phishing email reporting procedures require a user to send the email to a spam or phishing “inbox” where an analyst must manually review email messages. Non-technical users may just forward the email, preventing analysis of headers to identify IP addresses and domains sending malicious messages.
Identify Email Campaigns across IOCs. Can your solution correlate email campaigns? What if those campaigns are from different senders, and include different attachment names?
“Oops I did it again!” Does your solution have an “oops” button where actions can be reversed? Maybe you did not mean to block the email address from your company’s medical insurance provider.
Quarantine and Remediation. Doe your tool allow the option to quarantine suspected malicious email addresses, individually and in bulk, especially before Susan in Accounting clicks on that malicious invoice link?
Interoperability and User Experience
Yes, I said that right. Is this solution easy for your users to lean and adapt to? Does it require massive amounts of training, or is it intuitive? The number one rule when it comes to users: if it is not easy to use, they will not use it.
Does your email security tool easily integrate into your existing software solutions? Is it easy to find, in let’s say an Outlook Ribbon? Or will a user have to go hunting for the button?
Back... Tags: cybersecurity, security tools, email security, email filtering