Targeted attacks are among the biggest threats facing organizations today. A perfect storm has formed. The combination of globally-distributed, creative, and agile cyber criminals; advanced attack toolkits, infrastructure and expertise that is readily available online; and traditional security defences that are not tooled to detect threats they have never seen have pushed the risk of attack up to DEFCON One. High profile attacks such as the massive breach of retailer Target and department store Neiman Marcus recently served to remind IT and business leaders of the dangers.
As an extension of this problem, according to research by Trend Labs, 91% of targeted attacks commence with using email as a point of entry. Further, recent research by Ponemon states 78% of targeted email attacks utilize malware that has been embedded within an attachment. Given these points, clearly attackers perceive email to be a path of least resistance to evade existing security defences and to breach your network.
The cost to firms of failing to adequately address the risk of becoming prey to a targeted email attack isn’t merely one of reimaging a few desktops and being wiser for the experience. In contrast, some of the potential impacts can include litigation by customers, suppliers and/or shareholders, financial penalties, loss of revenue , and diminished brand value. It’s no surprise then that a recent Ponemon study calculated the average cost of a single targeted attack to be a staggering $5.8 million, yet we have seen costs reported by EMC and Target to be ten times greater.
Establishing visibility into the unknown
The problem facing IT Security professionals is that current email security gateways are blind to advanced malware that is embedded within attachments and URLs within emails. The fact is that they are ill-equipped to address the problem.
The rationale being, targeted attacks typically arrive in the form of a researched and relevant email that includes a malicious email attachment or URL that forms content which recipients are enticed to open. They are mislead to believe the source and content of the email is valid and therein are tricked into unwittingly initiating the installation of advanced malware on their desktop or laptop, and thereby providing attackers with an initial beachhead onto a network. From this point on, attackers might be lifting sensitive customer data, trade secrets, or valuable IP.
The key for organizations is to deprive attackers of what they perceive as a fool-proof method of breaching your corporate network by removing corporate email as an entry point
If it walks and talks like a duck…. Identifying Targeted Email Attacks
In today’s resource and budget-constrained environments, solving problems is all about creating leverage by enhancing existing investments. Security should be no different. With this in mind, Trend Micro has built an on-premise purpose-built solution to address the problem of targeted email attacks by enhancing existing email security gateways. Comprised of a single, purpose-built appliance, the Deep Discovery Email Inspector integrates seamlessly with your existing email infrastructure. No policy, management or configuration changes are required to your existing email gateways or third-party security tools. Based on research by Trend Labs and their insight into targeted attacks and attacker behaviour, the range of bespoke algorithms and specialized detection methodologies is utilized to detect and block targeted email attacks containing suspicious URLs or email attachments that embed advanced malware.
Here’s what else the Stop Targeted Email Attacks solution can do:
- Email reputation analysis: leverages Trend Micro’s cloud-based Smart Protection Network to stop known suspect email sources, URLs and files.
- Document exploit detection: uses sandboxing techniques to spot malware hidden in common docs and file formats.
- Email attachments:multiple detection engines and sandboxing to analyse a wide range of attachment types.
- Single-appliance solution: means low total cost of ownership.
- Password derivation: decryption of encrypted files and ZIP files using a variety of heuristics and customer-supplied keywords.
- Easy to manage/deploy:solution can be deployed in tandem with an existing email gateway and function in in MTA (blocking) or BCC (monitor) mode.
- Custom sandboxing: analysis environments match enterprise desktop configurations for most accurate results.
At Trend Micro, we know that the most vulnerable part of any corporate security system is usually your staff. That’s why with the Stop Targeted Email Attacks solution, IT managers can rest assured that even if their employees are tricked by sophisticated attackers, advanced Trend Micro technology will not be.