The CEO of Mimecast, Peter Bauer has outlined his company’s vision for the future of email security at the North American Cyber Resilience Summit in Dallas, Texas. Today, organizations are required to think bigger and create proactive cyber resilience postures that address the threats at the email perimeter, inside the email network, and also beyond their purview, to eliminate the threats that abuse the trust in their brands out in the wild.
Organizations must also leverage the vast telemetry and threat intelligence that can be gathered at the attack surface of their email systems to make their teams and their other security investments smarter and more effective — this what Bauer referred to as advancing from perimeter email security to pervasive email security.
Bauer further explained that the future of email security is comprised of three distinct zones, alongside an API-led approach, that organizations need to recognize:
Zone 1 – Perimeter
The email security perimeter is focused on keeping users and data safe by protecting email against spam and viruses, malware and impersonation attempts, and data leaks. Organizations need global visibility that offers rapid detection of sophisticated threats to protect their entire customer, partner and vendor ecosystem.
Zone 2 – Inside the Perimeter
Compromised users whose accounts are being taken advantage of, lateral movement using credential harvesting links, social engineering and employee errors are threats and risks that manifest inside the perimeter. Organizations should combine security inspections of internal and outbound email traffic with capabilities to build a stronger human firewall through dynamic user awareness training and testing programs. They also need rapid remediation capabilities to extract threats and shut down access to compromised accounts. This will help to ensure that an organization’s internal network, made up of people and machines, is robust and capable of defending itself when attacks occur.
Zone 3 – Beyond the Email Perimeter – Pervasiveness
Organizations need the ability to protect their brands and domains from being explicitly spoofed or hijacked to defraud customers and partners. This requires the ability to implement DMARC efficiently as well as to hunt for and take action against threats where attackers present themselves fraudulently to an organizations customers or partners using deception and impersonation.
Beyond the Zones: API-driven Security Ecosystem Integration
To move from perimeter to pervasive email security requires an extensible architecture that allows organizations to fully integrate the value of the telemetry and intelligence gathered through observing email attacks with their existing technologies such as SOARs, SIEMs, endpoints, firewalls and broader threat intelligence platforms. An API-driven approach further helps deliver pervasive security throughout all zones. This allows organizations to make their teams and other security investments even more effective.
“The expanded attack surface, the proliferation of security vendors and the monetization of attacks have all increased the complexity of an organization’s security infrastructure. When you consider the cyber security skills gap that most organizations face today, the threat of business disruption due to a cyber incident is certainly on the rise,” said Bauer.
“Addressing complexity is as much of a priority as increasing security. Adding new solutions to your security stack to help thwart new attacks may be counter-intuitive if those solutions don’t connect with each other. There’s power in platform-based solutions that can give organizations the visibility they need to help reduce risk and build a stronger proactive cyber resilience posture,” added Bauer.