Posted on

Warning: Your Email Gateway May Not Be as Secure as You Think

Hackers know today’s businesses run on email, and they spend a good deal of time figuring out ways to craft messages to sneak past your defenses. In the past, this may have meant blanketing several target companies with the same malware-laced mass email in the hopes of getting one or two through. But today’s email gateways are designed to recognize and stop such generic attacks pretty readily.

To up the ante, attackers have turned to custom-tailoring malware to appear as harmless, business-as-usual missives that can skip past signature- and rules-based defenses like antivirus and email gateways. They launch attacks in a variety of shapes and forms including:

  • Zero-day malware: If an attack is new and has no signature, signature-based AV can’t pick it up.
  • Low-volume: Spam filters designed to recognize and block mass, generic attacks have trouble picking up one-offs or low-volume attacks tailored to seem innocuous.
  • Clean sources: If an attack originates from a newly created or spoofed email address or IP address with a clean history, few sender reputation filters will pick it out and block it.
  • Malicious attachments: Attackers realize that email gateways can easily be set to block unusual or risky attachment types like .EXE or .LNK. Newer attacks use common document types like .DOC, .PDF or .PPT attachments, which are less likely to be blocked.
  • Masked URLs: Many URL filters will miss attacks when the malicious URL or macro is hidden in a PDF or Word document. Similarly, attackers know they can evade web scanners by sending harmless URLs but then placing malicious code behind the URL later, after it gets past the gateway.

Luckily, some secure email gateways such as Fortinet’s FortiMail are leveraging advanced techniques to thwart these custom attacks. They focus on:

  • Validating the sender: Techniques like Sender Protection Framework (SPF), Domain Keys Identified Mail (DKIM) or Domain-based Message Authentication Reporting and Conformance (DMARC) can be used to validate a sender’s identity and protect against spoofed emails.
  • Deep analysis: Using sandboxes, some gateways can extract and detonate all elements of an email attachment and safely analyze them for malicious behavior, uncovering hidden macros and executables and stripping them out prior to delivery.
  • URL redirection: Forcing URLs to be rewritten and sent through a cloud-based web gateway whenever they are clicked ensures that all URLs are scanned every time, all the time.

Security Can’t Be At The Expense Of Performance

Unfortunately, these advanced techniques can sometimes sap performance, especially in large organizations with multiple email gateways. To counter this, our partner Fortinet offers a unique approach. It involves combining the capabilities of the FortiMail gateway to recognize and block even the most sophisticated attacks with the unparalleled protection of Fortinet’s FortiADC application delivery controllers. FortiADC’s high-performance load balancing and advanced health checks ensure optimal user experience and uptime, even when multiple FortiMail appliances are in use.

As a value-added distributor for Fortinet, Fine Tec can help ensure your email gateway defenses are both bulletproof and scalable. Learn more.