Way back in November, we wrote a blog post called Email Security 3.0 and in it, we gave a hypothetical example of what’s known as pervasive security whereby hackers spoof the email credentials of a well-known brand to launch an attack on a supply chain or client base.
The example we used was British Airways but substitute BA for any global brand and you get the picture:
Example 1: An attacker spoofs a British Airways email account (firstname.lastname@example.org) and sends an email to one of their freight forwarding companies which could take the form of a fraudulent invoice with the bank details requesting – or even demanding – payment.
Example 2: It could be a spoof email containing a link purporting to be a portal/site for booking freight slots (and asking for credit card payment at the same time).
The trouble facing [insert well-known brand here] in these hypothetical examples is that both are outside the control of traditional internal IT departments so they become very hard – almost impossible in many cases – to police effectively.
So How Can They Be Effectively Policed?
Mimecast, as always, has the answer.
This week they announced the acquisition of Segasec, a cybersecurity start-up founded in 2017 who specialise in digital threat protection and ‘preventing hackers from exploiting company brands and online assets through fake websites and domains, aiming to fraudulently harvest credentials from customers, employees and organisations.’
Says Mimecast CEO Peter Bauer, ‘Every brand is vulnerable to attacks that abuse and threaten the trust that employees, customers, partners and 3rd party vendors have placed in them’ and ‘Segasec will allow our customers to take a proactive approach to identifying – and even potentially preventing – attacks that imitate their brands using domains they don’t own, while also offering the visibility required to understand how their brands are being misused for malicious intent.’
These well-known brands are now being used, via very sophisticated techniques, as bait to target customers and supply chains. Segasec’s technology provides brand exploit protection that uses machine learning to identify potential hackers at the very earliest stages of an attack and it is also engineered to provide a way to actively monitor, manage, block and take down phishing scams or impersonation attempts.
Building on Mimecast’s Email Security 3.0 approach, the newly-acquired tech helps clients to protect their businesses across three key zones:
Zone 1: defending against security threats trying to penetrate the organisational perimeter
Zone 2: for vulnerabilities and threats that exist inside the perimeter
Zone 3: for attacks taking place outside the perimeter in the larger cybersphere
In, out, shake it all about. Alongside Mimecast’s already comprehensive security services, integrating Segasec enables clients to quickly block potentially malicious domains.
In addition, it has been designed specifically to monitor internet domains for malicious activity – both suspected and real – and continuously surfaces the riskiest ones. By using machine learning and running targeted scans that also have the innate ability to identify unknown attack patterns, the technology can help to uncover live attacks and also detect upcoming ones in their infancy which allows clients to prevent and block them altogether. The tech also offers quick takedown capabilities for active attacks and limits the use of stolen data.
CEO and co-founder of Segasec, Elad Schulman said ‘In today’s increasingly digital economy, we rely so heavily on websites and email to interact with businesses in both our professional and personal lives. As such, brand exploitation has been on the rise, as cybercriminals co-opt the brands we depend on and violate our trust.
The powerful combination of Mimecast and Segasec will help customers better protect their brands, customers and other external stakeholders, as well as their own employees.’
Contact us today on email@example.com or call 020 7078 0789 and we’ll talk cloud and email security, communications platforms, cutting-edge IT solutions or what’s better, having a clear-out and going on a post-Christmas diet or binge-eating every last mouthful of ‘Christmas’ food until it’s all gone…