BI.ZONE CESP
Cloud Email Security & Protection
BI.ZONE CESP protects organizations of all sizes from phishing, malware, and spam
The service secures your employees from malicious attachments and unwanted advertisements and protects your mail server from overload through bot mitigation
BI.ZONE CESP spots attempts to use your corporate email address for sending out phishing or spam messages and prevents reputational damage
You can control the sharing of sensitive information thanks to the outgoing traffic screening mechanisms, such as the detection of company seals in images
You can prevent message loss: BI.ZONE CESP stores the incoming messages while your server is down and delivers them later
BI.ZONE CESP continuously analyzes the entire email traffic without slowing down business processes and with minimum false positives
Binding with the platform for countering social engineering attacks helps to identify and additionally protect the most vulnerable employees and improve the organizational cyber culture
The solution combats advanced threats by leveraging over 600 defense mechanisms, from antivirus engines and our own threat intelligence to individual profiling and machine learning
BI.ZONE CESP takes care of security management, supports geographically distributed infrastructures, and enriches the filtering mechanisms with threat intelligence data to save up to 20% in email security costs
You can connect the service in as little as 1 day
How it works
Personal account
Try it out
-
We will arrange a demo meeting and answer your questions
-
We will help you throughout the 30‑day trial period
You might also need
Publications
|
New BI.ZONE CESP protects against quishing, takes into account employee cyber awareness levels
April 26, 2024
|
Read | |
|
BI.ZONE CESP enables customized protection of corporate email
August 7, 2023
|
Read | |
|
BI.ZONE CESP swiftly responds to protect Outlook users against CVE‑2023‑23397
April 6, 2023
|
Read | |
|
BI.ZONE CESP reinforced to improve email protection
October 24, 2022
|
Read |
Email is the most popular attack vector, so protecting it is an essential aspect of any security strategy. The number of attacks is growing with each year, which means that the risk of breaching sensitive data is also increasing. That is why choosing effective defense systems is so important for a company’s security.
You need to set complex passwords for email accounts and use encryption algorithms. Both can be implemented in different ways, such as using programs, plug-ins, or applications that automatically create keys and encrypt transmitted data. However, this may not be enough. Adversaries go far beyond hacking email accounts or intercepting correspondence. They often use social engineering techniques to trick the victim into sharing the information they need. Therefore, it is better to make sure that dangerous messages do not reach their targets. Specialized services address this security issue. They filter traffic so that nothing suspicious gets into your inbox.
1. Spam
This threat includes any unsolicited messages with questionable or promotional content. Spam does not involve fraud and does not contain malware attachments that can encrypt data or steal passwords. Nevertheless, spam can be very intrusive and distracting, making it difficult to find the information you need.
2. Flooding
Email flooding is the sending of an overwhelming number of emails to a target address or domain. These emails are often meaningless and may contain random sets of words or characters. The sheer purpose of email flooding is to overload the recipient’s inbox and make it unusable.
3. Malware
A malware program may look like a regular attachment but is in fact dangerous. Such programs help attackers access the victim’s computer remotely, compromise personal data, and disrupt business operations. Malware attachments are masked in many different ways: a malicious file may have a PDF icon or a seemingly harmless extension (.pif, .vba, .cmd, .ps1, .doc, .xls, .jar, .pdf, .zip), etc.
4. Spoofing
This involves cybercriminals faking emails from legitimate senders. Adversaries impersonate a credible source to gain the user’s trust and access their information.
5. Server compromise
This attack implies the use of exploits. These are special programs (code fragments or command sequences) that enable adversaries to exploit vulnerabilities in the endpoint software. The goal is to gain control of the system and perform various illegitimate actions (i.e., steal data or change user rights and privileges).
6. Business email compromise, BEC
BEC is a form of phishing attack where a criminal uses email to gain the victim’s trust and persuade them to perform illegitimate actions.
Different threats require different approaches.
Spam, flooding. Configure security settings of your mail server and in the domain zone / DNS server: DKIM, DMARC, ARC, SPF, PTR, RBL, whitelisting/blacklisting/graylisting.
BEC, spoofing. Develop software add‑ons for sender profiling and email behavior analysis. To better detect spoofing, you also need add‑ons for signature analysis.
Malware. Install antivirus software on endpoints.
Server compromise. Configure the firewall’s security policy for incoming network packets and regularly update server/user software.
No matter what threat you encounter, we recommend using a dedicated email security solution. Raising cyber awareness of your employees and training them is also important.
Special attention should be paid to such forms of phishing as BEC and spoofing. The success of such attacks depends on the actions of employees; that is, on the human factor which causes 95% of cybersecurity issues
Phishing refers to a group of cyberattacks where adversaries employ social engineering techniques to present scam messages as legitimate ones to win the recipient’s trust. This group includes BEC, spoofing, vishing, and other types of cyber threats. The overall goal is to trick the victim into performing actions that will result in a sensitive data breach, such as the revealing of corporate passwords or payment card details.
Initially, phishing implied emails with malicious attachments or links to fraudulent websites. Over time, the term has evolved to include other methods and their combinations:
- fraudulent text messages (SMS phishing or smishing)
- posts in instant messengers and social networks
- fake websites and internet advertising
- phone calls (voice phishing or vishing)
In the course of a cyberattack, adversaries manipulate people, appeal to their emotions, and abuse their trust. Here are examples of scenarios based on the exploitation of emotions:
- Fear. An incoming message says that the data on the user’s computer will be destroyed. All it takes to prevent the deletion is to click a link.
- Negligence. Recipients fail to notice a typo in the sender’s domain:
gmail.con,yadnex.ru. - Greed. The attached coupon offers a 55% discount applicable only in the next 15 minutes.
- Frustration. Users are forced to click a link to unsubscribe from annoying newsletters.
- Willingness to help. An employee receives a message, “Your colleague made a mistake in the report. He must fix it ASAP. Do you happen to know his phone number?”
- Credibility, urgency. A purported tax authority demands an immediate payment of a fine.
Although numerous in variety, all phishing attacks involve deceiving people for financial or other gains. Let us take a closer look at several types of phishing.
Spearphishing
Targeted phishing attacks focus on a specific person or organization to make them reveal sensitive information. To reach their goals, adversaries may create personalized content. This requires more time and effort than a standard phishing attack, as criminals have to collect the necessary information first to create a sense of familiarity with their victims. Such information may include names and job titles of specific employees, their email addresses, etc.
For example, an employee responsible for payment authorization may receive a seemingly legitimate message from the company CEO with instructions to pay a large sum of money to a supplier. The message may contain a link to a fake payment system from which the funds will be transferred to the scammers’ account.
419 fraud, or the Nigerian letter scam
This type of scam first emerged in Nigeria in the pre‑internet 1980s. A typical victim would receive a letter from a foreign sender asking for assistance in getting a large sum of money. For whatever reason, the sender is unable to receive the money on their own, therefore is asking for help in exchange for a hefty fee. In this scheme, the criminals get hold of the victim’s funds in one of the two ways:
- ask the victim to provide their banking account details and promise to credit funds to this account if the victim first pays a surcharge
- convince the victim to grant access to their banking account
One of the most well‑known examples is a message sent on behalf of a Nigerian prince or another high‑ranking person asking for urgent assistance in getting several million dollars out of Nigeria.
Such phishing attacks are also known as “419 fraud,” with the number referring to an article of the Nigerian criminal code.
Phone phishing
Includes vishing (voice phishing) and smishing (sms phishing), which employ fraudulent phone calls and text messages, respectively.
Adversaries may additionally use phone phishing and boost the effectiveness of targeted attacks by combining emails with calls and SMS.
A typical example of vishing: a scammer introduces himself as a police officer, a tax official, or a bank security officer and starts intimidating the victim. For instance, they say that the victim’s banking account has been blocked or suspended due to a court ruling that needs to be appealed right away. After that, the scammer tries to persuade the victim to reveal passport and banking details or provides the account number to which the victim should pay the fine.
When it comes to phishing, the size of an organization and its resilience to cyber threats are of little importance. Phishers achieve their goals through social engineering rather than trying to find a breach in the perimeter. A company can implement a variety of defense measures—security tools, VPN, two‑factor authentication—and still fall victim to phishing. Strong passwords and antivirus programs are not enough—it is important to take care of security at all levels.
An example of how devastating a phishing attack can be is the 2019 case of the Norwegian aluminum giant Norsk Hydro. It all started with a company employee unknowingly opening an infected email with a ransomware attachment. The message was sent from a real Norsk Hydro customer and signed with a trusted certificate. Several months later the criminals unleashed a full‑scale attack, which, according to the company’s earnings report, cost Norsk Hydro an estimated 70 million dollars in losses
Such situations prove that organizations need to consider risks, use all opportunities to strengthen security, and resist phishing both inside and outside the perimeter.
The service can protect your inbox from a range of threats.
1. Bot activity
Scammers can use bots for different purposes. One scenario is the exhaustion of a mail server’s resources so that the server stops receiving messages.
BI.ZONE CESP checks the correctness of an SMTP dialog using regular expressions and supports graylisting to filter out emails sent by bots.
2. Spamming and flooding
Employees receive unwanted content that floods their inboxes and hinders business communications.
BI.ZONE CESP recognizes spam mailings by analyzing the subject and body of emails based on public reputation lists and its own linguistic self-learning model. As a result, the service filters unwanted messages before they even reach the mail server.
3. Malicious attachments
A single launch of a malicious program may affect an entire IT infrastructure: the malware can spread throughout the corporate network, encrypt data, compromise accounts, etc.
BI.ZONE CESP prevents such programs from reaching your device by using several antivirus engines and the BI.ZONE Threat Intelligence portal.
4. Server compromise
It allows mail server vulnerabilities to be exploited for illegitimate activities, such as remotely executing commands to steal data or change a user’s access level.
Our experts keep up with news about vulnerabilities in mail server software. If exploiting a vulnerability requires the manipulation of email traffic, our team quickly creates security rules. This will help you maintain security until a software upgrade.
5. Embedding of phishing links
Clicking such a link often results in compromised credentials.
BI.ZONE CESP blocks emails with phishing links. To achieve this, the service does the following:
- generates a statistical model of the sender’s reputation
- examines the HTML markup of the email for hidden text, images, URL and CSS links
- recognizes QR codes
- uses FQDN/URL/IPv4 indicators from the BI.ZONE Threat Intelligence database
6. Spoofing
Adversaries may fake a credible source and take advantage of the user’s trust: obtain passwords to authorize in the corporate network, change security settings, and access sensitive information.
BI.ZONE CESP can detect if the sender is spoofed by applying a number of email authentication methods, such as SPF, DKIM, DMARC, and others. The service also recognizes Unicode spoofing, and typosquatting, when attackers deliberately misspell legitimate web addresses.
7. Business email compromise (BEC)
In BEC attacks, scammers do not just mimic someone else’s email account, they hack it and use it to send messages. For example, a request to transfer a payment to a new account may come from the email address of a trusted contractor.
BI.ZONE CESP prevents BEC attacks with a combination of checks. It targets different types of threats and includes, for example, ML‑based linguistic analysis, as well as statistical and behavioral models, such as individual profiling.
The service also uses these mechanisms to check outgoing email messages for phishing or spam. This helps to identify a compromised account and prevent malicious mailings from being sent on behalf of the protected company.
8. Data leaks
Through emails, trade secrets or personal data can fall into the wrong hands. This is not always due to malicious intent. It can also be a matter of ignorance toward security policies.
BI.ZONE CESP allows you to set up individual rules for checking outgoing mail to avoid leaks. For example, thanks to the use of machine vision technologies, you can enable searching for blue company seals in email attachments.
As part of the deployment process, we customize BI.ZONE CESP to your infrastructure: the load on our servers will depend on the number of your email accounts. Customization is necessary to ensure that traffic balancing is even and all requests are processed.
Once the customization is complete, your email traffic is redirected to BI.ZONE CESP. This is where our team steps in to manage a continuous process that includes:
- detecting and quarantining illegitimate messages
- analyzing them
- adjusting detection mechanisms
- creating new monitoring rules
All the filtering mechanisms that analyze the email traffic are based on machine learning. Therefore, for the first few days, they might recognize some legitimate emails as malicious and quarantine them, until the detection capabilities are trained. Safe messages can be removed from the quarantine by your BI.ZONE CESP administrators: there is a dedicated button in the personal account. This way, the ML mechanisms will adjust to avoid such false positives in the future.
We have 24/7 technical support that constantly monitors the BI.ZONE CESP performance. At any time, you can report an incident, express your concerns, or request a consultation.
BI.ZONE CESP is already integrated with the BI.ZONE Threat Intelligence portal to receive the latest cyber threat data. The portal aggregates information about potential security threats from both internal and external sources (BI.ZONE and its partners). BI.ZONE CESP leverages this intelligence to assign each message a spam rating, an indicator of how likely a particular message is spam.
The BI.ZONE Threat Intelligence portal collects information about artifacts that have been seen in malicious activity. BI.ZONE‑CERT (computer emergency response team) manages and validates this data. Thus, artifacts discovered by BI.ZONE-CERT during its research work enrich the threat database shared with BI.ZONE CESP. When an email with similar artifacts comes to the server, this message will be quarantined immediately.
Yes, BI.ZONE CESP works with servers that use encryption for email traffic. You should always use an encrypted connection, otherwise outsiders can intercept your traffic and gain access to confidential information.
An SSL/TLS connection is established between the sender’s mail server and the BI.ZONE CESP filtering nodes. Only then your email is transferred: the filtering nodes analyze it and securely deliver it to your server.
Yes, if your mail server supports the STARTTLS technology. The BI.ZONE CESP filtering nodes must use an encrypted connection to deliver filtered and legitimate email. This makes it possible to protect messages from interception. Adversaries can only recognize the type of encryption or the approximate amount of data, but will not be able to see the content.
No, we do not support this technology. We filter traffic between mail servers and do not install any software on user devices. Therefore, we cannot check messages protected by S/MIME, a standard for public key encryption and signing.
Yes, BI.ZONE CESP supports this feature: it allows you to establish connections between mail servers which have to use encryption.
The SECaaS model allows you to get comprehensive email protection without allocating your own specialists and computing resources. All the work is done by the BI.ZONE team: we provide the infrastructure and equipment, ensure service availability and resilience.