All posts tagged Email Security

By on April 4, 2013

Rogue Access Points Make Prime-time with The Doctor

Clara Oswald

Doctor Who: Series 7 Part 2, The Bells of Saint John.

There’s something in the WiFi. You know you’ve made it as an actor and as a security issue when you appear on Doctor Who. If, like me, you tuned-in to (showing my age there, who “tunes-in” anymore?) the new series of Doctor Who last weekend, you may have chuckled at the use of WiFi networks as a medium for evil. Rogue Access Points that upload the soul of their users, leaving them trapped inside a Spoonhead, sorry server, somewhere in London’s Shard building. Kudos to the script writers for the plot, and for renaming servers, spoonheads – I’ll be in the spoonhead room.

“I don’t know where I am… I don’t know where I am…” is a cry most IT managers, administrators and help desk staff have heard in their time; usually from hapless users trying to find their way onto the network or perhaps around their desktop, rather than being trapped inside an evil WiFi network. That wasn’t lost on me, nor was the uploading of souls; something we might think Facebook has in their roadmap–or at least the curating of your own soul. The evil walking WiFi base stations, hoovering up data and people, did remind me of Google Street View cars that were caught hoovering up WiFi networks, but I’m sure that’s coincidental.

Now, while not all WiFi networks are this evil there are certainly many we should avoid. I’m still amazed to see the SSID “Free Public WiFi” whenever I’m on a train or at an airport; while not necessarily unsafe, it does indicate an old an unpatched version of Windows XP is running somewhere – which in itself is terrifying. Others are certainly more dangerous; there’s often a looky-likey network at conferences or near popular coffee shops, designed to trick you into joining and routing your traffic through them. This is just plain unsafe and even on open public networks you should always use a VPN or at least HTTPS connections. Firesheep was an excellent demonstration as to how vulnerable unencrypted web traffic is on open wireless networks.

As IT professionals we’re constantly reminding our users of the security risks associated with the unknown; like free or open WiFi networks as well as clicking links in email. Hopefully now Rogue Access Points have made it to prime-time this job will be a little easier.

I’m waiting to see if there is another episode of Doctor Who dedicated to Phishing emails, or perhaps password sniffing, but in the mean time I’m trying to work out how to change my SSID to that funky font used in Doctor Who.

Remember, if you’re looking for WiFi and sometimes you see something a bit like this, don’t click it.

Stay safe!

Add your comment (0)

CISSP, CCSK
Mimecast

Article Tags

, ,

By on January 28, 2013

Postini Exit: Time to Choose

If you’re a Google Postini customer, or even an observer of the market, you’ll be well aware that Google has brought the curtain down on its Postini email services. To paraphrase Google, it’s “transitioning Postini services to the Google Apps platform beginning in 2013.”

“Transitioning”, is another way of saying we’re cutting you off and you better do something about it. As an IT professional you’ve probably been cursing the day you found this out; I bet the idea of an unplanned migration of such a core service is something you wished happened more often, isn’t at all disruptive is it?

 Part of the worry about moving to a new platform will be the completeness of said platform. The Google transition FAQ tells us there is some core functionality missing. For example; you won’t have a quarantine summary until Q1, 2013. Users won’t be able to manage their quarantines online, like they do now, until Q2, 2013, along with reporting. Outbound filtering won’t be with you until Q3, 2013. And, if you want any sort of admin quarantine the best estimate you’ll get from Google is 2013.

Sadly, the list of missing or unsupported features goes on, ultimately ending in a couple of shockers that leave you worse-off in terms of SLA too.

Frustrated? Worried? Considering your options?

By now you’ll have noticed the veritable feeding frenzy that email security vendors have got into. Some offering 6 months of service free, others touting free migrations to their platforms. Ultimately betting the farm on a gimmick in a hope they can attract you. They’re not really considering the financial impact on their business-model of ‘free’ stuff in this, already cut-throat, market. Race to zero anyone?

The problem I have with this race to the bottom, is it undermines the value of email security and the gateway and is a dis-service to you, the customer. The last thing you need is a vendor who’s sold themselves to dirt cheap technology in a mad dash to gain market share. In a year or two it’s likely you’ll be migrating away from that vendor too as they run out of money and innovation.

The knock on effect of this market behaviour is also a lack of investment in R&D, which you’ll notice when you start to conduct your own due diligence on these vendors. Offering a free migration to a service could well be covering up weaknesses in technology that are likely to be a show stopper if you dig deeper. If you’re in this situation as the vendor about their ‘cloud infrastructure, and whether it’s really cloud or not; chances are it’ll be a hosted version of their on-premise gateway technology. I don’t need to point out that’s not cloud, nor is it scalable, and it’s bound to hurt sometime down the line.

Faced with the choice between incomplete and imperfect it makes sense to take some time out from worrying about this unplanned migration, put aside the hysterical marketing from the ‘look at me’ vendors and consider your options.  We’ve put together a short video that makes this point and might help you decide what steps to take next.

Yours in email.

@orlando_sc

Add your comment (0)

CISSP, CCSK
Mimecast

Article Tags

, ,

By on August 20, 2012

Mimecast’s Visionary Secure Email Gateway

Mimecast Email Security

Mimecast has just been positioned in the Visionaries Quadrant of the “Magic Quadrant” for Secure Email Gateways. Gartner release this report annually to evaluate the leading providers in the Secure Email Gateway Market. Mimecast has been placed in the Visionaries quadrant as a validation of our determination to bring innovation and progress to the Secure Email Gateway market. At Mimecast we recognise there is much more value and ability built into the Secure Email Gateway than is currently offered, we recognise that the Secure Email Gateway could do a whole lot more than anti-spam and anti-virus.

Secure Email Gateways have been an essential part of an email management infrastructure since the mid-nineties. Email servers used to plug straight into the Internet without any threat of malicious or meat related email (Spam, Ham or Bacn, if you didn’t get that). To be fair email servers “dialled-up” to the Internet and did their scheduled send and receive of queued email over a normal telephone line. Then we added ISDN, ADSL, Leased Lines, Broadband, and today the types of always-on connection that mean our email servers have almost become instantaneous forms of essential communication.

Coinciding with the rise in demand for email has been a simultaneous boom in the market for selling things by email too. Our email administrators had to quickly add gateways that “filter out” this junk and rubbish as the chorus of complaints from end-users grew louder.

Today, Secure Email Gateways are a must-have part of network security methodology, we can’t live without them – unless of course you buy your shares, watches, herbal enhancements and little blue pills on the Internet; if that is the case, our spam is your news.

Some would have us believe that the Secure Email Gateway has become a commoditised part of the network. I would argue this commoditisation is only true if you choose to spend your IT budget with a vendor who is not offering any innovation, or product vision in return. You get what you pay for, and there are quite a few vendors offering well marketed, but technically-limited, budget solutions that will protect you, but nothing more.

As email evolves and adapts to the more collaborative work-flows emerging in businesses today, the email gateways will play in important role in controlling and securing the corporate intellectual property embedded within email. End users are already demanding increased flexibility and control of their conversations and relationships on a per-message basis, and from directly within their inbox. They yearn for the tools to solve the pain caused by their budget, unintelligent, email gateway.

Mimecast Email Security is designed to combine this increased flexibility with industry-leading security, delivering industry-first capabilities directly to the end-users, as well as centralized controls for the IT department to. Mimecast Email Security brings the value of the Secure Email Gateway back and delivers a vision of the future that enables email use in your business.

The latest version of Mimecast Email Security will be available this Autumn. The Gartner Magic Quadrant for Secure Email Gateways, 2012, is available on our website.

 

 

Add your comment (0)

CISSP, CCSK
Mimecast

Article Tags

,

By on August 20, 2012

Phishing: When is a login not a login?

Phishing is not new. The first phishing attack we recognise as the ground breaker was in 1996, although the concept for this type of attack had been documented for around eight years beforehand. Today Phishing attacks are a ubiquitous part of the Internet and obviously a healthy source of user credentials, and income, for the criminals that leverage them.

Image courtesy of Scott Adams, Inc.

Getting a user’s credentials is always a good day at the office in the criminal underworld of phishing. I really do mean “at the office” too, many of the gangs that use phishing attacks are setup like small businesses with offices, water coolers and summer outings. That shouldn’t be a surprise when you think how successful this type of attack can be, and how much ‘revenue’ can be generated in one hit. A particularly large haul netted $1.5 Million in 2009.

The primary target for Phishing attacks has always been credentials for financial sites. Take PayPal as an example; over 100 Million active accounts, a high liquidity, bank and credit card details instantly available and money can be sent to another email address with little authentication. But, PayPal is no longer enough and almost every site that contains personal or financial information has been a target, even the IRS has been used as bait.

It used to be easy to spot Phishing attacks directed at PayPal users, the URL would point to Paypol or similar and the writing style of the email made it obvious the sender wasn’t a native English speaker. However, today’s attacks are much slicker, very well crafted and often convincing enough. Often the URL is manipulated to make the reader think they are visiting one site – http://www.google.com – when in fact are directed to another. Look-a-like website forgery is used too, creating an identical copy of a website at a near accurate URL – www.yourbank.attacker.com. As I said–”convincing enough.”

More worryingly, businesses have had to respond to the challenge of directed attacks, known as Spear Phishing, and Puddle Phishing, whereby the attacker is choosing a specific organization to target. Any site with a login prompt of value is now a target, especially if the same login credentials can be used at other sites.

The risk to an organization from a Spear Phishing attack is significantly greater because corporate intellectual property could be at risk, as well as long term access to internal systems if the attack goes undetected. It is this administrators fear the most; and the idea that underpins the Advanced Persistent Threat (APT), persistent because we haven’t detected the intruder yet.

Protecting your business against phishing means using a variety of tactics. Good perimeter security combined with up to date browser and desktop security apps is a given. Educating your users to double check URLs before they click on them adds a smart social protection too. Remember too that no one is beyond the reach of these attacks – there is a form of phishing called Whaling that seeks to target all but high-level or C-suite executives. Educating those users might be a challenge now, but much less of a problem than cleaning up after an exploitation. End user training and awareness is now big business, both commercially and DIY.

If you are in the business of hosting a platform that requires users to login and supply personal information your biggest challenge is reacting to attacks that use your branding as bait. Helping your users identify your legitimate platform using certificates and enhanced authentication protocols is essential.

We can all help too, if you stumble across an odd looking website, verify it or submit it to a service like PhishTank.

Stay safe out there.

Add your comment (0)

CISSP, CCSK
Mimecast

Article Tags

,

By on August 2, 2012

New end user features controlled by IT Administrators

A short while ago, Mimecast announced some cool new enhancements to the Email Security product set.

I am very excited about this because for the first time in a long time there are some truly new features becoming available to end users of an Internet-based email gateway security service.

The main thrust of these centres around some unique developments in the end user space, new features that directly integrate the Mimecast cloud-based service with client side software in the form of Microsoft Outlook.

But that’s not what I want to write about.

Sure, it is really cool that users can report spam directly in Outlook. Yes, it is amazing that they can manage their personal quarantines from directly within Outlook. I know users will love having control over how their messages look or are treated by the gateway…

It is this last thing I want to talk about. User’s being given control over how messages are handled? Saying it like that makes it sound like a security threat! Surely we shouldn’t be giving users the ability to bypass policies we have set in stone for them at the gateway?

Well that’s exactly it you see, this is the thing that has me excited. I know that a “one size fits all” approach doesn’t work but that shouldn’t mean we hide useful things away from everybody.

What if we just do that for users we don’t want to access specific features?

Well that’s what we have done. Mimecast knows that granularity of control is something you expect when deploying applications to your user-base so we decided to ensure that that same level of control and granularity remained available to you even though you were deploying client side software that connects to the cloud!

What does this mean? Well in terms of the new features it means that you can create roles, or profiles for types of Outlook users, can they specify what type of encryption to use for secure delivery? Can they over ride the company branding and use a different template? These roles or profiles can then be applied to groups or individuals so that you only expose features you would trust in the hands of that set of users.

As many people will wonder “what happens in the event of a conflict?” I thought I would quickly answer that here too.

If a company policy states that word documents must have meta data stripped and a user selects “no policy”, the automatic policy will be applied and the document will have its meta data stripped. If a user chooses to deliver a message via TLS but there is a policy that states it has to be delivered via Closed Circuit Messaging (CCM), then the automatic policy will apply.

In other words, the safer, securer option is the one that will apply. This works in reverse too. If a user chooses to deliver via CCM and the company policy is to secure messages in transit using TLS, then CCM will be applied because it is a more secure method of content delivery!

Couple this with Windows Integrated Authentication for the cloud service and you can see why I am excited!

This really is a new level of cloud to LAN integration that will definitely help to make everybody’s lives easier.

 

 

Add your comment (0)

Enterprise Consultant
Mimecast

Article Tags

, ,

By on August 4, 2011

The Eerie Quiet of your Junk Folder

Spam volumes on the Internet are down on this time last year. Great news, we can all relax and stop worrying about our Junk or Quarantine folders or that missing million dollar order that might he hiding therein.

Brian Krebs wrote a great piece on the take down of the most prolific botnets, which is thought to be the main cause of drought in spam. It’s certainly true to say that since the likes of Spammit, Rustock, Coreflood, Pushdo and Bredolab have been knobbled the output of spam has been noticeably less.

Less spam is great news, but I’m worried. I suspect this eerie quiet in our spam and junk folders is a false sense of security, and one that is waiting to draw us into a more evil and harmful place.

Think about it this way. You’re a spammer…

Imagine you’ve been spamming people since 1997, persuading them to buy penny stocks, herbal enhancements and more recently fake AV products. You’ve been getting frustrated at the shrinking rate of return on your efforts, for the billions of spam messages you send you’re only seeing a 0.002% return or even less; mind you, at $30 for a bottle of those fake-little-blue-pills that’s still a few million dollars.

Why the decline? Well because we the vendors, are doing a better job of detecting and dealing with spam. Giving customers a 98% anti-spam SLA means we’re confident we can keep that junk and rubbish out of their inboxes. The same is true for personal or webmail accounts, providers are simply getting better at protecting users.

Then just when you thought things couldn’t get much worse someone shuts down your botnet, or the FBI takes away you hosting provider. Bad day at the office?

This is why I am worried…

Given the business challenges the spammers face today it’s no surprise we’re seeing a decline in the volume of spam. But are we? The figures we’re looking at here are related to spam volumes delivered over SMTP based email, and those have been on the wane for some time. The recent precipitous drop makes me feel uneasy about the spammers new business models. You might be surprised I’m using the word ‘business’ in relation to spammers – don’t be; this is their business, they have offices, employees, health-care plans, support lines and staff retreats just like everyone else.

These business models embrace all the latest social media trends. Spammers are simply jumping on the new mechanisms we’re using to communicate, social media gives them everything they need and in many cases an even more targeted audience who are trained to ‘like’ the same things their peers do.

The deeper impact of this switch to less well evolved communication channels, is that the classic AV and AS protections deployed at the corporate gateway are fast being made redundant. Their rules unenforced, their quarantines empty. The threats they protect against are getting onto the network via other means that in many cases are far less well protected. The point is that the spam isn’t going away, it’s just changing and adapting to the marketplace; the users might be breathing a sigh of relief when they look at their inboxes, but I can guarantee you they’re not doing the same elsewhere – Try tweeting the word mortgage or loan and see what happens.

The old money was SMTP email based spam, but just like everything else in corporate IT consumerization is taking over; spammers & scammers are simply keeping up with the trends.

 

 

 

 

Add your comment (0)

CISSP, CCSK
Mimecast

Article Tags

, ,

By on December 1, 2010

A Little DLP can Protect from the Enemy Within – oh, and WikiLeaks

The headlines couldn’t be more relevant as I read through Dawhinderpal Sahota’s blog post about the 2010 KPMG Data Loss Barometer report.

Sahota’s writing picked out a few key gems from the KPMG report, the thrust of which made the claim;

A fifth of all reported data loss incidents in the first half of 2010 were a result of malicious attacks from inside the organization.

The headlines I am referring to are of course screaming about the latest WikiLeaks release; which like the last is bound to have come from an insider with “authorized access” to the system storing the data.

But as someone who has spent most of their career in IT Security this is not really news to me. We’ve known for a long time that the ‘people’ are always the weakest link in any security solution or policy – as humans we have a  natural ability to want to help people and trust them, assuming they are up to no good is hard for us.

Sahota’s blog points out that, as organizations (read, the IT team) get wise to hackers, the criminals are tempting the staff to pass on valuable information. Which is very true, but I think there is a stronger motivation at play here too, as the Wikileaks data shows. The motivation of the “Do-gooder” or the idealist who believes the public should be made aware of the ‘secret’ data they are looking at, presents a significantly greater threat. We need to rethink how we solve this problem with these two types of motivation in mind.

The KPMG report, and Sahota’s post, goes on to single out the Healthcare sector as suffering a large proportion of the leaks, mostly due to the working practices of its users. Sharing of passwords, portable media and accidental leaks all present a wide channel for data to leak out of the organization, but almost all Sectors share these same issues, and most try to combat them with awareness and education for their employees.

I think a better solution is to look towards technology. For example, password sharing can be mitigated by the use of Biometric two factor authentication. Portable media problems can be eliminated with the use of Centralized Endpoint Device Control Systems and of course all external channels can be protected once efficient DLP (Data Leak Prevention) tools have been deployed.

Each type of motivation for the attack or leak is going to need different a consideration. Education, awareness, technology and a good dose of luck are just the start of protecting your data from the baddies or publicity like WikiLeaks.

Add your comment (0)

CISSP, CCSK
Mimecast

Article Tags

, ,

By on September 13, 2010

Here You Have – the worm, virus, trojan combo

Not since Nimda and Code Red has there been so much excitement over a virus propagated around the Internet; the news channels are rolling out all sorts of experts for their doom and gloom opinions, and the dollar amount of lost business is already being totted up by those affected. The list of companies hit so far includes some household names like Comcast, Coca-Cola, ABC and NASA.

The similarities of the ‘Here you have’ worm and the likes of the ILOVEYOU and AnnaKournikova worms have not gone unnoticed – for example HYH uses the same subject line as AnnaKournikova!

Today I expect many of those affected by the HYH worm will be asking how it managed to propagate so well using mechanisms that have been in such wide use of the past 15 years. You have to give it to the writers of HYH, that’s a real retro-worm right there.

HYH has done alarmingly well since it was first spotted in the wild. It’s Worm like characteristics of using email as a distribution mechanism are not new, but the fact that HYH dodged so many security systems is a big surprise. Could this be because too many organizations have not yet protected their users from web borne threats by implementing URL scanning technology in both email and web browsing sessions? The Trojan like qualities of its socially engineered download link have duped many into clicking on the malicious link, surely we should know better? HYH will also email itself to your Outlook contacts as well as copy itself through network shares and drives. All in all HYH is a multifaceted nightmare that on the face of it appeared to look like many of the other worms out there today – yet HYH has been hugely successful. This is perhaps a factor of distribution via email and infection via URL where simply not enough zero day exploit protection was afforded to users.

All of this has left many administrators with only one option, and this isn’t something they have considered for a long time – unplug the network, take everything offline until you can get on-top of the problem. A sysadmin or network admins nightmare. Of those affected some may be able to rely on external continuity systems that offer both security and continuity, but the unlucky ones are probably looking at a long weekend of cleaning and patching.

So whilst others pick apart HYH and its impact on networks and the Internet, I can’t help but notice that this whole saga forces us to once more worry about issues we thought were dealt with. The spam and virus threat isn’t something that’s going to go away, and if anything HYH shows us that it is still possible for chaos to erupt at a moment’s notice. Chaos that can clearly come from the most unexpected direction.

Now is the time to review your setup, email security isn’t a done deal it’s a dynamic system that needs attention. If you haven’t already considered the HYH chaos as a source of downtime, and add that scenario to your continuity plan. And, last but not least, go back to the users and re-educate them on the threats that are clearly still out there.

Add your comment (0)

CISSP, CCSK
Mimecast

Article Tags

, , ,

By on August 31, 2010

Getting behind the botnet, a solution?

Our friends at MessageLabs released their monthly Intelligence Report this week. A number of other outlets and blogs have already reported on the prevalence of the Rustock Botnet, accounting for up-to 41% of spam. The MessageLabs report also goes onto highlight the current spam rate  at an alarmingly high 92.2%, up from 88% in July.

How did we get here? How have we managed to put up with this nonsense for so long? The rise of Botnets like Rustock, Grum, Lethic and Storm have made the problem more significant, and things are only going to get worse. We seem no closer to a solution to the spam problem than ever?

There has been much lambasting of Bill Gates since 2004 when he famously said that by 2006 “… spam will soon be a thing of the past.” Gates predicted that spam would be killed through the electronic equivalent of a stamp, and at the time various vendors were dabbling in similar standards-driven methods for authenticating genuine email and its sender. If only we understood then how important the botnet would become in the global spam problem.

The FUSSP

There is a concept in the anti-spam world called the FUSSP, an acronym for the Final Ultimate Solution to the Spam Problem; when you think have the FUSSP you may submit it to fussp.org and IETF, but there is a long list of criteria your FUSSP must fulfil – for example if your idea requires all SMTP gateways in the world to be the same or a replacement for SMTP, you have already failed.

Asking the world for the FUSSP is a great demonstration of crowd-sourcing a solution to a problem – but I can’t help but think that we’re missing an opportunity here.

A Coalition?

What if, we the collective email security vendors of the world unite to form an alliance against spam, viruses and phishing. We already have the knowledge, research and technology to do this but we choose to use it competitively rather than collaboratively. In a sense we would collectively BE the FUSSP.

This is a big problem that requires a big-thinking solution, bigger than each of us can imagine individually – if we could form this coalition we might be able to win this battle once and for all.

Then again, would a coalition be as agile as the dark forces driving the dark SMTP traffic business?
Or would it simply get so bogged down by bureaucratic red tape that it never managed to realise its goals?

As per usual the greater good comes in second place and the users of email systems suffer…

please comment and lets see what you think, I would like to see if anyone thinks this could work!

Add your comment (0)

CISSP, CCSK
Mimecast

Article Tags

, ,

By on August 2, 2010

Email Security: keep on running!

There is a race being run right now, a race that never ends, where the participants can’t stop for a breather, one of those races you keenly enter, but halfway through ask yourself why am I doing this again?

It’s the sort of race that appears to chase a point that is constantly moving with the horizon.

Running into the sunset

Enough of the race & horizon metaphor…

What I’m talking about is the constant cat and mouse game that we all play with the spammers, phishers, virus writer and general internet nasties. Almost every user who is exposed to the Internet understands the sort of problems that exist. Email administrators in particular have the tricky job of protecting their users and are best placed to understand the problem. But, keeping up with the ever changing threat landscape is a constant balance and battle, and takes dedication if you’re prepared to fight that fight yourself.

Research tells us that senders of malicious email, (by which I mean spam, virus, phishing and all the other junk out there) are trying to get each individual piece of malicious email into your inbox within 11 minutes of the time they release it to the wild. If it takes longer, they move on. Why is this? Because within those 11 minutes the security vendors of the world have detected the new threat and have started to issue updates to protect their client base against it.

As with most things the early bird does indeed get the worm, or in this case your inbox gets the worm (or spam, or phishing attack).

Many on-site security appliances and software solutions have these updates pushed down to them by their respective vendors, which is a great idea but strikes me as a little too slow. If this is all about speed, we really need to be thinking about the fastest and most efficient way of keeping up.

If I were a spammer…

…or virus writer, I would be depending on, and even taking advantage of, the slow reaction of you or your security vendor, I would be hoping that someone somewhere isn’t as alert as perhaps they should be.

Of course in my new dark world of spamming, phishing and viruses, the nature of my business is speed and money. The faster I am the more money I make. I will be praying on people who don’t think like this, people who are slower than I am.

Add your comment (0)

CISSP, CCSK
Mimecast

Article Tags

, , ,
Previous Posts