Search

Stopping the Undetectable Email Virus

A simple strategy for enhancing enterprise security, readily at hand but commonly overlooked




As I stood in the airport security line during my last flight, idly watching the screening process — bags, shoes, laptops hurriedly put into trays, placed on a conveyor belt moving everything into the black tunnel of the X-Ray machine — I noted the X-Ray operator, staring at multiple screens with ghostly outlines of bags and their contents revealed as orange and green computer highlighted objects. I thought how this security process is a metaphor of how companies try to protect themselves from external email threats. Before entering the enterprise, emails are funneled through systems that screen every email and their contents. Once inspected for threats, cleared messages are delivered to user inboxes. But it is an imperfect metaphor. There is one key difference between the airport and email security process, namely, the human.


In the airport security line, a human is allied with the machine when inspecting package contents. For every machine scanning the contents of a bag, there is a human operator looking at that contents. For as much as the machine is able to identify key objects, adding the human eye backed by the brain’s powerful pattern-matching capabilities, creates a more powerful solution for threat detection.


Like some kind of digital Russian roulette, if it’s an infected file attachment or not, the only way to find out is by pulling the trigger, or in this case, clicking on the file.

In contrast, nearly every email security solution relies solely on machines to scan emails and their contents for threats. Rarely is the human engaged as part of that process. Once the machine scanning is concluded the email and its attachments are forwarded to the end-user. Now, inside the firewalls of the organization, the end-user is left to open the email and its attachments locally. There is no moment to safely inspect the contents. Like some kind of digital Russian roulette, if it’s an infected attachment or not, the only way to find out is by pulling the trigger, or in this case, clicking on the file. Apparently, this model isn’t working so well as evidenced by the daily news cycle, filled with constant news of breaches and ransomware caused by malicious files delivered through the number one vector of attack, email (1, 2, 3). If airport security had the same poor rate of success as our “advanced” email defenses, most of us would gladly travel by train.


In an age where we look to computers and artificial intelligent algorithms to solve every problem, we’ve lost sight that there is a well-tested neural network readily at hand. In fact, it’s located between our ears. One simple way of integrating the human as part of the email security solution is to provide the user a safe preview of files, prior to opening the file locally. By providing a safe preview, enterprise security can leverage the human mind to inspect the contents of files before unleashing malicious code directly onto the local device. For hackers, it is far easier and scalable to create and embed a virus in a file called “invoice.doc” than to compose an actual invoice that makes sense to the recipient.


The good news is that a safe preview can be achieved in many different ways. One readily accessible way is to move attachments to a separate repository and replace them with a link that renders the file contents viewable in a web browser. This can be achieved with nearly any cloud storage service, like Box, OneDrive, Google Drive or Egnyte. In fact, Gsuite offers a preview for most email attachment file types. The challenge is users will often simply download files then view them locally. Solutions like Symantec’s Email Security.cloud or mxHero allow organizations to ensure users first preview before downloading attachments. MxHero’s solution even allows companies to stage files from their existing cloud content platform, be it OneDrive, Box, Egnyte or Google Drive.



mxHero uploads and replaces attachments with cloud storage preview links. End users can safely preview files before downloading locally.

So, the next time an email virus is claimed to be ‘undetectable’, let’s be clear — undetectable by the machine (Government raises threat level on ‘undetectable’ email virus). As I continue to read the news of corporate breaches, I think how ironic that in many cases the problem could have been avoided by a simple solution just under our noses, or in this case, between our ears.


Originally published in Medium

AstorsRound.png

Products & Papers

Data Sheets

Products

FAQ

100 Pine St., Suite 1250
San Francisco, CA 94111