Behind the Scenes of an Email Attack

August 26, 2019 TH Author Trend Micro CISO : Compliance, Trend Micro CISO : Detection and Response, Trend Micro CISO : Expert Perspective, Trend Micro CISO : Video

Managing security across a large enterprise, even a small one, is no simple task. Attacks are going unnoticed due to siloed tools and data sets, giving cybercriminals ample time to carry out the attack and cause substantial damage. With 94% of attacks coming in via email, it is surprising that most endpoint detection and response tools do not cover email. Especially because something as simple as a phishing email can be the cause of your next big headache.

Nothing is 100 Percent

Cybercriminals continue to evolve their email attack techniques, often fooling even the most security savvy employees. And despite having layers of advanced protection, there is no such thing as 100 percent prevention, as it only takes a single threat to put your organization at risk.

An attacker’s goal is to make the most of their attack, performing reconnaissance work to determine which valuable assets of the company they will go after first—moving laterally and undetected throughout your network. When the attacks begin, typically coordinated and simultaneously, they set off security alerts on endpoints, email, cloud, web, network, firewalls, and that is just to name a few. This creates a lot of noise for security teams to cut through, making it nearly impossible for them to pin point the root cause and take action to remediate. So, to say that security teams are overwhelmed is an understatement.

Smarter Attacks Demand a Smart Defense

In the video example here, the organization is using multiple, separate security layers to detect threats across their endpoints, servers, network, email, and cloud infrastructure. This led to siloed threat information and an overload of alerts with no means to correlate and prioritize them. And as mentioned above, this is a recipe for inefficiency, employee burnout, and an increased risk for more damage. To avoid serious and widespread damage, your goal needs to be: Prevent as much as you can, and detect and respond quickly if a threat does break through. But how do you do that across all these disparate solutions that make for a very piecemeal and manual investigation process?

Many detection and response solutions only look at endpoints, missing threats that enter through user emails, the network, and servers. This can result, as we see in the video, in a very limited view of the breach and provides an inadequate response. To have a true picture of threats affecting your entire organization, it’s important to have native integration into detection and response functions across not only the endpoint, but email, server, network, cloud workloads.

The Right Tools for Success

With the right security, like Trend Micro Vision One™, you can seek out these advanced threats and eliminate them before they compromise data. Trend Micro Vision One extends detection and response beyond the endpoint to offer broader visibility and expert security analytics, leading to more detections and an earlier, faster response. With Trend Micro Vision One, this attack could have been detected and stopped before it even started.

See what you’ve been missing, and watch what can happen if an email attack fools one of your employees and you don’t have the right tools to address it.

You May Also Like

How a Unified Security Platform Protects the Cloud

Top Cloud Security Challenges & How to Beat Them

Modern Attack Surface Management for CISOs