Bryley Advanced Email Threat Protection

There have been rising levels of socially engineered attacks especially against cloud-based email systems like Microsoft 365, according to Verizon’s Data Breach Report.¹ Socially engineered attacks require a different kind of defense than the standard email security implementations.

Three Types of Socially Engineered Email Attacks

Spear Phishing

“Spear” is used to signify a highly targeted phishing attack. Spear phishers send emails that look to have come from a trusted source and sent to a narrow group, like subscribers of a particular service or employees of a company. These scam emails often request data like user names or passwords.

Business Email Compromise

In a business email compromise attack, criminals send an email message using the name of a known source making a plausible request. For example a vendor seems to ask for your credit card information or a bank looks like it’s giving updated instructions on wiring a payment.

Account Takeover

In an account takeover, hackers get access to corporate email accounts through stolen credentials. These internal accounts are then used to launch subsequent targeted attacks. It’s difficult to detect these attacks since they don’t rely on impersonation techniques, but come from a same-server, legitimate account.

Why make it easy on the invaders?

An Artificial Intelligence-Based Defense that Analyzes Every Email

Bryley engineers have added important software to Bryley’s arsenal for combatting socially engineered attacks and the various other kinds of offensives launched on our email accounts. Called Bryley Advanced Email Protection, it gives Artificial-Intelligence-powered protection against all forms of email attack.

The Gateway Layer Is a Rules-Based Filter

The email gateway is a boundary layer in front of your email server. It scans inbound and outbound email messages for malicious intent, malware, authentication issues, URL reputation and it checks against blacklists. The gateway blocks emails that lead to phishing sites or malware-distribution sites. A gateway is good for finding and blocking zero-day attacks (the exploitation of unpatched vulnerabilities) and ransomware.

But because the gateway’s filters are based on rules and policies, gateways are not built for targeted strikes like social-engineering-based attacks. Gateway-only solutions often lead to false positives, preventing good emails from getting through. So Bryley Advanced Email Threat Protection pre-filters email traffic and identifies the great majority of threats. Then it passes along only the few, remaining, suspicious emails to a sandbox layer to confirm zero-day threats and block them.

The Sandboxing Layer Contains and Tests the Unknown

Sandboxing analyzes unusual, potential malware in a protected environment. New threats are sent by email every day, so these cannot be handled by gateway filters. Sandboxing is an added, defensive layer in which any email that gets past the gateway’s filters, but still contains unknown file types, URL links or otherwise questionable content can be tested before they reach your inbox.

The API Layer Defeats Social-Engineering Attacks

Protection from socially-engineered attacks comes from an Application Programming Interface (API [controls the interaction of specific software tools²]) that meshes with your email system and individual mailboxes. API integration gives visibility into historical and internal email communication for every email account in the system. It uses this data interpreted by AI to create a communication identity graph, a statistical model specific to each user. The identity graph reveals unusual communication patterns outside of the statistical model. This API system predicts and stops spear phishing attempts. So, for example, when a vendor makes a request originating at a domain not seen before, the API flags and blocks it.

Bryley Advanced Email Threat Protection, through its API detects both account takeover attempts and attacks launched from compromised accounts. Bryley Advanced Email Threat Protection’s API is also able to prevent attempts to compromise credentials by blocking spear phishing emails trying to steal employee passwords.

Layers to Defend Your Email Server and Your Business

Nearly eighty percent of organizations are using M365 with no extra security.³ Microsoft provides a layer of security. But Bryley Advanced Email Protection is unlike anything Microsoft or Google Workspace offer. It’s an AI-based system built to learn the internal and outward-facing behaviors of your organization, and treat emails that conform or deviate appropriately. So choose to put Bryley Advanced Email Threat Protection layers in front of your email server and you’ve multiplied your defenses against criminal behavior.

The tools Bryley uses to accomplish protecting and preserving data continue to change as technologies evolve. Bryley Advanced Email Protection is the result of Bryley engineers’ continual software and hardware evaluations to better ensure its clients’ businesses are not disrupted.

Bryley Systems has helped organizations achieve continuity through managed IT since 1987. If you would like more information about Bryley’s approach to Email Protection please complete the form, below, call 978.562.6077 or email ITExperts@Bryley.com.

^{1 https://www.verizon.com/business/resources/reports/dbir/
2 https://www.webopedia.com/definitions/api/
3 Barracuda}