The start of 2018 provided an important reminder about the duality of cyber attacks. On the one hand, the Spectre and Meltdown vulnerabilities highlight yet again that there will always be new ways for cybercriminals to enter organizations. On the other, frequent news of data loss at businesses or government organizations reminds us that existing avenues of attack – like email – rarely go away. In fact, you might recall that in the 2017 Verizon Data Breach Investigations Report (DBIR) the most common attack vector, responsible for 66% of installed malware, was in fact email.
That’s why Fortinet continues to urge organizations to look closely at their email security effectiveness, and respected analysts note that “Advanced threats (such as ransomware and business email compromise) are easily bypassing the signature-based and reputation-based prevention mechanisms that a secure email gateway (SEG) has traditionally used.” They then recommend that organizations “supplement gaps (if replacement is not an option) in the advanced threat defense capabilities of an incumbent SEG by adding a specialized product that is tailored for this purpose.”
The challenge is that most all email security vendors say the same thing: “99.9% catch rate, no false positives, easy to manage” and so forth, which is why Fortinet is firmly committed to regular participation in independent testing. Consider, for example, the Advanced Threat Defense certification testing conducted by ICSA Labs.
For much of this year their sample set, collected from in-progress campaigns each quarter, has contained a healthy dose of ransomware and a common technique of compressed archives.
And Fortinet Advanced Threat Protection closed out the year by demonstrating 100% detection with 0% false positives against these advanced email threats. You can see the full results here.
Specific results aside, the true importance of this analysis is that:
- ICSA runs one of only two independent and recurring tests of email security effectiveness that I know of. (The other is run by Virus Bulletin.)
- ICSA has been running this test quarterly for more than a year, and only two solutions (kudos to Trend Micro as well) have earned their certification for Advanced Threat Defense for Email.
- Fortinet views this and similar independent testing as a critical decision making resource for customers, as well as an important input process to help us continually improve our products.
Late last month, Fortinet released a new version of FortiMail. It includes improvements to previous enhancements, like our Virus Outbreak Service that speeds protection against emerging cybercriminal campaigns (that incidentally came out of findings from ICSA testing), as well as significant new features like Content Disarm and Reconstruction. This capability effectively neutralizes email attacks that embed malicious code into otherwise benign document formats by removing the active content and then delivering a safe attachment. To learn more about Fortinet’s FortiMail secure email gateway offering, please visit our product resource center.
Going forward, I hope that all organizations are able to keep their two eyes on the duality of the threat landscape, both the brand new as well as the existing and recurring/morphing. And that they will leverage the insights and resources available through truly independent third-party testing to guide them through the process of selecting or replacing essential security tools.
Read important takeaways about the threat landscape in our Global Threat Landscape Report. Also, view our video (above) summarizing valuable data points from our most recent report.