Breached?

Argos™ Email Threat Management

Email messages sent out by threat actors and cyber criminals are usually carefully disguised as  known, trustworthy senders. Many anti-spam filtering systems fail to distinguish between malicious and legitimate emails from organizations that are used as a cover. Threat actors successfully spoof emails by utilizing weaknesses in the email infrastructure, exploiting them to fool filtering or detection tools. These email trick users into providing PII and even PCI data, which could then be used against them.

Why Use Email Threat
Management (ETM)?

CyberInt’s Email Threat Management (ETM) allows businesses to gain insight, monitor and control emails sent from both legitimate and other sources using its domain. It also provides visibility to the client’s mail server status of SPF/DKIM/DMARC configurations, while allowing policy-based enforcement to either quarantine or reject spoofed emails coming for illegitimate sources.

 

 

 

The Collection
Phase

The DMARC (Domain-based Message Authentication, Reporting and Conformance) authentication protocol is built on two known and existing mechanisms, which are used to associate an email with a pre-defined domain. Both of the mechanisms rely on the ability to authenticate identities using DNS information, which is highly reliable and almost impossible for a threat actor to manipulate.

DMARC utilizes both SPF and DKIM by stating and publishing a clear behavioral policy for the

receiving mail servers to check and use. The DMARC protocol also contains an address, which is used to send the events and forensic reports it creates to the legitimate domain admins.

Based on DMARC, CyberInt developed a cloud-based platform that allows businesses to validate, detect and prevent email spoofing. It allows the enterprise to easily identify email senders not complying with the configured rules, and provides the ability to control the email’s delivery.

100+

billion business emails
are sent and received every day

80%
Are illegitimate
92%
Of those included links to potentially malicious content

ETM Features

  • Configuration Management: Enables easy implementation of the correct format of policies towards SPF/DKIM/DMARC. The organization can either copy, or email the DNS provider to update its DNS record format, which is directly generated from the system, once internally aligned within the system.
  • DMARC Event Management: Provides visibility of all email originating with its domain, enabling users to monitor a potential email generated from an illegitimate source. According to the policy, it can then either be approved, quarantined or rejected, ensuring proper email governance.
  • DMARC Forensic Reports: Upon receiving email events, the system can receive forensic reports detailing the potential fraudulent email header, content as well as external links. This can be further translated into the actionable remediation of performing a malicious domain takedown (optional).
  • Intelligence & Analytics: Additional attribution and context is added to the events collected by the ETM platform, providing intelligence and analysis on top of the raw data. This includes sending email servers’ geo-location, top-sending mail servers, and  DMARC pass/fail messages.

Benefits

Deliverability: DMARC turns the process of identifying spoofed or malicious emails into an easy and accountable process. Receivers no longer have to play the guessing game to figure out if an email’s sender is real or not, improving the organization’s defense against threat actors.

Security: Prevents domain abuse, phishing and spoofing, allowing the user of the ETM to take proactive action in isolating and taking down malicious servers, enhancing the cyber security of the organization.

Visibility: Ensures that 3rd parties sending emails on your company’s behalf comply with email best practices to reduce the risks of cyber attacks.

Brand Protection: Protects your organization and brand from cyber criminals attempting to use your domain for their own benefit, whether the activity is phishing or malware distribution.

Protect your brand from Email spoofing