Loading...
Blogs & Stories

Trustwave Blog

The Trustwave Blog empowers information security professionals to achieve new heights through expert insight that addresses hot topics, trends and challenges and defines best practices.

MailMarshal: Delivering Cloud Based and On-Premise Security Peace of Mind Against Advanced Email Threats

The recent discovery of a zero-day vulnerability in a well-known email security product further underscores the importance of robust email security that can effectively counter advanced email threats, offer a defense-in-depth approach, and operate in the cloud or on-premises.

To start, if you believe you have suffered a breach, Trustwave’s Digital Forensics and Incident Response (DFIR) is ready and online to take your call and start helping your organization recover. Click here.

The email security appliance issue focuses on CVE-2023-2868. The vendor is urging customers to immediately replace affected email security gateway appliances regardless of patch version level.

Organizations concerned about the security of their appliance and are looking to move to a cloud-based email security platform with on-prem capabilities can begin the process by visiting this page to learn more about Trustwave’s industry-recognized and award-winning MailMarshal email security.

MailMarshal is designed from the ground up to operate in a cloud, hybrid, or on-premises environment.

With the cloud-based service a client will achieve improved email security and save money by complementing any previously installed web-based email gateways. Additionally, MailMarshal complements Microsoft 365, Azure Rights Management Services (RMS), and other cloud email solutions.

Trustwave MailMarshal: Battle-Tested Email Security Defender

For additional background, Trustwave MailMarshal is an established solution that employs a comprehensive strategy for safeguarding email communications. This powerful system excels in minimizing false alarms while delivering robust protection against spam, gateway attacks, viruses, email phishing attempts, and malicious URLs. Its cutting-edge Business Email Compromise (BEC) Engine adds an extra layer of defense, effectively shielding businesses from sophisticated BEC attacks. With a vast user base encompassing numerous Fortune 500 companies, MailMarshal has earned a remarkable average client loyalty of 15 years.

  • Protects against ransomware, BEC, phishing, malware, and zero-day attacks
  • In the 20-plus years since MailMarshal was introduced, zero clients have reported ransomware infection
  • Trustwave MailMarshal detects 3,000-5,000 phishing URLs per day, over 1 million per year, that no other vendor in VirusTotal detects
  • Has a 99.99% malware and exploit capture rate
  • 001% spam false positives
  • Powered by telemetry from 5,000+ global Managed Security Services clients and ML-powered algorithms
  • Offers granular control of internal SMTP traffic
  • Supported by Trustwave SpiderLabs elite threat detection security team

Trustwave MailMarshal offers a convenient way to create personalized rules for scanning email headers, body text, and attachments. These rules help to identify violations and prevent data loss. With its built-in rules, MailMarshal ensures compliance with various regulations such as GDPR, PCI-DSS, HIPAA, Sarbanes-Oxley, and others. Trustwave MailMarshal thoroughly inspects all outbound content, including encrypted emails and attachments.

Email Security Must be a Top Priority

To effectively counter advanced email threats, it is essential for organizations to embrace a defense-in-depth email security approach, whether they operate in the cloud or on-premises. It is vital to develop a comprehensive security strategy that is tailored to the unique characteristics of your environment and incorporate the following measures to enhance your defensive capabilities:

  • Implement a Secure Email Gateway (SEG): Invest in a secure email gateway optimized for your organization. An SEG helps quarantine and flag potentially malicious emails and attachments, preventing them from infiltrating your network.
  • Enable Multi-Factor Authentication (MFA/2FA): Implement MFA/2FA wherever possible to invalidate credential-based attacks. Shockingly, Microsoft found that 99% of compromised accounts lacked MFA protection.
  • Verify Before Transacting: Always enforce a second form of verification or validation before changing bank details or initiating financial transactions via email.
  • Conduct Regular Security Refreshers: Provide annual security awareness training for all employees, covering topics such as phishing attacks and general security best practices. Equipping employees with the knowledge to recognize and respond to attacks is crucial.
  • Set Policies for Handling File Types: Establish clear policies regarding the handling of different file types sent via email. This ensures consistent and secure practices across the organization.

Trustwave SpiderLabs: The Power Behind MailMarshal

MailMarshal is backed not only by one of the best trained, most experienced cybersecurity research teams in the industry, but also by a technology stack that has been decades in the making.

Trustwave SpiderLabs is a global team of security experts dedicated to supporting MailMarshal and email security in general. These researchers and analysts break down captured malicious emails, analyzing malware, and discover the tactics, techniques, and procedures (TTPs) cybercriminals employe. These lessons are then ingested and used to help protect our clients. Because, as we all know, adversaries will use a single attack methodology against a wide array of targets.

The team's strengths include 20-plus years of experience in understanding email security and malware; the malware team works closely with the end-to-end email team, and SpiderLabs and Engineering work closely together on developing new capabilities.

Under the guidance of SpiderLabs, MailMarshal runs every inbound email through 11 separate layers to help protect against spam, email-delivered malware, phishing, and BEC attacks on-premises and in the cloud.

MailMarshal: Constantly Updated and Fine-Tuned to Deliver Better Results

In March, the MailMarshal team rolled out a major update adding PageML to the platform’s Blended Threat Module (BTM). This new feature is estimated to increase the detection of phishing URLs by at least 30%. The BTM conducts real-time scans when a URL in an email is clicked to determine if it is malicious.

PageML, a URL classifier developed by Trustwave and managed by SpiderLabs, applies machine learning techniques to page content in real time to boost the BTM's ability to detect malicious URLs. PageML is currently running live in the Trustwave section of VirusTotal, analyzing millions of URLs daily. Testing has shown that PageML detects a significant amount of live phishing pages missed by other validators, making it a valuable tool in the fight against phishing.

Microsoft 365 and Trustwave MailMarshal: Even Better Together:

The best of all, combining the proprietary defense filters in Trustwave MailMarshal with the built-in security protections included in Microsoft 365 delivers even higher levels of detection and extended protection in real-time. This action is accomplished by proactively detecting suspicious email, removing it from end user access, and shielding well-intentioned end users from falling prey to known and targeted attacks.

Layering MailMarshal with Microsoft 365 results in 80% to more than 90% less malware, phishing, spam, and BEC arriving in users’ inboxes when compared to Microsoft 365 alone (Based upon Trustwave internal analysis comparing Microsoft 365 and MailMarshal together to Microsoft 365 E3 alone.)

In addition, Trustwave MailMarshal is the only email gateway that supports Microsoft Azure Information Protection (AIP) and Rights Management Services (RMS). Our solution can decrypt Azure RMS email for Microsoft 365 to enforce all outbound policy controls before re-encrypting and sending, thus eliminating security blind spots created by email encryption. MailMarshal can also enforce Azure RMS controls based on policy triggers even if the user forgets them.