Trustwave MailMarshal is a highly dependable and adaptable email security solution that has established itself as a leader in the industry, earning recognition over many years. With the inclusion of Trustwave MailMarshal's Blended Threat Module (BTM), it now offers enhanced protection against phishing attacks, utilizing the power of machine learning for security measures.
A Blended Threat refers to a method of compromising information security that employs multiple tactics. In the context of email, attackers skillfully craft Blended Threat messages to appear as if they originate from a trusted source. These emails often contain links that lead to websites hosting malicious code or attempting to manipulate users into revealing personal information. Sometimes threat actors specifically target Blended Threat emails at individuals or a specific group.
The BTM of Trustwave MailMarshal employs various validation techniques, including real-time behavioral analysis, content inspection, and insights from reputable industry sources. These methods allow the BTM to identify and block websites that distribute suspicious or malicious code. Since the validation process occurs in real-time through a cloud service when an email recipient clicks a link, it ensures superior effectiveness in detecting and neutralizing new exploits for all users, regardless of their device or location.
Here's How the BTM Functions
For background, the Blended Threat Module within MailMarshal scans incoming emails and modifies links before delivering them to the recipient. The Trustwave Link Validator cloud service is activated when a user clicks on a link.
The Link Validator submits the link to one or more validation services, which include reputable link reputation services that check if the link is associated with phishing or other malicious activities. Additionally, Trustwave's Smart Link Classifier, based on continuously trained machine learning technology, performs real-time content checks on the linked pages to identify phishing and other threats. Real-time scanning is crucial in detecting new threats before they are added to reputation lists.
Based on the validation results, the Link Validator either allows the request to proceed to the original site or blocks it if deemed unsafe.
New and Improved BTM
In March 2023, Trustwave's MailMarshal underwent a significant update, introducing PageML as part of the Blended Threat Module. With this addition, the email security solution gained the capability to perform thorough and real-time scans when a URL within an email is clicked, allowing it to determine whether the URL is malicious.
PageML, short for Page Machine Learning, leverages machine learning techniques to analyze page content in real-time, enhancing the BTM's ability to identify malicious URLs by a third.
PageML serves as a real-time scanning module that examines HTML content, extracts relevant features, and applies a machine learning-based classifier to assess whether the page exhibits characteristics of phishing or other suspicious content. The deployment of PageML to all MailMarshal clients took place in early March.
Developed by Trustwave and managed by SpiderLabs, PageML operates as a URL classifier and actively functions within the Trustwave section of VirusTotal. It analyzes millions of URLs daily. Testing has demonstrated that PageML successfully detects a significant number of active phishing pages that other validators might miss. Its inclusion in the arsenal against phishing is, therefore highly valuable.
The Benefits of Trustwave MailMarshal
- Protects against ransomware attacks, Business Email Compromise (BEC), phishing scams, malware, and Zero-Days
- Zero clients reported ransomware infection in 20+ years
- 99% malware and exploit capture rate
- < 0.001% spam false positives
- Layered threat intelligence, powered by telemetry from 5,000+ global MSS/ MDR clients and ML-powered algorithms
- Granular control of internal SMTP traffic
- Decades of leadership in email security supported by Trustwave SpiderLabs elite threat detection security team
- Deploy on prem or hybrid cloud
- Complements Microsoft 365 and other cloud email.
Top Email Security Best Practices
To safeguard against cybercriminals, organizations must prioritize email security and establish a comprehensive defense strategy to protect this vulnerable attack vector. Here are some essential measures to implement:
- Deploy a robust email security solution: It is crucial for organizations to have a powerful email security solution in place. This solution should offer advanced protection mechanisms to detect and mitigate various email-based threats.
- Enable Multi-Factor Authentication (MFA)/Two-Factor Authentication (2FA): Organizations should enforce MFA/2FA on all accounts wherever possible. This additional layer of security helps invalidate credential-based attacks. Microsoft research has shown that a staggering 99% of compromised Microsoft accounts did not have MFA enabled.
- Conduct regular security training: Providing annual security training refreshers for all employees is essential. This training should cover topics such as phishing awareness and overall security practices. By educating employees about the types of attacks they may encounter, organizations empower them with the knowledge to recognize and respond to threats. Security teams should remind staff members request a second form of verification and validation before making any changes to bank details or initiating payments over email.
- Implement a Secure Email Gateway (SEG): Organizations should adopt a Secure Email Gateway tailored to their specific needs. This gateway should be optimized to detect and block email threats effectively. Additionally, organizations must establish clear policies on how different file types sent via email will be handled to mitigate risks associated with malicious attachments.
By incorporating these measures into their email security strategy, organizations can significantly enhance their defenses and reduce the risk of falling victim to email-based attacks.