A layered security mechanism to protect your most used digital asset: Email.
The Swiss Cheese Model for Email Security.
Since time immemorial, layered security or layered defence strategies have been used for protecting castles, cities, kingdoms and nations.
You have a castle which has the outer city walls. You breach those, there are gates that protect, then there are moats, and the castle itself is atop a hill, so it can be defended as the enemy tries to climb, and then high walls — you get the picture. Nothing new here that you already didn’t know.
Likewise, in information security, the wider term in use is ‘Defence in Depth’ which represents the use of multiple security controls or multiple layers of security controls, which in plain English means that if one security control fails, the second will protect, and if those fail the next layer should protect…you get the idea.
The Swiss Cheese Model for Email Security
In another world, the ‘Swiss Cheese Model’ is used for risk management across sectors, and this visual is a good example that shows how ‘Hazards’ that can pass through all layers are the ones that can cause breaches.
So what does Post-Delivery Protection have to do with this? Well, everything!
Imagine the following:
Email > 1. Secure Email Gateway > 2. O365 > 3. Inbox > 4. Human.
- Layer 1 is the Secure Email Gateway.
- Layer 2 is the native security of your email platform that could be O365, GSuite, Exchange or others.
After these 2 layers, the email gets delivered to the Inbox (Layer 3). ‘Post-Delivery Protection’ is a whole layer of security that can be deployed after the first 2 layers have passed the email along to the inbox. We know that phishing emails are getting delivered despite multiple layers that have existed.
Post-Delivery protection is a new layer in the “Swiss Cheese Model for Email Security” (as I would like to call it), and it works great because it can apply a whole lot more context to the organisation as well as the recipient receiving the email. This layer powered by machine learning enables email security to take a whole new form.
Empirical evidence and extensive research show that 90% of the attacks are Malware-less! So that begs the question, Why can’t traditional secure email gateways and native security of email platforms solve for it?
It is primarily because SEGs are good at preventing attacks with signatures, malware, etc that have been detected, and thus can be blocked. BUT what about Zero-Day phishing attacks, file-less, malware-less attacks, and also imagine that the link embedded in the body of the email was harmless/benign at the point of delivery and so it got delivered. Let's say at 10 AM but 5 mins later it was weaponised, and if you click this link it would do some malicious behaviour? How do you prevent such an attack? You could kit this with proxies/web gateway solutions or safelinks (of O365) equivalents — which are all part of the swiss cheese phenomenon, but how do you prevent the whole category of such attacks — that comprise the 90% that are getting through?
Welcome, Post-Delivery protection! We at Infosec Ventures incubated a solution that was birthed as part of the larger construct of HumanFirewall, which is a Human Risk Protection platform. We were protecting the Human layer, by altering their psychology and changing their behaviour with gamification and machine learning. We teach them to ‘report’ suspicious emails by introducing ambiguity, where they don’t know when this is a real attack, and when this attack is part of the game of HumanFirewall. All they know is that to win the game, they need to report suspicious emails, and they get points that yield rewards like free time-off work, full-day holidays, financial rewards, CEO recognition, etc.
BUT then we asked ourselves, why can’t we solve for the problem with technology in the inbox (Layer 4) where we can warn them about the risks of the emails delivered, show them that this was a ‘similar-name’ to someone they know already, or a look-alike or doppelganger domain, or that this is an anomalous email compared to their normal email traffic, and even get rid of the email altogether, if the machine learning algorithm gave it a ‘very high’ probability of attack. We trained our tech to become better and better, and the result was HUGE!
This was the eureka moment, which gave birth to this breed of tech.
But, this category of post-delivery protection has significant legs of its own, and we decided to spin the “Email Security Assistant” and “Email Remediator” as stand-alone products, that enable ‘Post-Delivery Protection’ and ‘Email threat and Incident Management’ (ETIM) as stand-alone platforms. More about ETIM as a category later…
HumanFirewall, that is already loved and admired by clients globally, where these were but features in that suite, these are now standing tall as independent products.
We hope to see a lot of power in this category, and we are wondering if these could possibly be the future of Email Security in the cloud era?