Email Security Solutions

Cyb3r · November 25, 2023, 11:54pm

Looking for recommendations from individuals who possess a solid strategy surrounding email security solutions. The goal is to reduce phishing clicks via malicious URLs. Are there any technologies that have worked best for your organization?

Microsoft possess some capabilities of this; however, there are some gaps. I am looking for a solution that can analyze each URL that passes through the filter, sandboxes it, and analyzes the details to determine whether it is malicious or not—URL, IP, backend connections. The solution that we have currently deployed only scans the link to determine whether it is malicious as opposed to simulating a click and viewing the target destination, etc. MFA bypass attacks and MiTM proxy login pages are on the rise and I want to determine the best risk mitigation effort.

Any technologies on the Rapid7 side that can achieve this?

Twill · December 4, 2023, 9:35pm

We’re also on the lookout for this and would be interested in responses to this post…Hoping to see some suggestions/recommendations if any available

mwhite · January 9, 2024, 1:49am

Not a Rapid7 technology, but I have had experience with ProofPoint from two different orgs. ProofPoint rewrites all URLs in emails and when a user clicks on it, the browser is temporarily redirected to PP where the site is analyzed and then, if safe, quickly redirected to the actual site. Its fast enough to not be noticeable.
The ProofPoint technologies below will give you full email protection for your org:

ProofPoint Protection Server (PPS) - Cloud hosted email demarcation point. Includes Email rules, spam, malware, impostor and phishing protections. Email digest. Email warning tags. Encryption portal
Attachment Defense - add on to PPS that sandboxes email attachments
Targeted Attack Protection (TAP) - historical lookup of previously delivered email with new threat intel
PhishAlarm - button put in all staff mail client. End user submits suspicious email to PP for analysis.
Threat Response Auto-Pull (TRAP) - email submitted from TAP or PhishAlarm that are deemed malicious or unwanted are automatically quarantined. Automates a large part of the email analysis and actions administrative overhead.
Security Education Platform - Phishing campaigns and education to train staff to identify malicious email and report it.

Cyb3r · February 7, 2024, 6:29pm

Thank you, I will look into this.