Start out with Part I of this series

Prevent the initial reconnaissance and attack with an effective advanced threat protection and email encryption solution coupled with enforcing multi-factor authentication for user logins.

97% of users are still not able to detect a sophisticated phishing attack. SolarWinds is just another reminder that email continues to be core to the Cyber Threat Cycle. It is the most difficult to secure and the easiest to exploit. While security organizations validly discuss new attack techniques and the potential of these being used, there is a never-ending list of evidence that:

• Email is a treasure trove of reconnaissance information
• Email attacks are very cheap for the threat actor to execute
• Employees are no more effective at detecting a phishing attack intended to steal their credentials or malware intended to compromise their endpoint today than they were years ago.

Detect the presence of a threat actor with a security audit or monitoring solution

Highly effective email defense with a better than 99.9% effectiveness rating against phishing and malware will close 95% of your prevention gap. We are aware that threat actors will figure out other ways to get into your network, so developing approaches to protect other vectors will be necessary. However, you can quickly close this gap while evaluating other tools by leveraging a security auditing service. Particularly a solution that focuses on:

• Identifying weaknesses in user login and authentication
• Identifying suspicious behavior related to mailbox rules and email communication

As the SolarWinds breach proved, the threat actors needed to gain access to secured development environments. In that context, monitoring for weaknesses in simple policies like regularly changing passwords, or where a user may be logging into a system from a remote location, can be a clear indication that someone not employed by the organization has made it into your network.

Furthermore, we know in every case of a major breach, when the threat actor has infiltrated the business, they must communicate to something on the outside to retrieve further instructions, files, or exfiltrate internal intelligence. Monitoring for email forwarding rules or activity such as immediately deleting sent messages on an automated basis should set off a red alert.

Therefore a security audit or monitoring tool to detect internal suspicious behavior is a must for the layered protection strategy.

Zix Layered Protection

Act on any suspicious behavior through containment and remediation to prevent attacker success.

As you put in place the two main components to prevent and detect malicious behavior, the third motion must be in response to what may have failed. As we’ve indicated, businesses can implement every security solution pitched to them by the hundreds of security vendors available, but Zix Layered Protection is intended to keeping your security as simple as possible while maximizing your time and investment. To complete this goal, the response to the potential breach must be immediate. The goal should be to maintain business productivity even in the face of an attack. Most growing businesses may not have the time or expertise to immediately triage the incident, but they can begin their response and remediation process at no risk. Those tasks at a minimum should be:

• Immediately remove any malicious email that may have landed within the targeted employee’s inbox.
• Scan the targeted employee’s login activity and require any vulnerable passwords to be changed immediately (enforce MFA if disabled).
• Immediately clear their file systems and provide the targeted employee with a clean working copy of their data.

Zix Layered Protection enables organizations to maintain productivity through Zix Backup and Recovery services. Coupled with message retraction and account lock-down, latent threats can be rapidly eliminated.

How does Zix Layered Protection break the Cyber Threat Cycle?

Zix Secure Cloud turns a complex plan into a simple operational model.

Protect

Advanced Email Encryption

The gold standard of encryption secures the email channel so that threat actors cannot hijack the SMTP conversation via a man-in-the-middle attack. With Zix’s Best Method of Delivery regardless of who the organization communicates with, business insights are fully protected from inbox to inbox.

Advanced Email Threat Protection

Today’s top attack technique continues to be advanced phishing and malware-based attacks. Zix Advanced Email Threat Protection is rated one of the most effective solution in 3rd party testing:

• Phishing Detection Rate: 99.9%
• Threat (Malware, ransomware, etc.) Detection Rate: 100%
• Accuracy Rate: 99.994%

With Zix acting as the first layer of defense the initial compromise is mitigated exponentially.

Azure AD Multi-factor Authentication

Relying on users to detect a phishing URL is a recipe for allowing cybercriminal access to their endpoint. By enforcing multi-factor authentication that is built into every M365 bundle, security teams can close this gap and solve the protection need.

Detect

Security Audit (Detect & Alert)

While the protection components exponentially reduce the attack surface, the risk for internal negligence does exist. Continuous monitoring and detection within Zix Security Audit adds a layer of scanning that quickly identifies suspicious activity that bypassed the security gateway. With compromised credentials being the key to establishing a foothold, being able to detect suspicious user activity such as low-end employees having administrative access, or Finance employees suspiciously forwarding work email to a personal email address becomes essential to containing the threat.

Advanced Email Threat Protection Threat Analyst Support

Combined with insights from the Zix Security Audit, customers can work directly with Zix Phenomenal Care and Threat Analyst to immediately develop and implement a mitigation strategy to stop subsequent attacks. This is a unique value-add that is essential to making Zix Layered Protection effective.

Respond

Security Audit (Detect & Alert)

Integrated within the Security Audit are actionable response steps to stop threat actors in their tracks such as locking the user out of the environment.

Advanced Email Threat Protection (Message Retraction)

An additional response step to take once a threat is discovered is to remove any existence of malicious email that may have been launched internally from the compromised account. Message retraction provides the ability to immediately reduce the risk to anyone else that may have been targeted.

Backup & Recovery

Any response goal must keep employee productivity in mind. With Zix Backup and Recovery services, even if the attacker’s goal was to corrupt corporate data or hold the data for ransom, the business has peace of mind knowing that they have a clean copy of their data to keep their business going.

Advanced Email Encryption (DLP)

Insight into what the attacker may have been after can provide an advantage to keeping this data secure. With Data Loss Prevention policies within Zix Advanced Email Encryption, security personnel are notified if key information is attempted to be extracted via email.

Enabled by Zix Secure Cloud

Zix Secure Cloud plus Azure AD Multi-factor Authentication encompasses layered protection. With these foundational pieces in place, growing businesses can focus on their productivity without being exposed to significant gaps. We recognize that the threat landscape is constantly changing and no growing business should stand still, as their business matures so will the threats targeting them. With assistance from our security partners, we can help guide you through your maturity path while keeping the strategy simple and straightforward.