Today we've launched a new version of the Email Security Cloud Service. Among all the different improvements, we've released an innovative Simulation Engine for our Anti-Fraud security features.
Today we've launched a new version of the Email Security Cloud Service. Among all the different improvements, we've released an innovative Simulation engine for our Anti-Fraud modules.
Email Security Cloud new version is out
Almost 10 years since version 1, another version is out, and aimed on maintaining the carrier-grade abilities the MPS (Mail Protection Service) as used their users to. The latest versions were especificallt focused on a whole set of features and enhancements for the operationalization of the system, or, in another words, on increasing the available options for fine-tuning, customizing, maintaining, and reacting. This means more configurable options, better auditing tools, and increased analytics.
Message Insights: A simulation engine for discovering the capabilities of our Anti-Fraud
Configuring the security and control settings of a system such as our own is not easy. Our users must carefully balance between capturing bad emails without filtering the ones which are just misconfigured. In that sense, we have developed a sandbox system that allows users to test their own configurations against a corpus of their filtered messages. Our intention is that the users can observe the impact of their configurations and act accordingly.
For this first version of Message Insights, we've singled out the Anti-fraud settings around Phishing and Spoofing, enabling a user to, for instance, observe the emails that would be caught if a configuration of FROM different from Reply To and if a SPF/DKIM authentication was failing. By looking at the results, and combining the settings with other modules (for instance, creating exceptions, or enforcing content rules), this would result in an ability to fine tune our security settings in order to ensure no false negatives and positives would occur during the filtering process.
We are already working on expanding this simulation engine, with abilities for other security components, for instance, which attachment types present the greatest danger for a certain group of users, or testing the impact of newly added content rules.
The General case: Why simulation scenarios are fundamental in Email Security Systems
The general case for security is that you should not implement a setting that you're unsure it will succeed in your intentions, not without immediately go after it and change it, if needed.
A setting that is too shallow will not stop bad emails from reaching a user's mailbox (possibly triggering a malware and/or phishing attack). A setting that is overly restrictive will prevent good emails from reaching their destination, potentially causing business disruptions. A setting that is plain wrong can be unpredictable.
If security systems are equipped with proper help documentation, and with simulation engines that can create what-if scenarios, users may be able to tune their operations for better filtering. And, in a fast-paced environment such as email security - where you are dealing with new breeds of malware, and different phishing and BEC attacks every day, it is important that you keep the gap very short between setting a rule, and setting that rule correctly!
Other important aspect, on this topic, is about peer collaboration: A multi-tenant system which enables administrators to delegate or propagate settings management to other users (admins, but also helpdesk, or end-users) and that works both top-down and bottom-up, is a fine vehicle for ensuring the complete email security infrastructure is working around the clock. If a user does not know how to properly set up something, he/she can always use default, or admin settings instead. An administrator should also be able to override the flaws of another (lower-level) administrator.
Some services, such as ours, have this multi-tenancy embedded in the solution; for other services that don't have this - and not just Email Security - it is advisable to always respect a chain of hierarchy when implementing settings that can effectively prevent a security system from doing correct security.