Why systems at the Endpoint are Not Enough to Protect Your Email

AnubisNetworks By AnubisNetworks • September 18, 2019


Professionals know that antivirus software can rarely be enough to protect emails. Many businesses are not aware of this, which is one of the reasons why email attacks affect so many. 

Email attacks are an advanced form of cyber threats, and some 38% of organizations state that they are not prepared to deal with such attacks. 

Even if you're not part of that 38%, it's essential to understand why antivirus and similar endpoint software cannot save you from most of the email threats.

Why Antivirus Software Is Not Enough To Protect your Email

According to the 2019 report by Verizon, 28% of threats involved malware, while 33% included social attacks.

You would guess AntiVirus would catch Malware. This is not the case, however, and for two basic reasons:

  • The first is that AVs are based on signatures (a sort of fingerprint) of well known malware. They are updated at a certain frequency, which may not be enough for very recent ("zero day") malware.
  • The second reason is that it lacks context. An AV will see if the file's "fingerprint" will match anything it has stored, but will not have in consideration the origin of the email, the authentication, and the email content. And these factors are usually important to deem an email as being suspicious. Remember malware may be hidden through a link, or a link-of-a-link, in an elaborated phishing scheme.

Email security solutions will give you the upper edge. As most of these threats originate from emails sent by hackers, it's crucial to have adequate measures that can stop phishing emails and other similar email risks. 

Advanced Email protection services include essential solutions like:

  • Antispam
  • Fraud countermeasures
  • More than one Antivirus
  • Network reputation for senders, IPs, and domains.
  • Sandbox technologies for detecting zero-hour malware.

Antiviruses do not possess advanced security measures that can deal with sophisticated threats, and therefore you must expect from them a moderate catch rate. What this means is that  AVs are still important! In fact, a layered defense where multiple, different, systems contribute on their own for the highest protection possible is the best security philosophy you can deploy. 

The Importance of Sandbox Technology in Email Security

One of the items in the list above, and something that regular antiviruses and other regular email solutions don't have is a sandbox based technology.

Basically, Sandbox Malware Analysis means opening a file and observing what it does to a system. It the file contains malware, it will soon "start infecting".  And this is actually the type of technology that is behind any AntiVirus organization, contributing for creating fingerprints of bad files, and then sending them to every installed AntiVirus software -  The issue here is that this technology is not used in the AVs (it does not analyze in real-time) but instead it serves them at a posterior time, and therefore it loses the advantage of detecting very recent malware.

Anubis uses a solution called Dynamic Malware Analysis, which is a sandbox module that's integrated into our systems analyzing, in real-time, attachments that are being filtered. The solution can detect malicious code by exposing it within a computer sandbox. In such an isolated environment, the malware can do what it was trying to do. However, it's now unable to affect your system as the sandbox is entirely shut off from the rest of the network. When the malware is executed, our system can then monitor and understand the threat. By doing that, the threat can be better dealt with in the future, while your network remains safe throughout the whole process.  

The Best Solution Against Advanced Email Threats

Antivirus are not enough for email security in 2019. Solutions on the Email Security side, especially the ones that use Sandbox technology, are the best bets for protecting an email ecosystem from all advanced threats.