On May 31, Coremail held a live exchange meeting [Focus on account hacking, threat analysis and response to enterprise email security]. At the live broadcast meeting, the Coremail email security team shared in-depth on the problem of mailbox hacking.
In the face of such rampant account hacking and the upcoming peak period of attack and breach, how should various industries respond to the protection of mailbox security? What solutions did the Coremail email security team provide?
Scroll down to see exciting content shared by email security experts!
Email account security solution
Zeng Xin, an email security solution expert at Coremail, disclosed two major attack methods for corporate email account security in this live exchange meeting, brute force cracking and phishing email attacks.
The attacker’s brute force attack rule is to spread the net through global brute force cracking, obtain employee accounts with weak passwords in the enterprise, and then carry out precise phishing email attacks on the address books in the obtained employee accounts, and finally attack the security awareness. Weak employees carry out behaviors such as bank card theft to convert results.
Zeng Xin, an expert in email security solutions, demonstrated the attack scenario of email hacking under certain conditions in the live broadcast. During the demonstration, in the face of mass phishing email attacks, Zeng Xin announced that the newly upgraded Anti-Riot Guard 2.0 will greatly improve the prevention effect.
The response time of Riot Guard 2.0 has changed from the original 24-hour notification to a quasi-real-time alarm of 15-30 minutes , which is a huge improvement point of Riot Guard 2.0. The newly upgraded Anti-Riot Guard 2.0 uses two sets of algorithm models to calculate the accounts of "abnormal login behavior" and "abnormal letter sending behavior". At the same time, it supports administrators to customize the notification policy and select the notification method (email, SMS) and frequency.
Regarding the email account hacking problems faced by enterprises, Zeng Xin, an email security solution expert at Cremail, proposed an account security protection system based on products and services such as CACTER email security gateway, CAC2.0, and anti-phishing drills .
Riot Guard 2.0 new release
The "highlight" of this live broadcast is undoubtedly the CAC2.0 core upgrade that new and old customers have been paying attention to for a long time. This time, the content of the CAC2.0 upgrade focuses on anti-riot guards, which solves the use needs mentioned by customers for more than a year.
Coremail email security product managers Qin Kaiyuan and Zhou Ting said that the new generation of Riot Guard 2.0 makes better use of CAC anti-spam and anti-phishing data, and distinguishes between abnormal login behavior and abnormal email sending behavior.
The risk IP intelligence library, which took more than a year, has also been established, which can be applied to intercept suspicious logins. Compared with the previous algorithm models such as SVM, the practicality and accuracy of using the risk IP intelligence library for interception are relatively high.
Highlight 1: Abnormal login behavior and abnormal letter sending behavior
The new generation of Riot Guard 2.0 divides abnormal login behavior and abnormal letter sending behavior into two sections, and these two sections have achieved quasi-real-time analysis frequency.
01. Abnormal login behavior
Unexpected login behavior retains the original overview panel and detail panel. When the administrator sees that an account has been disclosed in the overview panel and is suspected of being brute-forced recently or logged in in an unusual way, he can go to the detailed login trace page to view the login success log of the abnormal account, make a preliminary judgment on the suspected account, and then follow up with the account owner. The user can verify whether the account has been hacked or not.
The abnormal login risk description also adds the identification of successful login and successful login of unusual devices. The follow-up production and research plan of CAC2.0 will continue to enrich the identification types of abnormal login behaviors.
02. Abnormal letter sending behavior
Anti-Riot Guard 2.0 monitors the user's letter sending records in real time, counts the types of account sending letters, and intuitively discloses the account sending information. If an account has been stolen in the history, and the attacker frequently uses the account, then it can be judged and analyzed whether the account has been stolen again through the letter sending behavior of the account.
Highlight 2: Quasi-real-time alarm
When the account is suspected of being stolen, how can the administrator receive a notification in a timely manner for judgment?
In the upgrade of Riot Guard 2.0, a large module of notification management has been added . Administrators can set notification policies to support notifications and warnings for different account risk levels.
For example, high-risk accounts are set to quasi-real-time notifications via text messages, and medium- and low-risk accounts are set to 24-hour early warning notifications in the form of emails. It also supports setting different notification methods, different notification frequencies and multiple notification users.
Highlight 3: Risk IP intelligence database
At present, the average daily active risk IP in the risk IP intelligence database is as high as 3W , and the cumulative number of captured risk IP is more than 138W .
The types of IP captured and included in the risk IP intelligence database can be divided into two types. The first type is an IP with a record of brute force cracking behavior and the behavior of sending out spam after successful cracking; the second type is a black IP that has been marked by public information.
The risk IP intelligence database is used in two sections: suspicious login interception and attack IP & attack records.
01. Suspicious login interception
Suspicious login blocking applies data from the risk IP intelligence database. When an attacker logs in to a leaked account, even if the password is correct and the email system releases it, CAC2.0 will still block it and not allow it to log in. The administrator can go to the cloud service center to check the interception log, and when the IP of the company is found in the interception log, the IP can be added to the IP whitelist.
02. Attack IP & Attack Record
In this upgrade, the attack IP & attack record panel has been adjusted, and these two panels are integrated to facilitate the administrator to view the attack IP status of the domain, and to view the specific account and details of the IP attack on the attack record page. The attack situation can also check which IPs have been attacked by an account, and achieve two-way source tracing.
Highlight 4: Brand new status panel
The new situation panel adds the distribution of login request types, the trend and number of login interceptions, the high-risk trend of suspected stolen accounts, the high-risk brute force, and the threat list. These status panels can help administrators grasp the security and overall situation of accounts in the domain in a short period of time.
More about the upgrade introduction of Riot Guard 2.0, you can watch the live video playback on the Coremail administrator community, and about the function optimization of Riot Guard 2.0, you need to experience it yourself to better understand it.
2022 Anti-Phishing Drill Report Released
At this [Focus on account hacking, threat analysis and response to enterprise email security] live exchange meeting, we were honored to invite Xie Chao, deputy general manager and chief expert of Shanghai Yi Nian Information Technology Co., Ltd. to release the "2022 Annual Anti-Phishing Drill Report".
At the live broadcast meeting, Mr. Xie Chaoshou explained the content of the report to everyone, and analyzed the status of domestic phishing simulation drills and the importance of companies carrying out anti-phishing drills.
learn more
For more exciting content and information about this live broadcast, please go to the Coremail management community to watch and download. There are also CAC2.0 trial exchange posts in the community. Old customers are welcome to come to the community to communicate and discuss the trial experience and opinions of CAC2.0. New customers can follow the official account of [CACTER Email Security] to get more email security dry goods.
