Recently, Coremail held the email security gateway V7.0 live broadcast conference. Coremail CTO Lin Yanzhong and Tsinghua University teacher Ma Yunlong came to the live broadcast room to share and explain the security issues in the domain and the needs and challenges of intra-domain mutual sending. The live broadcast includes the Coremail email security gateway The product manager will introduce the function highlights of the gateway V7.0 in detail.
What kind of dry goods did the guests of this live broadcast share?
Pull down to view the highlights of the live broadcast!
The choice between intra-domain security and business fluency
Lin Yanzhong, CTO of Coremail, pointed out that intra-domain subsidy fraud is a frequent email security incident this year. There are two reasons for the high delivery rate of fraudulent emails delivered in the domain, not easy to be intercepted, and high recruitment rate. One is the high degree of trust among employees, and the other One is the technical difficulty of achieving intra-domain interception .
According to the Coremail email security attack and defense team, there may be data exchange and other phenomena among black production groups. Starting from this year, once an account is stolen, it may be attacked by multiple gangs within a short period of time.
Challenges of Intra-Domain Security Detection
There are many reasons why intra-domain security detection is not widely used in the email field. The main reason is that it is difficult to grasp the balance point between the interception rate of suspicious emails and the misjudgment rate of normal emails, that is, the trade-off between intra-domain security and business fluency question.
How to formulate an appropriate intra-domain interception strategy is a difficult problem that email security vendors have encountered in recent years. In the traditional anti-spam strategy, it is only necessary to filter suspicious emails from the outside, so its sender reputation and the style of the email must be significantly different from the user's normal emails. We only need to analyze these differences to make a comparison Good blocking effect. However, when it comes to intra-domain security issues, traditional methods are obviously not applicable.
Intra-domain security detection overall solution
After more than a year of research and testing, the Coremail email security team found that some traffic can automatically block spam without causing misjudgment, and the Coremail email security team has verified this for several months, and finally applied it to CACTER email security Gateway V7.0 .
The new version of the mail gateway can break away from the traditional anti-spam algorithm through more dimensional data linkage and analysis, and solve the "dilemma" described above. It is no longer "fighting alone", but chooses to cooperate with more "helpers" to assist in the judgment of mail in the domain.
In order to achieve long-term and effective security protection measures, in the face of pervasive gangs, we need to fortify every link of the gang's attack. By enabling secondary authentication and using a client-specific password, add a security pin to the account. At the same time, use anti-riot guards and email security gateways to add layers of shields to email accounts. In addition, it is also necessary to choose anti-phishing drills to improve user security awareness, so that black production gangs can take advantage of it.
Tsinghua University:
Spam exchange within the domain has a great negative impact
In-Domain Spam Detection Needed
This live broadcast also invited Mr. Ma Yunlong, a senior engineer at the Information Technology Center of Tsinghua University, to share with us the experience of Tsinghua University's email system planning and security operation and maintenance.
Current Status of Mail System of Tsinghua University
Teacher Ma said that the mail system is one of the most important infrastructures of the school. The biggest difficulty and pain point in the operation and maintenance of the mail system is a large number of spam and phishing emails. Tsinghua University’s single-day peak this year exceeded 6kw of spam emails, mailboxes on campus were frequently stolen, and gangsters of illegal industries followed up on school hotspots and implemented precise phishing.
Mr. Ma believes that the economic and property losses caused by sending spam emails within the domain are the largest. Intra-domain email delivery is a whitelist mechanism, and emails will go directly to the user's inbox. Users have a high degree of trust in this, and it is easy to mistrust it. This is a particularly distressing problem for Tsinghua University's mailbox operation and maintenance personnel.
Therefore, Tsinghua University and Coremail are communicating about the trial of CACTER email security gateway V7.0. The gateway V7.0 can support spam detection in the domain, and at the same time, it will not affect the recall of emails and the reading of email status.
Email security problems faced by the education industry and solutions
Mr. Ma analyzed that the three major problems generally faced by the education industry are lack of security awareness of email users, heavy pressure on operation and maintenance management, and lack of policy support.
Combined with years of experience in mailbox operation and maintenance, Mr. Ma shared the following solutions. The first is to strengthen technical training and improve the level of operation and maintenance; the second is to strengthen publicity and improve users' security awareness, which can be trained and improved through phishing drills; the third is to strengthen the annual review of electronic identities; the fourth is to enable email security gateways , through Mail classification and setting different execution strategies can effectively strengthen the detection and interception of spam; the fifth is two-factor authentication. Enabling two-factor authentication can ensure that even if the mailbox is stolen, it is difficult for the thief to use it. Finally, Mr. Ma hopes that Coremail can help enterprises and schools improve their security capabilities.
Solve the challenge of in-domain spam detection:
Does not affect display of mail recall and delivery status
Coremail email security solution expert Liu Qian talked about intra-domain security issues from the perspective of solutions. The core of intra-domain security issues is account security. Although there are effective protection measures, it is difficult to promote them in actual operation. We can only adopt roundabout solutions to reduce intra-domain security risks.
The mail system comes with a cloud detection module. When the cloud detection detects that there is a problem with the email in the domain, it will put the email in the trash bin, but the cloud detection has certain limitations.
Cloud detection can only detect links uploaded by the mail system, and cannot detect spam such as image QR codes and attachments. Cloud detection is essentially a mail classifier. When spam in the domain is detected, it will be delivered to the user's trash box, and the user can still view it freely.
The current solution adopts local detection, which has a higher degree of freedom for mail detection. It can detect pictures, QR codes, attachments, links and other types of spam, and will intercept and isolate the detected spam. Safety control has been greatly improved.
In order to achieve spam detection in the domain, two problems need to be solved. One is the mail loop problem , which requires the mail system to actively terminate the loop; the other is the change of the unique identifier of the mail .
Although the previous solution can detect spam within the domain, it will affect the mail status checking function and mail recall function of the mail system.
CACTER Email Security Gateway V7.0 has solved the above two difficulties. It can detect spam in the domain without affecting the mail recall function and the display of mail delivery status.
Email Security Gateway V7.0:
Exclusive support for intra-domain spam detection
CACTER email security gateway V7.0 is a new generation of intelligent email security gateway developed based on gateway V6.0. Compared with traditional email security gateways, gateway V7.0 has outstanding detection functions in domain spam detection, automatic handling of advanced threats, abnormal letter sending behavior detection, etc., and has an exclusive solution for CACTER email security gateway products, targeting For enterprises with multiple domain names and different domain names with different anti-spam policy requirements, CACTER Gateway V7.0 also supports multi-tenant function.
Expand the scope of email security management and control:
Exclusive support for intra-domain security management and control
Traditional email security gateways can only filter and detect incoming and outgoing emails, while CACTER gateway V7.0 expands the scope of email security control, supports intra-domain spam detection, and solves two major difficulties in intra-domain email detection—— Ensure the normal use of the mail system's "mail recall" function and mail delivery status.
CACTER email security gateway V7.0 and Coremail email system carry out in-depth linkage, unify the unique email identifier, overcome technical barriers, and truly realize the use of user-level recall function and the display of mail delivery status without affecting it, which is exactly what other The email security gateway brand cannot involve the difficulties faced by intra-domain detection.
Only the Coremail mail security gateway can detect spam within the domain of the Coremail mail system.
Optimize the letter sending behavior detection model:
Introduce a new model for letter sending behavior detection
Coremail security experts found that there is a large difference in the behavioral portraits of external senders and internal senders, and this difference can be used as an important feature to monitor and identify abnormal letter sending behaviors of internal enterprise users.
CACTER email security gateway V7.0 optimizes the letter sending behavior detection model on the basis of gateway V6.0, and introduces the "internal employee letter sending behavior portrait" module to carry out in-depth learning and memory of internal personnel letter sending behavior.
When the internal account is stolen and the sending behavior is abnormal, the CACTER email security gateway V7.0 can detect the abnormality in time, and intercept and give an alarm.
Upgrade high availability solution: support multi-cluster deployment
CACTER gateway V7.0 not only supports single-machine and dual-machine deployment modes, but also supports cluster multi-node deployment , which can improve the reliability and availability of the gateway system. At the same time, the cluster deployment mode can make the gateway system have a higher level of scalability and elasticity, which means that the gateway can handle more mail traffic.
Upgrade the post-event handling policy for advanced threats:
Exclusive support for automatic recalls
In March of this year, CACTER email security gateway launched an exclusive advanced malicious threat solution: email recall function , which has been well received.
New advanced threat emails may bypass anti-spam engine inspection, anti-virus engine and even cloud sandbox detection engine, and be delivered to the mail system, which cannot be recalled, causing great harm. The email security gateway brand solutions on the market are basically "subsequent feedback": administrators are required to report, and after the anti-spam engine learns the characteristics of new malicious threats, it will be intercepted in the "next time".
Different from the traditional solutions of other email security gateway brands, the email recall function of CACTER email security gateway can be solved "on the spot": when the advanced malicious threat is bypassed for the first time, it can be recalled and disposed of, and the threat can be eliminated immediately.
Based on the gateway V6.0, CACTER email security gateway V7.0 comprehensively upgrades the post-event disposal plan for new advanced malicious threats: from manual recall to program automatic recall.
CACTER email security gateway V7.0 has added intelligence sources and connected to the intelligence center of Coremail email security big data center. When the intelligence center receives malicious threat information, it will send it to the gateway, and the gateway will send an automatic recall email command to the email system, and at the same time feed back the disposal result to the administrator, "race against time", greatly shortening the processing time of advanced malicious threat emails .
Policy classification solution: support multi-tenant mode
Some enterprises and institutions have complex organizational structures, and sub-units use different mail system domain names or even different mail systems. When accessing the mail gateway, there are differences in the docking schemes, and the emphasis of the mail security requirements is different. Administrator rights and anti-spam rules and policies need to be managed at different levels, but it is necessary to centrally manage the mail security business.
For this business scenario, CACTER Email Security Gateway V7.0 launched a multi-tenant product solution:
1) Support different subsidiaries and sub-units to connect to the same gateway in a unified way;
2) Support efficient collaborative management, the super administrator has the authority to control the email security of all tenants, and different tenant administrators manage the rules of the corresponding tenants separately;
3) Supports flexible management of anti-spam rules and policies, isolates data between tenants, and sends and receives emails between tenants in normal operation, different organizations can set different anti-spam rules, and super administrators can manage them in a unified interface.
(Expected to be released by the end of 2023)
CACTER Email Security Gateway V7.0 has been officially released. Customers and friends are welcome to contact CACTER assistants or business colleagues for more detailed understanding!
For more highlights of the email security gateway V7.0 live broadcast conference, welcome to log in to the Coremail administrator community to view the complete replay.
The community also has information about the 2023 Reinsurance HVV Action. Welcome new and old customers and friends to go to the administrator community to get the information!
Administrator community login address: https://ncloud.icoremail.net/
