“The cyber-threat landscape continues to evolve rapidly. Socially-based attacks delivered via email are increasingly targeting an organization’s executives and not just rank-and-file employees. This complicates the task which many of today’s security systems have to perform, forcing them into a trade off between greater security and ensuring business continuity,” said Manish Goel, CEO of TrustSphere. “TrustVault works alongside existing security solutions to ensure that trusted, genuine business traffic can be rapidly recognized and ‘fast tracked’ to business users, enabling security systems to focus more intently on suspicious messages and other threats. The counter balance enables both greater security and improved efficiency for the organization.”
TrustVault Social Graph
TrustVault uses data already present in enterprise email systems to build a social graph of known and trusted senders. Without inspecting message content, each email and sender is mapped against this ever-growing social graph and analyzed for proper delivery as prescribed by the organization’s own policies. Once positively identified as genuine and trusted, a sender’s email can always be delivered to intended recipients, even if other systems may have erroneously blocked or quarantined the very same messages.
“Using social graphs to validate trusted senders is an intelligent way to ensure that legitimate emails are always delivered,” said Mark Levitt, director of enterprise software and communications at research firm Strategy Analytics. “TrustSphere applies this innovative approach to address the false positive problem where valid email communications are not delivered because they look suspicious based on known spam patterns. TrustSphere uses this same approach to ensure delivery of legitimate emails that might be blocked by denial of service attacks and to identify suspicious emails such as spear phishing that often evade spam filters.”
TrustVault also applies a proprietary reputation and identity analysis before authenticating senders for priority delivery of their messages. Called TrustCloud™, this global, dynamic whitelist validates that senders are who they claim to be, and continuously checks their email “reputation” to protect recipients against spear phishing attacks as well as messages from newly compromised email accounts that can be laden with spam or malware.
False Positive Mitigation
A key problem that many enterprise IT organizations are unaware they have is excessive email false positives – those legitimate messages erroneously identified by spam filters as spam and sent to junk folders or spam quarantines. Most analyst firms agree that the acceptable number of false positives is 3.5 messages per million (using the six sigma multiplier) or less. But after analyzing hundreds of millions of emails at enterprises across North America, TrustSphere finds the average number of false positives to be in excess of 10,000 messages per million – with some organizations well beyond that.
Once senders can be recognized as genuine and trusted, there is no need for their emails to go through probability-based spam checks. With TrustVault, known and trusted senders’ messages bypass such systems, delivering them straight to anti-virus and anti-malware systems and on to the inbox.
Safeguarding Against DDoS Attacks
With distributed denial of service (DDoS) attacks against businesses on the rise, TrustVault provides an innovative way for IT departments to maintain active email communications during such an attack. Not only does TrustVault identify known and trusted senders, it also looks at the cadence of email conversations across the organization and applies logic to identify those senders that are most important to an enterprise. During a DDoS attack, TrustVault continuously builds critical data which is supplied to an organization’s gateway security systems which reserves a pool of connections to ensure delivery of messages from these trusted senders. This method ensures business continuity regardless of the severity of the attack.
Protection Against Spear Phishing
TrustVault also protects against threats posed by email that gets delivered. Cyber criminals have found a new way to defraud executives and corporations of millions of dollars through spear phishing – email-based communication that lures victims into divulging confidential information such as identity, bank accounts, passwords and more. Unlike its spam-based cousin phishing, a person is 24 times more likely to open and react to a spear phishing email. TrustVault is able to distinguish between legitimate senders and suspicious emails, which enables the IT security department to act on the results. Such actions often include delivering emails to appear in a different color in the inbox.
Combatting Social DDoS Attacks
The same method for countering spear phishing can also be used to combat voll-e, the socially engineered DDoS attacks. Voll-e has gained prominence through the “Occupy” protest movement, where protestors are encouraged to send innocuous emails en masse to executives at banks and other financial institutions. Because these emails have no content that would normally trigger a spam filter and come from multiple sources, they are able to elude conventional email protection and get delivered, rendering the recipient’s inbox virtually unusable. TrustVault differentiates between suspect messages and those from trusted senders, delivering suspicious emails into a separate inbox. This delivery method ensures that an organization’s executives can continue to work as usual and remain uninterrupted even when under such an attack.
“The technology advances in our next generation solution, TrustVault, will have broader implications to enterprises beyond email integrity,” adds Goel. “Through TrustVault we will be extending integrity to all forms of enterprise digital communication, including instant messaging and VoIP. TrustSphere has already begun pilot deployments for the use of TrustVault social graph data for more efficient business intelligence.”
TrustSphere has created an email integrity health check that can show an enterprise exactly what email vulnerabilities exist that can impact business continuity. Without any risk for exposing content, an email integrity health check typically takes just a few a minutes to set up. IT departments interested in an email integrity health check should visit: http://www.trustsphere.com/email_health_check/.
About TrustSphere TrustSphere is a pioneer in ‘Messaging Intelligence’ a next-generation approach to ensuring the security, integrity and reliability of the messaging systems that organizations rely upon. The company was recognized as a ‘Cool Vendor’ for 2011 by Gartner and its award-winning solutions have been successfully deployed by both large corporations and major government organizations, proving their industry-leading capabilities. TrustSphere’s solutions are available through a growing number of value-added resellers and systems integrators across the globe. The company has offices throughout the world, including Singapore, New York, Sydney, Tokyo and London.
For more information on TrustSphere and its solutions visit the company’s website at www.trustsphere.com.