A Business Continuity Dictionary Vol. 3

Not the business continuity pyramid, but a macaron pyramid

The above is not the Bryley business continuity pyramid. But this Dictionary series makes our pyramid digestible.

Volume 3 • From Dark Web Monitoring to
Email Threat Protection

Get to know the concepts of sound cybersecurity with this comprehensive glossary. From fundamental tools to advanced strategies, this guide will help you better build a defense against cyber threats.

The cybersecurity terms defined here are based on Bryley’s business continuity pyramid. The pyramid was designed as a visual aid to achieving a strong defense: the lower the term appears on the pyramid the more foundational it is, the opposite is also true.

^{(Note: some of these terms relate specifically to how Bryley performs its IT role. These are indicated, but the principles behind the topics are common to the practice of IT.)}

Dark Web Monitoring

Dark Web Monitoring provides critical alerts should your business domain or employee credentials be discovered on the dark web.

The strategy Bryley advocates uses both AI and human analysts to proactively search for and analyze compromised and exposed logins that can make an organization a criminal target.

Bryley Dark Web Monitoring is an always-on service that alerts admins of identified exposed login credentials linked to specified email domains, employee email addresses or IP addresses. Admins can then perform preventive action, like resetting passwords or limiting access to credential-compromised tools.

Because individuals on average reuse credentials for five different logins, Dark Web Monitoring can act as a safeguard to help an organization overcome the risks of employees’ poor password habits.

Email Threat Protection

Advanced Email Threat Protection, such as advocated by Bryley, uses the traditional tools of rules-based email filtering, spam blocking and malware scanning and adds AI. This layered email cybersecurity approach helps identify and contain malicious emails before they reach inboxes.

Additionally, to keep it safe, email should be backed-up with good recovered-data availability. Last, layered email protection often includes encryption, data loss prevention and a program of security awareness training.

A comprehensive approach to email security helps organizations maintain data integrity, protect their reputation and mitigate possible financial losses.

A Rules-Based Filter

This is the traditional and still valuable layer in front of an email server. It scans inbound and outbound email messages for malicious intent, malware, authentication issues, URL reputation and it checks against blacklists. The gateway blocks emails that lead to phishing sites or malware-distribution sites. A gateway is good for finding and blocking zero-day attacks (the exploitation of known vulnerabilities, i.e. there are zero days to fix this before it can be exploited) and ransomware. The limitation of rules-based filtering is that they are general and not built for targeted strikes like social-engineering-based attacks (including Business Email Compromise [BEC]).

A Sandboxing Layer Traps and Tests Unfamiliar but Suspicious Emails

Sandboxing analyzes unusual, potential malware in a protected environment. New threats are sent by email every day, so these cannot be handled by rules-based filters. Sandboxing is an added, defensive layer in which any email that gets past the gateway’s filters, but still contains unknown file types, URL links or otherwise questionable content can be tested before they reach your inbox.

Artificial Intelligence

To defend against targeted attacks like BEC, incorporate AI analysis. In this layer, software is trained and learns to distinguish benign and deviant behaviors in your email system. The AI has visibility into historical and internal email communications. The gathered data is then interpreted by AI to create a statistical model for each user, which also shows any communications that deviate from the statistical model. The result is that the AI makes predictions about individual emails to help stop socially engineered attacks like BEC, own-account takeover and spear phishing.

Cloud Email Backup

If you use M365 or Gmail for business, back up the contents of those services (as you would an on-site mail server) – by putting a highly-available backup copy of your data on a different server.

A multi-layered email security approach includes rules-based email filtering, spam blocking, malware scanning, sandboxing unknown threats and AI threat detection that identify and abate email attacks. By adopting a comprehensive strategy, organizations can enhance their protection against phishing attacks, malware, ransomware, BEC and other cyber threats.

Bryley is available to advise regarding your organization’s particular IT needs. Since 1987 Bryley has helped organizations build networks and deal with cyber-threats. To speak to Roy Pacitto, please complete the form, below, call 978.562.6077 x217 or email RPacitto@Bryley.com or schedule a 15-minute call via Roy’s Calendly.

Lawrence Strauss

Lawrence writes about networking and security. He’s written for Bryley since 2015.

DON’T SETTLE FOR LESS

Get More from Your IT Partner

Call our business managed IT services department directly at (978) 547-7221 or simply fill out this form and we will get in touch with you to set up a getting-to-know-you introductory phone call.