In a December 13, 2013, blog posting Letting The Wrong Ones In: Email Security’s Big Blind Spot, Tim Ricketts of FireEye discusses the key deficiency of spam filters — they are ineffective against extremely low volume highly targeted emails. At Iconix, we call this the Toxic Trickle. The blog is an excellent discussion of the spearphishing phase of the APT problem. It concludes:
And that’s the problem. A person-to-person email doesn’t have spam or bulk phishing characteristics. Any malicious payload is likely to be a weaponized document or a common file type that attachment filters allow through. And URLs contained in the email probably won’t appear on any blacklists.
This exposes a significant blind spot in your email defenses. Your tools might stop 99.99 percent of the bad stuff. But it’s the 0.01 percent that should really alarm you — because those are the ones that have your organization directly in the crosshairs.
This is the security blind spot we address at Iconix. Person-to-person email targets people. Attackers exploit the fact that users will decide which emails to trust. Without SP Guard, personnel receiving spearphishing emails are left to guesswork in determining if the email should be trusted. That guesswork is made in a decision space that is manipulated by the attacker. With SP Guard installed, IT is able to provide personnel with real-time identification of trusted senders.
You can contact us at 408-727-6342, ext 3 or use our online form.