Augment your email security solution for today’s challenges.
Beyond unsolicited e-mails
It’s no secret that the past year has been a huge challenge for cybersecurity experts. Countless data breaches, ransomware attacks and advanced persistent threats made headlines, with 103 security incidents* recorded in November alone.
While many analysts focused on innovative malware, though, one of the most prevalent, and most underestimated, threats was often neglected. Spam, as old as the Internet itself, has become so ubiquitous that many companies no longer even consider it a threat. That’s why it is so efficient.
Empowered by the global health crisis (to the point where governmental agencies started issuing warnings about it**) spam is now at the top of its game. The Enisa estimated that, in the 2019-2020, 42% of CISOs dealt with at least one incident caused by spam*** and that 13% of data breaches were a consequence of spam.
And that’s the issue with modern spam. It’s not just “spam” anymore – an unsolicited, yet mostly harmless e-mail message. Most of the time, it’s a vehicle for more complex and targeted attacks, such as social engineering and payment fraud. Spammers have learnt to obfuscate malicious links and evade detection algorithms, and our reliance on e-mail only helps them perfect their method.
This is why all security actors must take the phenomenon seriously. A proficient Antispam engine shouldn’t stop at blocking known e-mail threats. It should go beyond the classic definition of spam and excel in key areas such as reaction speed, scan complexity, privacy protection, and domain reputation management.
Choosing your Antispam Technology
1. Reaction speed
Spam must be stopped quickly: each minute of delay can expose hundreds of users. That’s why, when choosing your Antispam engine, you should keep an eye out for performance. How fast and how often are updates performed? Is the platform cloud-based? How large is its footprint?
However, detecting a threat is not enough. You must check if your email security technology has an excellent record in handling potential false positives and false negatives. You should also make sure the scan engine is not language-dependent.
Last but not least, the fastest way to stop malicious spam is to make sure it never gets read in the first place. That’s why Bitdefender implemented proactive detection technology that can tag most spam messages before they reach users.
2. Scan complexity
Scan complexity refers to both the number of tools used by Antispam technologies, as well as the depth of their abilities. This is an important area, as many engines seem to stop at scanning IPs, domains and malicious attachments.
While these methods are important, they should be complemented by other Antispam filters, such as spam image detection. Our technology can easily extract metadata from attachments, detecting not just if the image is malicious or inappropriate, but also if it contains potentially harmful text.
Phone number filters with deobfuscation mechanisms are also excellent at protecting against frauds and scams, as many threat actors use such ”less digital” technologies to avoid detection. Additionally, modern Antispam kits should also be able to tackle more obscure threats, such as cryptocurrency extortion scams or business e-mail compromise (BEC).
It is a constant concern to anyone who looks to integrate Antispam technologies into their offer. The reason is simple: e-mail often carries sensitive information that enterprises might not want to disclose to third parties. Sometimes, it may not even be legal to do so.
That’s why an Antispam engine should be able to analyze only specific e-mail content and elements, as well as work with hashes and anonymized information. In Bitdefender’s case, a combination of machine learning, advanced filters and hundreds of heuristics work together to classify email messages and identify the malicious ones while focusing at the same time on the privacy aspect.
E-mail fingerprinting can also be used in detecting various types of spam campaigns, based on their text content. In our case, the patented fingerprinting technologies are designed to not just identify elusive spam, but also to avoid poisoning. This happens when spammers get ”creative” and personalize their e-mails by adding extra text or elements. This lets them avoid detection if the Antispam engine only checks for basic signatures.
4. Domain reputation management
It’s one of the core components of the Antispam technology. This is because all spammers and cyber attackers have malicious URLs and domains in their arsenal. They’re easy to hide, can be instantly accessed, and can lead anywhere, from adware-ridden websites to fake payment pages. That’s why domain detection and URL blocking should go beyond known lists and proactively identify malicious domains and their characteristics, allowing zero-day spam detection.
In a similar fashion, e-mail address blacklisting is also a basic feature of most modules, and it should be updated in real time. You must make sure your technology provider can cover not just “classical spam” but also more advanced techniques, such as fake sales, spear phishing, employment and loan spam.
5. Outbreak spam detection
Exploiting trending events globally is an attractive attack method for hackers to spread spam. A solid Antispam technology should be able to detect these spam campaigns as they break out, which requires dedicated continuous research resources to keep track of threat actors’ activity.
The Bitdefender Antispam SDK
With 25 consecutive VBSpam+ awards and a detection rate of over 99.9% with no false positives, Bitdefender’s Antispam technology is the perfect choice to augment the capabilities of your email security solution. Our cloud-based engine guarantees fast response and our patented detection methods will stop spam before it can do any damage.
To learn more about the capabilities of Bitdefender’s Antispam engine, Download our Antispam SDK (Software Development Kit) technical brief and discover the features behind our best-in-class technology!