ESG's Dave Gruber talks with Kenneth Liao of Abnormal Security about email security. This is part 1 of a 2-part series.
Watch the related ESG video(s):
Dave: Hi, I'm Dave Gruber. Thank you for joining us today in ESG Studios for our continuing video series on email security. I'm joined today by Ken Liao, VP of Cybersecurity Strategy for Abnormal Security. Welcome, Ken.
Ken: Thanks for having me.
Dave: Abnormal Security has focused on helping companies address some of the tougher, new challenges related to email, including business email compromise, credential theft, account takeovers, and internal email attacks as well. Let's chat a little bit about those types of threats—why they're more challenging to protect against and how attackers are leveraging those.
Ken: Yeah, I'll start with what email security is doing well today. And so we've done a really good job of developing tools that can identify malicious attachments, so malware coming through, or identify large campaigns very much like email marketers. A lot of these attackers are sending high volumes of messages and we're doing a good job of beginning to link those together and stop those type of attacks.
The types of attacks that are becoming problematic, which you mentioned, are things like business email compromise, which are very difficult to detect because they come in very low volumes because the attackers are doing the research to identify specific targets and then crafting very customized, personalized messages for those specific users, and they really come across as legitimate business requests just often with malicious pretext and malicious requests behind them.
And so they're very, very difficult to detect because they lack any of the traditional threat indicators that email security tends to use.
Dave: Yeah, interesting. You know, as we think about other security controls in the infrastructure, we often associate them with digital security, right? So we're always looking for specific digital indicators that help identify when different threats are happening, but there's a human element to this one which makes these type of attacks a little bit different than the traditional security controls.
I've even talked to security professionals who will talk to me about the stupid user who didn't realize what they were doing and then caused some serious damage to the organization. Talk to me about the human element of all this for a minute.
Ken: When you step back and you look at business email compromise, even though people think of it as an email problem, the reality is it's a social engineering problem. As I mentioned, the attackers are able to really understand what the role of a specific user is, who they're talking to, who are they normally communicating to, and so the impersonation then comes from one of those areas where that person is legitimately just trying to do their job.
And so all of those elements really add up to a social engineering problem versus a traditional...what you would think of as an email problem.
Dave: Yeah, that's interesting. And then the other dynamic here is that most organizations either have or are planning to move to a cloud-delivered email solution. And that adds some new challenges in the environment as well. Can you talk about how cloud factors into this?
Ken: Yeah. Well, if you think about email gateways, they were developed back in the day when all of the email servers were on-premises. So, you know, Microsoft Exchange was on-premise. Lotus Notes back in the day also on-premises. Now, as you move those into cloud-delivered email platforms like Microsoft Office 365, all of those gateway security functions now come bundled as part of that platform.
Now, you can make an argument with that, that's not as good as having a best-of-breed email security gateway, but the problem is now you've got a large functional overlap. They all do connection filtering. They all do content filtering. And so really the modern approach to doing this in a cloud-delivered platform is finding things that are going to complement the existing capabilities that come natively with those email platforms rather than trying to replace that you're paying for them already.
Dave: Yeah, interesting. Interesting. So I'd like to hear some specifics about how abnormal security is addressing these types of issues, how it works together with the cloud-delivered email type solutions. Would you mind hanging around a little bit and joining us for a second part of this episode?
Ken: I would love to.
Dave: Yeah, awesome. Thank you.