The project delivery team's test suite identified a bug with the Trend Micro product that allowed for email containing an EICAR test virus to be delivered without being cleaned. 21 advanced persistent threats (cleaned threat and delivered with additional email header tag).42 pattern-based malware (cleaned malware and delivered with additional email header tag).16 potential business email compromise attempts (delivered with additional email header tag).5,381 failed domain-based authentication (delivered with additional email header tag).3,307 potential spam (delivered with additional email header tag).9,025 bulk newsletters/graymail (delivered with additional email header tag).Out of these 76,631 messages (67.8%) were blocked and 36,403 messages (32.2%) were delivered: In the period of 19th July 2018 10am to 30th July 2018 10am, the system scanned 113,034 email messages for 518 email addresses. The solution has been operational for 11 days without any known service interruptions. Both issues were rectified promptly and in spite of the failed initial deployment, this deployment failure allowed us to confirm the roll-back plan working and also gain confidence in other areas, like for example OxMail continuing to route emails for a managed domain where the MX record pointed elsewhere. The Hosted Email Security product was successfully implemented on Thursday, 19th July 2018 around 10am, following a failed initial deployment due to a configuration error that was not picked up due to an error in our testing protocol. The configuration of these features was carefully tested and refined within the Information Security Team before considering a wider pilot within the IT Services department.
The new solution offers some additional features including the identification of phishing, emails with malicious web links (web reputation), business email compromise, sender fraud protection, and social engineering attack protection. The Information Security Team has been testing the Hosted Email Security product in May and June to develop an initial policy configuration matching the existing IT Services Email Content Scanning Service including the blocking of emails with high risk attachments. Policy Development and Pilot within InfoSec and IT Services There may be some minor changes required by IT support staff when the solution is implemented for their college or department, but we would like to emphasise this being envisioned to be transparent for all our students and colleagues. It is important to highlight that the addition of these two products is an infrastructure change that does not require our members to take any action. Overall, the University benefits from the addition of an additional vendor's malware and threat detection engine for external and internal email messages. Furthermore, we will be able to better protect our cloud hosted Nexus365 system using the Cloud Application Security product. The advantage of the proposed solution is that we are able to scan and filter the vast majority of unwanted messages using Hosted Email Security before the messages hit the existing email servers. The following schematic drawing illustrates how the two new products interfaces with the University's existing email infrastructure: The Trend Micro solution offers the University the ability to add additional protection in two locations: at the gateway level by implementing Trend Micro Hosted Email Security (HES) as mail relays, and within Nexus365 using Trend Micro Cloud Application Security (CAS). The Trend Micro products were selected following a highly competitive tender process with representation of experts in security, email, and networking. This article gives an overview of the upcoming architectural changes to the University's email system, some insights in the on-going pilot at IT Services, and a brief overview of the next steps. These will provide greater protection against email-borne threats and malware for students and colleagues across the collegiate-University, and minimise the likelihood of related information security incidents. The University procured as part of the Email Security workstream of the Nexus365 project two email security products from Trend Micro: Hosted Email Security and Cloud Application Security.
0 kommentar(er)
