At Least 4 New Reasons Every Day To Check Your Email Security Stack

Posted on 2023-01-03 by Isabelle Quinn

At InQuest, we’re obsessed with finding malware, exploits, zero-days, phishing lures, ransomware, data loss violations and more - cleverly hidden within the everyday files your end-users interact with. And, of course, it is a well-worn maxim that 94% of all malware is delivered via email. So, while we regularly examine files traversing customer email, web connections, and network traffic - email remains the big dog. In this blog, we’d like to tell you how you can test your current email security stack - no matter what you have in place - against emerging malware being surfaced by industry-leading researchers. Best of all, it’s fast, easy, and 100% transparent to your business. Those points make it a fairly unique approach relative to other email security checkers out there. Read on to learn more.

Let’s start with The Trystero Project. If you’re not familiar with it, Trystero is an open project where - each day - InQuest Labs checks the security efficacy of the two largest mail providers, Google and Microsoft (as well as InQuest FDR Email Security SaaS) against real-world, emerging malware. The results are available for anyone to see.

The way it works is actually quite simple. InQuest Labs scours the net for malware samples 24/7/365. We'll typically consider approximately one million files (1M) daily. That is far too much data for any company to process on its own - in hopes of identifying the ‘needles in the haystack’ that matter the most. So, InQuest Labs subjects these samples to four security instances - Google Workspace (GMail/GSuite)), Microsoft Outlook, Microsoft O365 with E5 protection, and Microsoft O365 with E5 protection and Advanced Phishing Protection enabled. If a sample can evade all four security measures, it becomes part of a ‘daily harvest’. The result? We're left with somewhere between zero and a couple of dozen samples per day that could be ruinous. While results vary over time, the best still incurs an average of four bypasses per day (hence the title of our blog).

In addition to Trystero, we harvest samples referenced from the dozens of industry blogs published daily. There's so much great research out there, but how do you know which ones to focus your team’s limited time and attention on? A good place to start is with the blogs referencing samples capable of reaching your users.

InQuest leverages these two data sources to fuel an Email Attack Simulator (EAS) that you can use to validate the efficacy of your email security stack. You may have one or more of the above email security solutions in place. In fact, it’s entirely likely that you at least have one or more of Google’s or Microsoft’s email security tools, given that 39% of all email domains are either Google or Microsoft representing 1.9 billion users. Many of you likely have a 3rd party line of defense as well - in the form of a secure email gateway (SEG), an API-based email security solution, or both. That’s great. But, the question remains - how good is your specific security stack against the latest, stealthiest, and potentially damaging threats?

Here’s how to find out. Head to this landing page, fill out the form, and we’ll set you up to check your stack for 30 days, no charge. No trickery. No credit card required. No product install. All you’ll need to do is set up one new email inbox and one forwarding rule. Then, on a daily basis, we’ll do two things. We’ll send the curated daily harvest of malware via emails to that inbox. If any email arrives, it proves your stack missed it. A note will be forwarded back to us, where we’ll then provide a personalized report telling you exactly what malware is capable of evading your security stack. We'll even let you know which AV/EDR solutions are best suited to cover the gap in your transport security.

That’s it. We’re not here to expose other vendors. In fact, short of purchasing their products and testing them in a lab on an ongoing basis, we could only speculate. You are just checking your own stack - risk free. The malware will never be opened. No real user needs to lift a finger. Your IT folks can set this up in five minutes.

From here you have three options. At the end of 30 days, decide you are content with your security stack and do nothing, decide to purchase an annual subscription to our Email Attack Simulation as a Service, or talk to us about an additional layer of email security that we believe will be well worth the incremental investment.

You have absolutely nothing to lose, and you will certainly gain some valuable insights!

Email