Spam filtering, but different!

By Luke Smits - Founder & Operations Manager
spam filtering

The idea of a spam filter is to stop bad emails or content reaching your email users, so they can’t accidently open something bad, or go to a fake website pretending to be a bank for example, where they will then enter their genuine details which can then be captured by the malicious actor.

Traditional spam filtering is done by having a system that filters emails either before or after they get delivered to the user’s mailbox, and then looking at the contents of the email to decide if anything bad is in the content, attachments, or links. If there are certain words, links to known bad websites or content, infected attachments, or known bad content, these get filtered out.

These filters are usually visible to the outside world, so an attacker can see which spam filter you use and design a method of defeating it. Traditional spam filters rely heavily on known, knowns… known bad websites, bad words, known malicious content etc.

P1 Technology now offers an alternative - or should I say an addition - to your traditional spam filters. Using a product call Avanan our spam filter offering not only uses traditional spam filter techniques to filter email, but also behavioural scanning to look at what’s happening in your mailbox and then flag unusual behaviour.

For example, a very common method of attack is for a hacker to gain access to an unsecured mailbox in your organisation. They might get the credentials by guessing them, by stealing them, by hacking another system that contains the credentials.. many possible ways. BUT once they have the credentials they can stalk the mailbox to see what happens without giving away their presence. They can see who you are emailing, who’s emailing you, and then at an opportune time send out a perfectly reasonable sounding email to someone maybe asking them to transfer money to a different account, asking for credit card details, drivers license numbers, and other sensitive material. As this email will come from within the business it might get acted on, and before you know it, you’re in trouble.

Avanan uses AI or artificial intelligence to monitor what’s happening in the mailbox, then flagging any unusual behaviour to the IT admins or user.

Examples:

  • service@ doesn’t normally email accounts@ so why have they been today?
  • Why is tony@ asking for BSB numbers, or credit card details?
  • Why is accounts@ being accessed from overseas?

Not only that, but it monitors your Share Point and One Drive data as well. So if email and data security is high on your list of IT concerns then Avanan could be for you. This is a new way of dealing with malicious threats. So by getting ahead of the curve you can keep yourself protected, rather than being behind the curve and then implementing it once an attack has already happened. I know which one sounds better to me!



Back to News