Our mission is making INBOX.CLEAN™ a reality: stop phishing attacks — the root cause of 95% of breaches — before they reach users. Get the only solution that preemptively stops Business Email Compromise, malware, ransomware and other advanced threats by discovering and eliminating them before they cause damage.
Email Security has certainly come a long way. With cloud messaging now the standard versus the legacy on premise approach (Lotus Notes anyone?) the strategy of securing these clouds has also experienced a revolution.
Area 1’s cloud-native SaaS solution supports three key use cases: preemptive anti-phishing across all threat vectors (email, web, social, network); cloud email security / SEG replacement; and phishing security automation for SOC teams.
Area 1 is a Microsoft Certified Partner and a Google Cloud Security Technology Partner of the Year. We also integrate with a number of SIEM, SOAR, SEG and firewall technology providers to fit your unique infrastructure. Learn More
FIND A CHANNEL PARTNER
Work with trusted cybersecurity experts across the globe to secure your business. Learn about our partnerships with Legato Security, Optiv, SADA Systems, SYNNEX and others. Channel Partners Become A Channel Partner
If you couldn’t make the live event (now available on-demand here), here’s a taste of the freewheeling panel discussion, featuring Phil Syme, Co-Founder and Chief Technology Officer of Area 1 Security, and Kevin Wilson, Senior Product Manager at Area 1 Security and former CISO at GUESS?.
The History of Traditional Security Model
The traditional, legacy security models based on perimeter security are ineffective given modern work practices and threats. Traditional models focus on preventing external threats from entering but then assume an internal trusted network.
The benefit of the traditional model is that it’s simple. There is one place to focus your efforts — securing the perimeter. In that respect, it’s an efficient model with economies-of-scale advantages. But, with the risks inherent to it, it’s not a comprehensive model. The traditional model leads to inherent risks in the inability to prevent and protect from insider threats, compromised accounts, and easy lateral movement after an initial breach.
“The biggest thing the traditional model misses is just human nature,” adds Phil. “Practicing good security is difficult and time-consuming. If you know you are within a secure perimeter, it’s easy to get a little lackadaisical about security practices. This is probably the biggest miss.” Unfortunately, attackers and malicious insiders take advantage of these security gaps, resulting in data breaches, unauthorized access and a host of other security issues.
The end of the perimeter, brought on largely by widely-accessible cloud services, and the modernization of communication lead to tension within any security practice. From a business perspective, you want wide-open access to anyone at any time to make business processes as smooth as possible. Then there is the conflicting need to secure everyone and every system as much as possible. With any security solution, it’s about finding the right balance between these two things.
The Zero Trust Model
That’s where the Zero Trust model comes in. The concept of Zero Trust is no inherent trust inside or outside the perimeter — no trusted network, no internal network edge. The Zero Trust Model focuses on authentication, authorization, and reducing implicit trust zones. It focuses on the who, rather than what.
It relies on three pillars :
Apply the least privilege, and
With the Zero Trust model, “you tend to get better detection of malicious types of issues than you would with a traditional model [that] focuses heavily on the edge and not so much on the internal,” Kevin states.
In fact, the benefits of a Zero Trust Model includes better detection of:
Compromised user credentials,
Remote exploitation and insider threats, and
Compromised supply chain.
These security issues often appear within the “trusted network” that gets overlooked in the traditional security model.
But the million-dollar question is — is Zero Trust attainable?
Practical Advice to Attaining and Applying Zero Trust
The team gets right down to business to address the major question on everyone’s mind: how do we attain Zero Trust?
The key is to focus on the very foundation and basics of the Zero Trust Model.
Authentication and identity. The goal is to validate that the user is who they say they are. In addition to credentials, focus on implementing multi-factor authentication. Mapping out a social graph of who your organization communicates with helps with detecting compromised identities.
Apply least privilege for all access. Focus on who needs what. Limit privileges to only what’s needed for an individual to succeed in their given role instead of giving broad access.
Network segmentation and micro-segmentation. Keep in mind that there are two aspects to segmentation — a physical and a logical aspect — and ensure you apply both. The physical aspect are things like router rules that physically segment a network. The logical part is figuring out the security perimeter for a particular IT system and applying appropriate access rules for every component of the system.
Monitoring and inspection. Effective monitoring and inspection may need to be achieved in phases. Time and tuning are required to balance verbose monitoring against potential missed alerts.
Extending Zero Trust to Email
Removing perimeters means re-evaluating where risk really lies in an organization. Take email, for example.
Email is the #1 way organizations communicate, and it’s largely a wide-open door. Its scope and depth extends beyond direct employee access decisions and network-centric models. Businesses interact with many partners and suppliers, and established relationships lend itself to implicit trust, which can be exploited. Considering the vast number of individuals email reaches, both internal and external, the question is no longer about the network but about whether you can trust who you’re communicating with.
Area 1 Security extends Zero Trust to email by removing implicit trust. Area 1 Security verifies all communications as it is happening, validates access beyond just the sender, detects compromises, and applies controls around compromised communications. In short, Area 1 Security applies the foundations of Zero Trust mentioned above to email to reduce the largest source of risk to an organization.
Want to know more? Watch the full webinar and get more tips on:
How your partner social graph results in increased risk surface area;
Why email security plays a critical role in establishing a Zero Trust architecture that can be extended to your business partners and suppliers; and
How to leverage email security to prevent targeted cyber attacks.
Cofounder and CTO at Area 1
Phil Syme has 22 years of information technology experience. His areas of expertise include system architecture, data processing at scale, and cloud technologies. Phil was previously a Chief Engineer at Next Century Corporation, co-founder and Principal Engineer at eSymmetrix, and co-authored two introductory programming books. He holds a B.S. in Mathematics and Computer Science from Carnegie Mellon University School of Computer Science.
Senior Product Manager at Area 1
Kevin Wilson is a Sr. Product Manager at Area 1 Security. Throughout his 14 years in Cyber Security, Kevin has been an Analyst and Engineer in various organizations such as the U.S Navy, First Data, and Lowe’s. Previously he served as the Global Information Security Officer at Guess? Inc as well as a Product Manager for McAfee.
Business Email Compromise (BEC), also sometimes referred to as email account compromise (EAC) or vendor email compromise (VEC), is a type of phishing attack that takes advantage of an existing relationship between a victim and organization.
https://www.area1security.com/wp-content/uploads/2022/04/BlogEmailBanner_BECAttackType_2022APR14.png13072500Elaine Dzubahttps://www.area1security.com/wp-content/uploads/2022/04/Cloudflare-A1S-Logo-1-1.pngElaine Dzuba2022-04-18 10:07:242022-04-28 08:48:24Understanding the Four Business Email Compromise Attack Types
Dear America’s sports-loving, company-securing fans: Before you find yourself glued this weekend to (what some call) THE biggest game in college basketball history, we are here to crown the 2022 March Hackness winner!
https://www.area1security.com/wp-content/uploads/2022/03/Champion-Banner_2.png10002500Elaine Dzubahttps://www.area1security.com/wp-content/uploads/2022/04/Cloudflare-A1S-Logo-1-1.pngElaine Dzuba2022-03-31 06:00:292022-04-28 08:49:23Area 1 Security Announces the Most Spoofed Brand of 2021
Area 1 Security’s Sixth Annual March Hackness: The Perfect Phishing Bracket is here! Learn who made the list of the top brands that attackers use in phishing lures.
https://www.area1security.com/wp-content/uploads/2022/03/SocialBanner_Blog_MarchHackness2021_2500x1000-Copy-2.jpg10002500Elaine Dzubahttps://www.area1security.com/wp-content/uploads/2022/04/Cloudflare-A1S-Logo-1-1.pngElaine Dzuba2022-03-26 20:45:192022-04-28 08:51:272022 March Hackness: The Return of the Phishing Bracket