How Legacy Email Security Solutions Leave Your Clients Vulnerable To Threats You’ve Already Seen
A user just reported receiving a phishing email to your helpdesk.
How do you respond?
Email security companies don’t like to talk about the fact some emails will slip through their net, but no solution is 100% accurate. If one was, every organization would be using it.
So what happens when something evades detection? How can you as an MSP respond?
The answer to this question is going to be similar regardless of what email security solution you currently use. Either the end-user reports the missed detection directly to the vendor (via a plugin), or you walk them through the clunky process of forwarding an email as an attachment to you, and you then forward to the vendor. The vendor then analyzes the submission and fingerprints it - blocking that threat and potentially similar threats across their entire service. A pretty straightforward process until you realize how long it takes for that submission to be fingerprinted. (see graphic below)
It can take days for an email security vendor to fingerprint an email you submitted
On average, it takes 17 minutes from a user receiving a phishing email to the email security vendor receiving notice of the missed detection. This is significantly shorter in solutions where a user can report directly to the vendor via a plugin from their mail client. The problem is what happens post-submission.
A vendor cannot fully automate the fingerprinting process because of the risk of false positives. “Spam” can be subjective - the same email can be received very differently depending on the recipient. If a vendor automatically blocked email from every sending organization from which a user reported an email as spam, there’s a really high chance they’ll block wanted, legitimate email too. For this reason, some human input is required to oversee the process and in many cases, this results in a period of at least 48 hours before a new threat is successfully fingerprinted and blocked.
This leaves the rest of your users vulnerable to the same attack
Traditionally, phishing emails that are sent to thousands of recipients are generic and have a really low % success rate. But today, advanced cybercriminals are leveraging AI in their campaigns. This means more sophisticated and targeted attacks can be sent en masse, significantly increasing the chances of multiple users across multiple client sites in your tenancy receiving a variation of the same campaign.
In short, by the time the vendor has updated their filters, this phishing campaign may have already been delivered to several of your users, and unless they all report it, you won’t even know. For the less vigilant users across your client base, this can have disastrous consequences.
So what can you do?
Because legacy email security solutions lack cross-tenancy visibility and control, it will take your engineers several hours or even days trawling through email logs and creating block rules client by client. This clearly isn’t practical and forces MSPs to rely on slow to react vendors.
Other types of security solutions like endpoint focus heavily on incident response, yet it was completely lacking in the email security space before Mesh.
This is because email security solutions - (both gateways and API-based solutions) have been around for a long time, with most predating managed services. They were built to be used directly by end-customers. Although most providers have retrofitted reseller portals, they are exactly that - a reseller portal for provisioning and accessing clients, with little or no cross-tenancy capabilities.
Conclusion: For MSPs focused on cybersecurity, the ability to respond cross-tenancy is imperative
Now more than ever, speed of response is absolutely critical for MSPs focused on delivering cybersecurity solutions to their clients. Legacy email security solutions severely inhibit managed service providers ability to respond.
Mesh is the only email security platform exclusively built for MSPs, empowering them to respond to new threats across their entire client base in real-time.
For more information on how Mesh provides MSPs with the ability to manage all clients centrally, from a single pane of glass with unique cross-tenancy capabilities, request a free demo or trial today.