Phishing remains one of the most common cyberattacks, used to steal personal data or gain access to business networks. These deceptive emails trick recipients into clicking malicious links or opening attachments carrying malware or ransomware. In the case of business email compromise (BEC), attackers impersonate trusted colleagues or vendors to prompt recipients into taking immediate action.
As businesses move faster and remote work becomes more widespread, cybercriminals often have the advantage, creating increasingly sophisticated schemes. Overburdened SOC teams face the challenge of juggling multiple security vendors, managing countless logins and interfaces, and keeping up with ever-growing compliance demands. Despite these efforts, email threats continue to slip through inbox defenses.
According to the latest Quarterly Threat Trends & Intelligence report, over 95% of email-based threats in Q2 2022 involved credential theft and response-driven attacks. Why? Traditional on-premises Secure Email Gateways (SEGs) were built to stop spam and malware by analyzing email content or payloads. Most SEGs still rely on detecting “bad” content—malware, suspicious keywords, or high-volume attacks from a single IP—leaving organizations exposed to the evolving sophistication of modern threats.
Now That We Know the How, What About the Why?
Why do phishing emails and social engineering attacks continue to succeed?
First, many organizations’ email content inspection is too shallow. Focusing only on the subject line or “From” field — without examining message bodies, attachments, images, and other elements — leaves openings for malicious emails to slip through. These gaps are often exploited by insiders and external attackers alike.
Second, cybercriminals innovate faster than the email security industry can adapt. Modern social engineering and account takeover tactics are designed to trick employees into taking action, often leveraging identity-based threats like executive or brand impersonation. Traditional security controls, which aren’t designed to detect these nuanced threats, frequently fail.
Finally, compliance challenges compound the risk. SOC teams often struggle with inflexible policies that lack granularity, making it difficult to distinguish legitimate communications from threats. This inability not only disrupts business communication but also increases the risk of non-compliance.
Fortra Is Your Email Security Ally
Through a layered approach, Fortra fills major gaps in email platform security by protecting users from external threats and safeguarding your sensitive data from being leaked both inside and outside your organization. By integrating with your existing infrastructure–whether in the cloud, on-prem, or in hybrid environments–it can improve your SOC team’s effectiveness and efficiency. But how?
Our Deep Content Inspection engine protects your inbox from advanced email cyberattacks and prevents against outbound data loss through deep inspection capabilities. During the pre-delivery phase, our Secure Email Gateway inspects incoming emails and identifies spam, malware, and ransomware that can be intentionally buried in emails or attachments in phishing campaigns and prevents them from reaching user inboxes. Then, through the sanitization of suspected or confirmed malicious messages and removal of threatening elements, like HTML script from the message header, subject, body, and various custom file formats using binary signatures, the Secure Email Gateway removes embedded Advanced Persistent Threats without disruption to inbound messages.
Additionally, it scans for and sanitizes inappropriate images (i.e. anti-steganography) in a safe Sandboxing environment. It can also remove attachments based on the message’s classification as identified by policies, and perform real-time URL lookup, resulting in either the removal of or blocking of the links, or rewriting URLs through easily integrated 3rd-party solutions. But it can also help on the OTHER end by blocking sensitive data from leaving your organization or being shared among employees to avert data loss and/or compliance failures through Optical Character Recognition, redaction capabilities, and adaptive data loss prevention mechanisms. This way, compliance managers have real-time visibility and remediation controls to meet requirements and make sure that policies are being enforced.
When it comes to more complex identity-based threats, this is where our Identity Threat Detection comes into play. Fortra's Email Security features can combat the upward trend of deception through predictive artificial intelligence—Identity Graph—which leverages machine learning to stop socially engineered attacks.
This approach allows us to deploy a predictive defense system that recognizes identity deception techniques, such as spear phishing, targeted email attacks and others, at massive scale and speed. It's an approach that gets smarter every day by leveraging an increasingly vast data set to give customers a level of protection against identity deception they can't get anywhere else. It does this by studying sender-receiver behavior, mapping identities, and authenticating everyone employees communicate with inside and outside of the organization. It then takes all this data and models relationships and patterns that represent known “good” behaviors and compares the hundreds of message characteristics against multiple behavioral models that determine its trust score (by changing variance or deviation from the expected behavior considered to be “trusted”).
Finally, our Global Inbox Threat Intelligence gathers and sources intel from reported emails from your employee base—the first line of defense for email threats—and across our global client base to curate a unique set of intel that feeds directly into your security architecture. With phishing campaigns and other advanced social engineering threats constantly evolving and being delivered in a myriad ways, you need a comprehensive, central source of intelligence to serve as a foundation for your overall security that supports the continuous improvement of your email security suite.
Fortra’s research analyst team scopes out any indicators of compromise and evidence of any mule accounts and crowdsources threats for known malicious indicators like file hashes, email addresses, and URLs into a SINGLE intel feed. By gathering threats from user-reported emails within your organization, as well as from our entire user base and other Fortra solutions like Fortra Brand Protection's Credential Theft service, Social Media Protection, Domain Monitoring and global BEC feeds, we extract all of the threat indicators and feed them back into the SEG to strengthen your security architecture against the latest relevant threats. Then the indicators are utilized to detect and proactively remove, or claw-back, threats attacking multiple inboxes and suspend O365 lures, BEC, ransomware, malicious attachments, lookalike domains, and more.
These threats are automatically fed into our URL Detection Feed, which identifies malicious indicators such as URLs, domains, and email addresses. Our continuous detection and response capabilities expand the collection of malicious indicators over time, strengthening threat identification and mitigation. Alerts are delivered directly to users, automated actions are applied, and policies are enforced in real time to stop attacks before they spread.
In the ongoing battle to protect enterprise inboxes, Fortra Email Security is your trusted ally, defending against advanced email threats, social engineering attacks, and more.