BAS 101: What is Email Gateway Attack Simulation?

By Mike Talon

A site visitor asked “What is an email gateway attack simulation? How is that different from phishing testing?” Both good questions, let’s have a look:

Email Gateway Attack Simulation 101

Email gateways are software and/or appliances that sit between inbound email and your users’ mailboxes. These systems evaluate each inbound email (and often outbound email) that is processed by your company’s email systems.  Evaluations can include looking for phishing-like language, checking any links to ensure they do not lead to malicious websites or known credential-stealing sites, scanning attachments to detect any malware, and checking email headers and other metadata to detect spoofing (attempts to make a fraudulent email appear that it was sent by a legitimate source).

Advanced email gateways can even create sandbox virtual machines, and open and run any executable code (like applications and scripts) in attachments to make sure they don’t do anything that could harm the organization if a user were to open them on their laptops.

The issues that can arise from these email gateway systems can be complex. Anything from a settings misconfiguration to a failure to update itself with the latest detection algorithms, can cause the filtration system to miss critical threats in email, allowing them to land in user mailboxes without warning. More advanced gateways have even more moving parts, each of which may have dozens of individual settings that have to be properly configured for the platform to be effective.

Email gateway attack simulations attempt to sneak malicious-looking emails past the filters and directly into user mailboxes. Links to sites that are declared malicious can be put into the body of an email with lots of legitimate text. Applications and scripts can be bundled into attachments, while phishing language and tactics can be crafted within messages. 

While these simulated threats do not pose an actual danger to your organization, they so closely mimic actual threat activity and malware signatures/behaviors that the filter should - if updated and properly configured - see them as threats and stop the email from being delivered to a user mailbox.  

 

Cymulate Email Gateway Vector and Prevention of Attacks

Cymulate uses a designated test email account you set up, as to not interfere with work. If any of the threat simulation emails actually make it to that mailbox a simple mail-forwarding rule sends it to Cymulate’s analytics servers, and that simulation is considered to have “landed” the attack. 

Even if a user logs into that account and tries to open an attachment, the worst that will happen is a message box popping up or the Calculator application opening; but the filter should not have let the email make it to that mailbox in the first place, so there is a problem that must be addressed.

 The remediation solution for this type of attack is easy to accomplish. The Cymulate platform tells you how the attack works for each individual email scenario and offers remediation suggestions; such as blocking certain file types or tightening filter systems to better recognize threats. Once the corrective actions are taken, the simulation can be re-run to confirm that the problem has been solved and the users are once again safe.

Conversely, phishing awareness simulation involves sending harmless emails that contain malicious-looking attachments or links to fake login sites, etc. to actual users - not to a designated testing mailbox. The aim is not to test the filtering systems, but test if one or more users fall for the trick and interacts with an email that - in other circumstances - would be extremely dangerous.

In short, email gateway attack simulations test the ability of software to keep the users safe, while phishing awareness simulations test the ability of the users to keep themselves safe. 

Both are critical components of keeping your organization secure; both simulation vectors should be used regularly to make sure both your systems and your people are doing their best to avoid dangerous email messages.

Cymulate’s Email Gateway vector helps you to test your corporate email security from the perspective of a hacker. Over 75% of cyberattacks worldwide originate from a malicious email. Cymulate’s Email Gateway simulation vector exposes critical vulnerabilities within the email security framework, a critical asset in the prevention of malicious payloads and other harmful phishing attacks.

Try it for yourself with a 14-day free trial: 

Start a Free Trial

 

Mike Talon

Mike Talon is a Solution Architect living and working in New York City. He’s assisted in disaster recovery and migration, Cloud transformation, and identity and security operations and testing for companies ranging from Mom & Pop retail shops to Fortune 100 global companies. Mike currently works with Cymulate – Breach and Attack Simulation; helping customers find ways to live safely in interesting times.

Subscribe to Our Blog

Stay up to date with the latest cybersecurity news and tips