Tag Archive for: DMARC reports

How DMARC Combats Shadow IT Security Risks

Users of information systems in large organizations often have strong reactions to their experience with the system. The need to navigate an IT environment composed of a myriad of point solutions can be frustrating for end users. Consequently, many departments develop and rely on their own point solutions to overcome perceived limitations with a single organization-wide solution. This marked the origin of Shadow IT. A department that has shadow IT resources has more agility in its processes. Also, it avoids the alignment between departments, which is often impossible: which is the main benefit it revolves around. However, Shadow IT poses a colossal collection of security risks and challenges that completely nullifies its one benefit. These security risks can be resolved with DMARC

Let’s learn more about what Shadow IT is and how DMARC helps combat Shadow IT security risks with enhanced visibility.

What is Shadow IT?

Big companies often have large central IT departments to monitor networks, provide support, and manage the services used by the organization. However, it has been observed that a trend of shadow IT has started in recent years as employees often bypass the central authority and purchase their own technology to fulfil work-related goals. In an increasingly mobile world, employees prefer to bring their own devices to work because they already have them, they’re familiar with them, or they aren’t as bogged down by an IT department that requires complicated setups.  As cloud-based consumer applications gain traction, the adoption of shadow IT is increasing. RSA, the security division of EMC, reports that 35 percent of employees circumvent their company’s security policies to get their job done. 

Although it has been estimated that such a considerable population of employees belonging to other departments would use non-compliant methods to do their jobs, companies must keep in mind that uncontrolled use of Shadow IT could lead to losses in productivity and security.

Shadow IT Risks and Challenges for Organizations

According to a recent survey conducted by the Cloud Computing Association, over 30% of business’s run cloud applications that IT doesn’t know about. Many businesses face data breaches and failures due to their use of cloud applications. These cloud applications are typically already in use by employees, but aren’t being monitored by the IT department.

You never know when a non-IT department in your company is using Shadow IT to bypass organizational security, and sending out emails using cloud-based applications and services that are not authorized sending sources for your organization, using your identity. This can pave the way to unfiltered malicious activities, spam, and exchange of fraudulent messages that can potentially harm your company’s reputation and credibility. Shadow IT, as it’s called, can be vulnerable to data breaches and system failures if not monitored properly. This is exactly where DMARC steps in to resolve the shadow IT risks in security by authenticating sending sources even if they are successful in bypassing integrated security gateways to reach your client’s email server.

How Does DMARC Protect Against Risks Imposed by Shadow IT

The principal problem induced by Shadow IT is the lack of visibility on different departmental activities and their communication with external sources like clients and partners via third-party email-exchange services, without the knowledge of the IT department.  This increased and unauthorized usage of cloud-based applications for exchanging information and communication causes a major influx in email fraud, impersonation attacks and BEC. DMARC as the most recommended email authentication protocol in the industry helps organizations stay one step ahead of Shadow IT activities.

  • DMARC Aggregate reports provide visibility on sending sources and the IP addresses behind them, showing the IT department the exact origin of all unauthorized sending sources
  • With DMARC enforcement at your organization, emails originating from illegitimate sources are rejected by receiving MTAs before it lands into your client’s inbox
  • DMARC forensic reports elaborate in great detail, any attempts at domain spoofing, impersonation, BEC and other fraudulent activities
  • This helps put an end to Shadow IT practices by non-IT departments without approval from the IT department
  • This also helps in gaining visibility on all emails being sent to and from your domain by different departments at all times, what they entail, and the status of their authentication

Sign up today with DMARC analyzer and start your email authentication journey to curtail Shadow IT activities at your organization and maintain complete transparency across all departments.

DMARC

/by

So You Just Got to 100% DMARC Enforcement. What Now?

All right, you’ve just gone through the whole process of setting up DMARC for your domain. You published your SPF, DKIM and DMARC records, you analysed all your reports, fixed delivery issues, bumped up your enforcement level from p=none to quarantine and finally to reject. You’re officially 100% DMARC-enforced. Congratulations! Now only your emails reach people’s inboxes. No one’s going to impersonate your brand if you can help it.

So that’s it, right? Your domain’s secured and we can all go home happy, knowing your emails are going to be safe. Right…?

Well, not exactly. DMARC is kind of like exercise and diet: you do it for a while and lose a bunch of weight and get some sick abs, and everything’s going great. But if you stop, all those gains you just made are slowly going to diminish, and the risk of spoofing starts creeping back in. But don’t freak out! Just like with diet and exercise, getting fit (ie. getting to 100% enforcement) is the hardest part. Once you’ve done that, you just need to maintain it on that same level, which is much easier.

Okay, enough with the analogies, let’s get down to business. If you’ve just implemented and enforced DMARC on your domain, what’s the next step? How do you continue keeping your domain and email channels secure?

What to Do After Achieving DMARC Enforcement

The #1 reason that email security doesn’t simply end after you reach 100% enforcement is that attack patterns, phishing scams, and sending sources are always changing. A popular trend in email scams often doesn’t even last longer than a couple of months. Think of the WannaCry ransomware attacks in 2018, or even something as recent as the WHO Coronavirus phishing scams in early 2020. You don’t see much of those in the wild right now, do you?

Cybercriminals are constantly changing their tactics, and malicious sending sources are always changing and multiplying, and there’s not much you can do about it. What you can do is prepare your brand for any possible cyberattack that could come at you. And the way to do that is through DMARC monitoring & visibility .

Even after you’re enforced, you still need to be in total control of your email channels. That means you have to know which IP addresses are sending emails through your domain, where you’re having issues with email delivery or authentication, and identify and respond to any potential spoofing attempt or malicious server carrying a phishing campaign on your behalf. The more you monitor your domain, the better you’ll come to understand it. And consequently, the better you’ll be able to secure your emails, your data and your brand.

Why DMARC Monitoring is So Important

Identifying new mail sources
When you monitor your email channels, you’re not just checking to see if everything’s going okay. You’re also going to be looking for new IPs sending emails from your domain. Your organization might change its partners or third party vendors every so often, which means their IPs might become authorized to send emails on your behalf. Is that new sending source just one of your new vendors, or is it someone trying to impersonate your brand? If you analyse your reports regularly, you’ll have a definite answer to that.

PowerDMARC lets you view your DMARC reports according to every sending source for your domain.

Understanding new trends of domain abuse
As I mentioned earlier, attackers are always finding new ways to impersonate brands and trick people into giving them data and money. But if you only ever look at your DMARC reports once every couple of months, you’re not going to notice any telltale signs of spoofing. Unless you regularly monitor the email traffic in your domain, you won’t notice trends or patterns in suspicious activity, and when you are hit with a spoofing attack, you’ll be just as clueless as the people targeted by the email. And trust me, that’s never a good look for your brand.

Find and blacklist malicious IPs
It’s not enough just to find who exactly is trying to abuse your domain, you need to shut them down ASAP. When you’re aware of your sending sources, it’s much easier to pinpoint an offending IP, and once you’ve found it, you can report that IP to their hosting provider and have them blacklisted. This way, you permanently eliminate that specific threat and avoid a spoofing attack.

With Power Take Down, you find the location of a malicious IP, their history of abuse, and have them taken down.

Control over deliverability
Even if you were careful to bring DMARC up to 100% enforcement without affecting your email delivery rates, it’s important to continuously ensure consistently high deliverability. After all, what’s the use of all that email security if none of the emails are making it to their destination? By monitoring your email reports, you can see which ones passed, failed or didn’t align with DMARC, and discover the source of the problem. Without monitoring, it would be impossible to know if your emails are being delivered, let alone fix the issue.

PowerDMARC gives you the option of viewing reports based on their DMARC status so you can instantly identify which ones didn’t make it through.

 

Our cutting-edge platform offers 24×7 domain monitoring and even gives you a dedicated security response team that can manage a security breach for you. Learn more about PowerDMARC extended support.

DMARC

/by

The Biggest Myth About Security with Office 365

At first glance, Microsoft’s Office 365 suite seems to be pretty…sweet, right? Not only do you get a whole host of productivity apps, cloud storage, and an email service, but you’re also protected from spam with Microsoft’s own email security solutions. No wonder it’s the most widely adopted enterprise email solution available, with a 54% market share and over 155 million active users. You’re probably one of them, too.

But if a cybersecurity company’s writing a blog about Office 365, there’s got to be something more to it, right? Well, yeah. There is. So let’s talk about what exactly the issue is with Office 365’s security options, and why you really need to know about this.

What Microsoft Office 365 Security is Good At

Before we talk about the problems with it, let’s first quickly get this out of the way: Microsoft Office 365 Advanced Threat Protection (what a mouthful) is quite effective at basic email security. It will be able to stop spam emails, malware, and viruses from making their way into you inbox.

This is good enough if you’re only looking for some basic anti-spam protection. But that’s the problem: low-level spam like this usually doesn’t pose the biggest threat. Most email providers offer some form of basic protection by blocking email from suspicious sources. The real threat—the kind that can make your organization lose money, data and brand integrity—are emails carefully engineered so you don’t realize that they’re fake.

This is when you get into serious cybercrime territory.

What Microsoft Office 365 Can’t Protect You From

Microsoft Office 365’s security solution works like an anti-spam filter, using algorithms to determine if an email is similar to other spam or phishing emails. But what happens when you’re hit with a far more sophisticated attack using social engineering, or targeted at a specific employee or group of employees?

These aren’t your run-of-the-mill spam emails sent out to tens of thousands of people at once. Business Email Compromise (BEC) and Vendor Email Compromise (VEC) are examples of how attackers carefully select a target, learn more information about their organization by spying on their emails, and at a strategic point, send a fake invoice or request via email, asking for money to be transferred or data to be shared.

This tactic, broadly known as spear phishing, makes it appear that email is coming from someone within your own organization, or a trusted partner or vendor. Even under careful inspection, these emails can look very realistic and are nearly impossible to detect, even for seasoned cybersecurity experts.

If an attacker pretends to be your boss or the CEO of your organization and sends you an email, it’s unlikely that you’ll check to see if the email looks genuine or not. This is exactly what makes BEC and CEO fraud so dangerous. Office 365 will not be able to protect you against this sort of attack because these are ostensibly coming from a real person, and the algorithms will not consider it to be a spam email.

How Can You Secure Office 365 Against BEC and Spear Phishing?

Domain-based Message Authentication, Reporting & Conformance, or DMARC, is an email security protocol that uses information provided by the domain owner to protect receivers from spoofed email. When you implement DMARC on your organization’s domain, receiving servers will check each and every email coming from your domain against the DNS records you published.

But if Office 365 ATP couldn’t prevent targeted spoofing attacks, how does DMARC do it?

Well, DMARC functions very differently than an anti-spam filter. While spam filters check incoming email entering your inbox, DMARC authenticates outgoing email sent by your organization’s domain. What this means is that if someone is trying to impersonate your organization and send you phishing emails, as long as you’re DMARC-enforced, those emails will be dumped in the spam folder or blocked entirely.

And get this — it also means that if a cybercriminal was using your trusted brand to send phishing emails, even your customers wouldn’t have to deal with them, either. DMARC actually helps protect your business, too.

But there’s more: Office 365 doesn’t actually give your organization any visibility on a phishing attack, it just blocks spam email. But if you want to properly secure your domain, you need to know exactly who or what is trying to impersonate your brand, and take immediate action. DMARC provides this data, including the IP addresses of abusive sending sources, as well as the number of emails they send. PowerDMARC takes this to the next level with advanced DMARC analytics right on your dashboard.

Learn more about what PowerDMARC can do for your brand.

DMARC

/by