Advanced Security Test Report: Coro Email and Cloud Security – Email (Protection)

Email security vs. business-focussed attackers

SE LABS tested Coro Email and Cloud Security against a mixture of targeted attacks using well-established techniques and public attacks that were found to be live on the internet at the time of the test.

The results indicate how effectively the service was at detecting and/or protecting against those threats in real time and shortly after the attacks took place.

Loading…

Taking too long?

Reload document

| Open in new tab

Download

Factsheet

Coro Email and Cloud Security

Good security testing is realistic, using the kinds of threats customers see in real life. This is why we put a lot of focus on Business Email Compromise (BEC) scenarios, rather than just more conventional threat types (like generic phishing and malware).

Many organisations focus on blocking spam and detecting malware, but BEC attacks present a different kind of threat. BEC targets the human element of email communication. Attackers craft convincing, fraudulent emails that appear to come from legitimate sources, tricking recipients into transferring money, sharing sensitive information or performing other actions that compromise the organisation.

BEC cases are not about malware detection or basic spam filtering. Instead, they exploit trust and authority. These attacks may bypass traditional security mechanisms because they often don’t contain malicious links or attachments. Instead, they rely on social engineering, making them incredibly dangerous and quite hard to spot by either people or technology.

Coro Email and Cloud Security Protection test results

Testing email security, like that from Coro, without BEC scenarios is to ignore a highly effective and popular method that attackers use every day to infiltrate businesses. It’s essential to ensure that email security solutions are able to recognise these nuanced threats and react accordingly.

Furthermore, adding security to a standard email platform shouldn’t be an afterthought. Many businesses assume that the platforms they use, such as Microsoft 365 or Google Workspace, have robust, built-in defences. While these platforms offer a solid baseline, they are not infallible. Attackers continuously evolve their tactics, exploiting gaps in standard security settings.

Comprehensive email security requires layered defences that integrate seamlessly with these platforms, providing advanced detection capabilities, including AI-driven anomaly detection, BEC filtering, and more.

By enhancing the built-in security of these platforms, organisations can mitigate risks more effectively. Security should be adaptive and proactive, not reactive, ensuring that your organisation stays protected even as threats evolve. Including BEC scenarios in testing is an essential part of validating these systems’ robustness. See our full email testing methodology for more details.