All reports

09/2024 - 09/2024

Email Security Services (ESS): Enterprise and Small Business 2024

ess

Put your focus on Business Email Compromise (BEC) scenarios

Don’t ignore Business Email Compromise test cases

Good security testing is realistic, using the kinds of threats customers see in real life. This is why we put a lot of focus on Business Email Compromise (BEC) scenarios, rather than just more conventional threat types (like generic phishing and malware).

Put focus on Business Email Compromise (BEC) scenarios

Many organisations focus on blocking spam and detecting malware, but BEC attacks present a different kind of threat. BEC targets the human element of email communication. Attackers craft convincing, fraudulent emails that appear to come from legitimate sources, tricking recipients into transferring money, sharing sensitive information or performing other actions that compromise the organisation. BEC cases are not about malware detection or basic spam filtering. Instead, they exploit trust and authority.

These attacks may bypass traditional security mechanisms because they often don’t contain malicious links or attachments. Instead, they rely on social engineering, making them incredibly dangerous and quite hard to spot by either people or technology.

Loader Loading…
EAD Logo Taking too long?

Reload Reload document
| Open Open in new tab

Download

The cyber security industry refers to this sequence of steps as the ‘attack chain.’ The MITRE organization has documented these stages in its ATT&CK framework. While this framework doesn’t provide an exact blueprint for real-world attacks, it offers a structured guide that testers, security vendors, and customers (like you!) can use to conduct tests and interpret the results.


How we test

SE LABS Ⓡ tested three email security services, one that is commercial, the other open-source. We also tested a commercial email platform. Each service was exposed to the same threats, which were a mixture of targeted attacks using well-established techniques and public attacks that were found to be live on the internet at the time of the test.


The results indicate how effectively the services were at detecting and/or protecting against those threats in real-time and shortly after the attacks took place.

Choose your reports and reviews carefully

We pride ourselves on a level of transparency that elevates our work above the less open reports available. But don’t just take our word for it. Our results help vendors improve their products and buyers choose the best for their own needs.

Contact us

Give us a few details about yourself and describe your inquiry. We will get back to you as soon as possible.

Get in touch

Feel free to reach out to us with any questions or inquiries

info@selabs.uk Connect with us Find us