A state-of-the-art email security service is generally reliable to filter out infected messages before entering the company network. Yet, even the best solutions can’t in good conscience guarantee one-hundred percent protection. That’s because new viruses or malware variants’ signatures are still unknown when they first appear. Complementing email security with additional post-delivery protection is quickly becoming indispensable. With its innovative, internationally patented Patient Zero Detection® (PZD) service, for instance, Retarus adds a layer of security by additionally identifying threats in emails that have already been delivered.
Detection even after delivery, thanks to each email’s unique fingerprint
To achieve this, a digital fingerprint is generated for each inbound email, and stored in the cloud-based Retarus E-Mail Security system. As soon as a virus scanner or phishing database later discovers malware, be it in an attachment or hidden behind a URL, Retarus compares the corresponding fingerprint with all those already stored in the database. If a match is found, all previous recipients of identical emails are immediately alerted.
Retarus Analysis: Patient Zero Detection often called into action after only a few seconds
A recent analysis carried out by the security experts at Retarus has revealed that this happens more often and much faster than commonly assumed. For the analysis, the data of a Retarus customer was anonymized as an example and examined very closely over a month timeframe. The analysis revealed that at times, Patient Zero Detection was called into action as quickly as three seconds after the message had originally been received. This remarkably short time span is best appreciated in light of the huge number of virus variants which are constantly being generated. Around the world, a staggering 390,000 new instances of malware are recorded each day. Statistically, that amounts to 270 new virus signatures per minute on average. Retarus continually retrieves new malware signatures from data sources drawn from numerous leading providers in order to always stay most up-to-date and equipped to combat new risks.
Yet even if it is not always a matter of seconds, the analysis shows that in the majority of PZD cases, an alert is issued within a short timeframe on the same workday – largely due to the above-mentioned access to several virus scanners and phishing databases in parallel.
One match per mailbox each month
How often the filter is actually triggered for each individual mailbox depends – as is often the case with cybersecurity – on various factors. In which industry is the company active? To which department does the email account belong or how exposed is the corresponding email address? With respect to the company examined for the Retarus analysis, it emerged that in purely statistical terms, each employee (i.e., each mailbox) received one PZD alert per month. A substantial number, considering the abundance of “classic” filtering measures to which the emails had already been subjected. A clear indicator that protection can indeed be enhanced. At the end of the day, the messages identified by PZD concealed extremely dangerous malware which, despite sophisticated advanced threat protection mechanisms, would have otherwise remained undetected or even spread further within the organization. Potentially catastrophic enterprise-wide infection was averted.
Automated deletion of suspect emails – with PZD Real-Time Response
With the help of Patient Zero Detection® Real-Time Response, customers not only receive alerts but are also able to react to findings with rule-based processes. For instance, potentially harmful emails can automatically be moved to another folder or deleted directly. This works in partnership with a special tool developed by Retarus which enables action to be taken directly within the company’s email system – automatically and instantaneously. Retarus makes this tool available via myEAS, the central Retarus administration portal. For existing customers, it’s well worth taking a look at the “download” section for new or updated versions. The latest, optimized release is always available there for download at no additional cost.