Insights from an Email Security Expert – Yves Lacombe, Technical Lead at Vircom

In the late ‘90s when PlanetMagpie opened its first datacenter, Vircom was our first email software provider.  We’ve had a long, successful partnership with Vircom ever since, and many of our customers rely on its security solutions.

We spoke with Yves Lacombe, Technical Lead at Vircom, makers of the modusCloud email security platform. He kindly shared his thoughts on email security’s necessity, the threats out there, and where email security may be headed.

Yves, could you tell us a little about Vircom?

Sure! Vircom is headquartered in Montreal, Canada.  We’ve been around since 1995, doing Internet-related work since the Internet became publicly available. We started with a BBS package, moved into ISP products, and eventually built our first email-related software, modusMail and modusGate.

Seven years ago, through a partnership with Proofpoint, we created the modusCloud email filtration product. It provides a stack of automatic protections to every email account.

How has the need for email security changed since the ‘90s?

Email security has gone from a novelty in the early days, to a must-have now. It’s as essential as antivirus or firewalls. Anyone running a mail server without some level of email security is just asking for trouble.

In the past, you had spam…annoying, but harmless. Then email became the biggest vector for viruses and worms. Companies like us blocked those. Then the attacks changed, becoming psychological instead of just technical.

That’s why we see “social engineering attacks” all the time now. Phishing grew as a threat vector. You can’t prevent someone from clicking on a link with software.

Nowadays, email has two major threats to its security.

First, BEC attacks. BEC stands for Business Email Compromise. This is where phishers con people into transferring them money, either by impersonating someone that person knows, or convincing administrative/finance personnel that the transfer is legitimate. Think of the “gift card scam” for example.

The other threat is ransomware. This is where someone downloads a program that encrypts files on their computer, or across a network, and then forces the company to pay a ransom to decrypt the files.

BEC attacks cause serious financial harm. Ransomware causes both infrastructure damage AND serious financial harm.

When it comes to ransomware, it often hits because a company doesn’t have proper internal security measures like these:

• They don’t practice network isolation
• Users have admin access to their desktops
• People with access to too many file shares on the network
• Improper backup regimens, including not practicing restoration from backups to test to make sure the backups are good
• Not keeping offsite backups
• And a few other measures, depending on your company’s organization

Ransomware makes the headlines because of how disruptive it is to business operations. However, BEC is where the majority of money is lost.

How have your products developed since the early days?

If you look at our history, we addressed each new type of threat as they came. For instance, Vircom was one of the first companies to implement image spam detection. Our modusGate platform used OCR techniques to turn Image Spam (text inside of a .gif or .jpg) to actual machine-readable text, and then checked if it was spammy in nature. 

We’ve pretty much kept up with the industry. We partnered with Proofpoint to capitalize on their resources in addition to our own.

Many of PlanetMagpie’s customers use modusCloud for email filtration. What percentage of malicious/spam emails does modusCloud filter out of customer inboxes?

modusCloud filters out 90-95% of spam headed to your company’s inboxes.  

On a macro level, the Proofpoint Essentials software within modusCloud handles the traffic for around 300,000 different companies.

In the first half of 2023, Proofpoint processed around 13 Billion emails. Of these:

1. 5.6 Billion emails were blocked by reputation and classifiers (Spam & Bulk). Basically, common spam and emails from spam sources.
2. 47.9 Million threats were blocked (Malware, Phishing and BEC threats).
3. 7.2 Billion legitimate emails arrived at their destination.

When spam does get through, and a user marks the email as spam using your Spam Reporter, what happens in the background? What do you do with that information?

First, a copy of the email goes to both Vircom & Proofpoint. On the Vircom side, we keep the data for statistical purposes; it helps us see what’s out there.

On the Proofpoint side, it goes directly to their CloudMark team. CloudMark uses the data to adjust spam filtering and improve their training sets. AI machine learning uses those training sets to monitor email flow.

The important thing to note is that everything you report doesn’t necessarily guarantee a catch on the next sample that comes in. It does increase the likelihood of catching future spam.

Machine Learning learns by example. The more samples it gets, the better it does. 

Could you explain (in layman’s terms) how your Email Continuity works?  How does this benefit customers?

Our system keeps every email that comes in (good or bad) for up to 30 days.

If say, email delivery gets interrupted to your primary mail server, we collect the mail here. This is called accumulation, or ‘spooling.’

While the email spools, you can log directly into modusCloud/Proofpoint to send or receive emails. We have a feature called the Emergency Inbox. You can use it like a regular web-based inbox for as long as the interruption continues.

Once your primary mail server’s back online, we deliver all the queued emails to that server. That way the downtime doesn't bring your business to a halt.

What are the challenges you see ahead for email security & filtration? Do we have any risks coming on the horizon?

BEC attacks continue to grow. The FBI’s 2022 Internet Crime Report attributed $2.7 billion out of the $10.9 Billion in financial damage to BEC specifically. That’s more than 25% of all Internet crime last year.

This year, we’ve also seen an increase in QR code attacks. These are QR code links to a malicious page, leading to malware infection or ransomware attack.

The good news is, modusCloud has solutions for new threats like malicious QR codes. Our Advanced Threat Detection helps businesses stay secure from threats like those.

We also recently partnered with Red Sift to improve email authentication. This involves email records proving your users are who they say they are. You may have heard these records referred to as “DMARC.”

The trouble with DMARC is that they’re sometimes complex, or hard to put in place without causing email disruption. Red Sift’s solution helps our customers implement DMARC records easily.

How is modusCloud different than other email security providers? Do you have anything new coming down the pike at Vircom?

modusCloud leverages an industry-leading Advanced Threat Protection through our partnership with Proofpoint, the market leading email security company in the industry. 

Through its enhanced end-user tools (Outlook 365 Add-in) and thorough Admin Reporting, modusCloud quickly helps customers improve their security posture in this world of constantly-evolving threats. 

Our partnership with PlanetMagpie gives customers an even more personal touch & expert support, while using a best-in-class product.

Now, what’s new? Lots of things.

Vircom's recent partnership with Red Sift helps customers overcome the challenges of implementing Email Authentication measures (SPF/DKIM/DMARC). It’s a big improvement on email management that you only have to address once!

I also wanted to mention modusCloud Plus Packages. Adding a Plus Package gives you a group of new security features:

1. Predictive URL Defense – Proactively inspects suspicious URLs “pre-click” to better identify & block zero-day URL attacks.
2. Advanced BEC – Additional scanning engine from Proofpoint’s enterprise product, which improves detection of business email compromise attacks.
3. Email Warning Tags – HTML banners added to the email body, to better inform users about potentially risky emails. 
4. One-Click Pull– Post-delivery remediation tool for Office 365.  With this you can revoke emails, even after it arrives in someone’s inbox.

Here's a great way to cap this off. We have a new beta available now for Microsoft 365 customers...an Office 365 Monitor tool.

This tool gives you more visibility on potentially suspicious behavior & activity within O365. It scans all of your 365 accounts for:

• Suspicious Log-Ins
• Suspicious mail-flow behavior (deletions, outlook rules etc.)
• Users without MFA enabled

We'll add more features as it evolves.

Thank you for sharing all this, Yves. Can we talk with you again about other email topics?

Happy to share! Let’s talk about email encryption next time.

Have a question about email security not addressed here? Send it to us at info@planetmagpie.com.

Robert Douglas, IT Consulting Team Lead consulting@planetmagpie.com