Advanced Email Security - Cellopoint has evolved

Over the last decade, email security was merely equivalent to anti-spam and anti-virus. IT managers consider anti-spam and antivirus as their only security expenditures. However, hackers have changed their tactics, sending spear phishing emails, persuading recipients to open infected attachment or links. These new type of attacks are in small number, targeted, and of unknown pattern. Lifespan of this malware is also very short -80% of them disappear the same day-, making it extremely difficult for anti-spam rules and antivirus pattern to detect this type of malware. For this reason, it has become one of the biggest vulnerabilities in the email security infrastructure.

In view of this trend, Cellopoint has launched Anti-APT defense mechanism, where it can detect and catch malicious emails and unknown type of targeted attacks. Employing a Next Generation Sandbox and simulation technology, combined with correlation analysis and global threat intelligence signature matching, it accurately creates risk alerts, where all red and dangerous emails will be temporarily sent to a quarantine area, to provide professional analysis, including a full-system sandbox emulation of network activity and digital forensics report of APT attacks.

Refer to Cellopoint recently launched SEG (Secure Email Gateway):

Facing three stages of APT attack lifecycle

Cellopoint has proposed defense in a more in-depth outlook, based on three different stages of attack patterns and penetration behavior, projected as a modularized solution.

According to 5-years of exhaustive studies conducted at the CelloLabs, APT (Advanced Persistent Threat) are codified into three stages. To give IT experts a more clearly multi-dimensional vision, these stages go as follow:

1st Stage: Phishing emails penetrate to a specific target
Instead of sending a large number of virus and spam, APT aims and conducts social engineering to a small number of victims. Success rate is higher than ever, since it is easier to avoid anti-spam and antivirus detection methods. Once the recipient downloads the attachment or clicks on the hyperlink, the attacker has the control.

2nd Stage: Web callback and Remote Control tunnel C&C

Once the recipient opens the attachment or clicks on the hyperlink, the hacker normally uses a legal way (Port 80) to call back to the Botnet server and simultaneously, it builds up a remote control tunnel C&C (Command & Control). By doing this, the hacker easily collects and steals any data.

3rd Stage: Continue Penetration - Steal Confidential files

After controlling permission of single host and its account and password, it will conduct parallel proliferation and undercovered penetration, utilizing user certificate, VPN network, and subsequently, stealing confidential information and important files.

You can have a free-of-charge APT health check, and effectively plan your information security defense system, to avoid any leakage of confidential and vital information. For more information about this APT three-stages test, please contact