E-Mail security requires a continuous adjustment of policy rules depending on newly emerging security threats
SMTP-Watch
The operation of E-Mail servers requires constant monitoring. For this we primarily deploy established open source tools.
Furthermore E-Mail servers or rather E-Mail chains ideally can be monitored with real E-Mails from the internet answered by an auto-reply.
From this data we create a protocol of the service availability and measure the response times of the gateways.
In addition we test the TLS-negotiation as well as check for a correct configuration of the E-Mail server (SPF, DKIM and reverse DNS).
We also check whether the monitored systems are listed on blacklists.
Siem
By monitoring the operating data a baseline can be determined facilitating easy detection of deviations from the norm.
This monitoring generally is performed by a central log-server which triggers alarms for predefined events.
Also with this monitoring important operating parameters for the E-Mail policy can be determined which are used in dynamic content rules.
Besides E-Mail data especially DNS data are excellent for security analysis due to their manageable volume.
We employ graphical interactive real-time reports which can be individually configured for all data sources.
Historical DNS-queries (passive-DNS data) are an important data source for the evaluation of URLs.