How important is email security?

Email is the most widely used attack vector!

  • "91% of targeted attacks involve spear-phishing emails, reinforcing the belief that spear phishing is a primary means by which APT attackers infiltrate target networks" - Phishing Email – Most Favored Attack by TrendMicro.
  • "The Initial Compromise represents the methods intruders use to first penetrate a target organization’s network. As with most other APT groups, spear-phishing is APT1’s most commonly used technique. The spear-phishing emails contain either a malicious attachment or a hyperlink to a malicious file."  - APT1: Attack Lifecycle by Mandiant.
  • "95% of all state-affiliated espionage attacks relied on phishing in some way" - Data Breach Report by Verizon.
  • "Email is still the most commonly used attack vector for both opportunistic and targeted attacks." - Market Guide for Email Security by Gartner.
  • "Phishing is still the number one attack vector in use today" X-Force Threat Intelligence Index 2020 by IBM.

Instructor

Muhammad Alharmeel

CyberSecurity Consultant

Muhammad is a cybersecurity consultant with 15+ years of experience. He helped multiple organizations improve their security posture and abilities to defend their networks. He has also performed numerous security assessments and responded to attacks for clients in government, financial, high technology, healthcare, and other industries.

He used to wear multiple hats/roles within IT security, flipping between defensive and offensive roles such as security operations, intrusion analysis, penetration testing, fuzzing, and exploitation. He holds multiple hands-on respected certifications within defensive and offensive domains such as the prestigious GIAC Security Expert -GSE, Offensive Security Certified Expert OSCE, and the Certified Information Security Manager - CISM designation.

Course curriculum

  • 1

    Module 1: Introduction

    • Before we begin...

    • A message from the instructor

    • How critical is email security to organizations' security?

  • 2

    Module 2: Attack Vector #1 - Spoofing

    • Sender Spoofing

    • Exercise 1 - Email Spoofing

    • SPF - Sender Policy Framework

    • Exercise 2 - SPF Record Creation & Validation

    • DKIM - DomainKeys Identified Mail

    • Exercise 3 - DKIM Record Creation & Validation

    • DMARC - Domain-based Message Authentication, Reporting & Conformance

    • Exercise 4 - DMARC Record Creation & Validation

  • 3

    Module 3: Attack Vector #2 - Attachments

    • Threats

    • Defensive Controls

    • Exercise 5 - File Extension Regex Filter

    • Exercise 6 - Cuckoo Sandbox Deployment

  • 4

    Module 4: Attack Vector #3 - URL's

    • Threats

    • Defensive Controls

    • Exercise – Detect Lookalike Domains

  • 5

    Module 5: Extra Mile Controls

    • User Awareness

    • Phishing Simulators

    • Exercise: GoPhish Deployment

    • Honeypot Tokens

    • Exercise: Canary Token Deployment

    • Multi Factor Authentication - MFA

    • Exercise: MFA Activation

    • Conditional Access

    • Exercise: Conditional Acces Whitelisted Countries

    • Minimizing Exposure

    • Exercise: Evaluate your organization's exposed internal mail headers.

    • Server Hardening (CIS/DISA STIGS)

    • Exercise: Email Server Security Assessment

    • Business Buy-in

  • 6

    Module 6: Responding to Email Attacks

    • Validate, Mitigate and Remediate

    • Exercise: Incident Response Readiness

  • 7

    Conclusion

    • Summary

  • 8

    Next steps

    • More resources for you

    • Before you go...

    • Congrats! Here's what's next...

  • 9

    Certification Exam

    • Certified SOC Email Security Specialist Exam

Maximum result, minimum effort!

Did you know that SOC teams spend nearly a quarter of their day handling suspicious emails?

The State of Email Security Report shows that the biggest portion of security analysts' time is spent on investigating email threats while prevention received the least attention. Remember the old 80/20 rule, gaining 80% of the benefits for only 20% of the work? We can improve security by 80% only by implementing a specific 20% of controls. We should prioritize that 20%, get them done and we will get an excellent return on investment of time and energy.


SOC teams should avoid the fire fighting endless loop of responding to attacks without tackling the root cause behind the problem. Solving the root cause falls under the prevention part. Thus, It's a smart decision to allocate a good deal of resources towards enhancing prevention, particularly when building security programs from the ground up. A solid, defensible email system helps SOC analysts not only stop intruders from slipping through cracks. But also avoid alert fatigue and focus on things that matter most. 

A wise man once said, 

"An ounce of prevention is worth a pound of cure."

Course Objectives

  • Help SOC analysts understand email threat landscape.

  • Ability to assess enterprise email security posture.

  • Minimize attack surface and get a better return on investments.

  • Engineer a defensible email system.

Get certified and help your organization minimize its attack surface.

No stuffing! The course is very straightforward, focused, and to the point, ensuring that every explained topic can be practically applied in your work environment.


FAQ

  • What types of questions are on the exam?

    The exam includes different types such as multiple choices, open, manually graded questions, and practical exercises.

  • What is the passing score?

    The passing score is 75%.

  • Do I need to study how to configure email security solutions?

    No, the exam does not include vendor solution-related questions. So, you do not need to study how to configure a secure email gateway.

  • When will my exam results be available?

    You will receive the exam results in an email within ten business days.

  • How long do I have access to the course material?

    You will have access for three months following your purchase date.

  • Will I receive a certificate after the course?

    Yes, but you have to pass the certification exam first.

  • How to schedule my exam?

    The certification exam will be released soon and cannot be scheduled at this time. We will send you an email to schedule your exam once released.

7 days 100% Money Back Guarantee

If you are not completely satisfied for ANY reason, simply request a refund, and we will return your money. No question asked!