Check Point Harmony

Businesses of all sizes face increasingly sophisticated cyber threats. If your business uses the internet or email, you are at risk. Cybercriminals do not discriminate, often using botnets to spam and identify potential targets.

As cybercriminals leverage advanced technologies like artificial intelligence (AI) to craft highly personalized and convincing phishing emails, the need for a good understanding of best practices and better security solutions is necessary. In full transparency, I’m going to focus on one of the many vendors in this space that I believe excels in bringing security products to companies of all sizes: Check Points “Harmony” Email Security Platform.

Harmony began as Avanan in 2015, quickly establishing itself as a strong player in the email security space. Acquired by Check Point in late 2021, they have since solidified their position as a formidable force in the industry. I looked at them briefly a few years ago when I was in another role and they’ve come a long way forward.

One way they have improved since becoming part of Check Point is the addition of several programs in the area of security awareness: phishing simulation, interactive training modules, and automated testing campaigns, all under a simple-to-manage user interface.

According to recent reports, major companies are already warning about the rise of hyper-personalized phishing scams generated by AI bots. I’ve seen them not just in my work life but in my personal life. Emails from BestBuy, even though I’ve not purchased from them in a number of years, telling me about an issue with my order.

This is why security awareness training is essential for equipping employees with the knowledge and skills to recognize and respond to cyber threats. I’ll go as far as to say that everyone should extend that knowledge and experience to their immediate family. Every time I hear of a new tactic, whether phishing, smishing, or other, I tell my family about it. They may roll their eyes, but I know people who work in the security field who have people living under their roof who have fallen victim to these things.

BENEFITS OF SECURITY AWARENESS TRAINING

• Reduced Risk of Human Error: 95% of security breaches are attributed to human error, 80% of breaches are due to compromised credentials, and I’ve heard more than 50% were related to Business Email Compromise (BEC).

  
  

  • Training employees to identify phishing attempts and other social engineering tactics significantly lowers the risk of a successful attack.

  
  

  • Compliance and Regulation Adherence: Security awareness training helps employees understand what to look for. Many certifications (ISO, SOC, CMMC, etc.) require a security training program to reduce risk as part of your certification.

• Enhanced Incident Response: A well-trained workforce can respond more effectively to real or potential security events, reducing or mitigating the impact and recovery time from an incident.

The Power of Check Point Harmony Email Security

Combining security awareness training with an email security solution like Harmony Email Security provides a comprehensive defense against email-based threats. As part of my recent efforts, I conducted a Proof of Concept on Harmony. Security is always prescriptive, depending on your needs and operations, but Harmony Checked all the boxes for me.

• AI-Powered Protection: Harmony uses cutting-edge Natural Language Processing (NLP) to prevent sophisticated phishing and malware attacks from reaching your inbox. Look everyone is using AI in some way to improve how their product works, some places it’s a gimmick, others it makes sense. NLP is one of those areas it makes sense as it can quickly identify commonalities and quickly block threats. If I get an email from my CEO asking for iTunes gift cards and someone across the country gets a similar email they are likely going to be caught, quarantined, or blocked.

• Threat Detection: My first week I saw a number of phishing and malware items caught that my current email security platform missed. I’ll just say its licensed name is called defender and say that I very regularly say it’s not enough. Harmony not only checks the email, the attachments, and links in an email, but it also looks at QR codes which adds safety for mobile device users as well.

• Microsoft (or Gmail) Integration: Harmony integrates quickly and easily with your email solution. I think it took me 4 minutes to sign up and connect to my domain with my admin credentials. It also gave me a unified admin interface that shows what Microsoft has done, as well as what Harmony has. I found it faster to use the Harmony platform to review email information. Probably 70% faster as it had a very simple search function that worked. I could further filter if needed too.

• Data Loss Prevention (DLP): If you aren’t worried about losing data, you wont care, but I want to ensure that data going out is going where it should. If its sensitive its encrypted. Having DLP provides insights and can even reduce risk if there were a compromise as an attacker couldn’t use email to easily exfiltrate information.

• Account Monitoring: Not only did harmony provide insights and protection for my email, but it also utilized the login information for the email to identify any suspicious user activity. Flagging when a users sign on suddenly and quickly changed, it identified impossible travel and a number of other items. In my case there was no issue, just a user with a VPN on their phone who was traveling and had been on their laptop moments before using our CASB solution.

• GreyMail/Spam List: One of the features we really liked was the simple summary of emails caught as bulk email or spam that you could choose to block, discard, or allow through.

• Shadow IT: By having those email headers, and from information it was able to easily parse out the potential shadow IT in my organization, who was using it, and allow me to easily flag if it was approved or not to tune out the noise or false positives.

There are so many other features I could go into as I spent weeks digging through the platform overall it was simple, logical, and had great reporting data.

The “Why Is This Important”

Business Email Compromise (BEC) is one of the most financially damaging online crimes, affecting organizations of all sizes. According to the FBI, BEC scams have resulted in over $55 billion in exposed losses globally between October 2013 and December 2023. In 2023 alone, there was a 9% increase in identified global exposed losses. These scams often start with a simple phishing email, a user clicks a link or opens an attachment and suddenly all of their usernames, passwords, and misc cached data is stolen or compromised via malicious websites or code in the file attachment. A simple PDF or excel spreadsheet just stole information quietly that will now be used to attempt to gain access to your users email. From there they will attempt access to the machine, or any other resources identified by searching your email for key phrases “password” “account” “login” etc.

Get Some

No matter the size of your business, security awareness training and an email security solution should be integral parts of your security program. Train and empower your employees, reduce noise, and keep your business safe. If you’re looking for the right solution for your program, we can partner with you to find the best fit for your needs and scale.  

We have so much more to tell you.  Contact DTG today to speak with one of our Cloud, AI or Network Infrastructure experts: sales@dtg.com