Securence gives you the ability to customize your users’ interface, and reporting emails sent by the system (e.g. daily spam digest, stat reports). You can start your customization by editing your company settings through the interface and clicking on the “Upload New Logo” button near the bottom of the page.

The default Securence interface has a blue header with the Securence logo, and a white highlight on currently selected menu items and text. When you upload your own custom logo, and choose your custom colors, a “Powered By Securence” image will automatically appear on the page’s footer. The logo uploader only accepts PNG image files under a size of 1MB.

• Use a transparent background for your logo image file, this will allow seamless integration onto the header’s background.
• In the Securence interface, your logo will be resized to a maximum height of 50 pixels, while logos sent in system generated emails will be resized to a maximum height of 85 pixels.
• When Choosing a background color, your browser’s color picker will be displayed. In the picker, you can use the eyedropper tool to select any color visible on your monitor.
• The “Text & Accent” color will be used as the text color for the “Hi, [User’s Name]” text as well as the highlight color for the currently selected navigation item.
• Further customizations will be released in the future, stay tuned.

DomainKeys Identified Mail (DKIM) has long been an internet standard, yet many administrators are still unfamiliar with what it is and how their organization can benefit from it. In this post we hope to clear up some of the confusion surrounding DKIM and what options are available as part of your email service with Securence.

What is DKIM?

At a basic level, DKIM provides a way for your outgoing email to be “digitally signed” by your domain. With this signature in place, a receiver can verify that your domain is truly the original source of the message. Additionally, since the signature is based on the actual message (headers and body), the receiver can also reliably confirm that the message has not been altered while in transit.

How does it work?

1. Hashing

First, the signing mail server generates a unique “hash value” for your message. It does this by feeding the message into a cryptographic hashing algorithm (usually SHA-256). This is a fancy way of reducing any message of any size down to a single, fixed length string of text that uniquely represents the contents of the message. Cryptographic hashing algorithms have the handy benefit of causing very similar text to produce vastly different hash values.  For example:

"It was the best of times, it was the worst of times."
SHA-256 hash: 38D141B35057BBB691B9756C20A6C31A0AB0BBF2076538A7FB6D9EE8835096D7

"It was the best of times, it was the worst of times,"
SHA-256 hash: 775FCE11D4FEC218D105CEC874901A5225B78C02EB6E86D8D4832464368C332A

Note that simply changing the period at the end of the sentence to a comma produced a completely different hash value. When the receiving mail server performs the same hashing algorithm on your message and gets the same result, it knows that the message is in the exact state it was in when originally hashed. Conversely, if a different hash value is produced on the receiving end, then some modification to the message has occurred.

2. Encryption

The calculated hash value is then encrypted using a private key owned by your domain. The public key counterpart is used to unlock or decrypt the hash for verification and is stored in your domain’s DNS record. In order to sign messages with Securence, you will generate this key pair in the admin portal. Securence stores the private key for signing while you make the public key available in a TXT record for verification.

3. Verification

When a receiving server sees a DKIM signature in the message headers, it attempts to decrypt the hash using the public key that is available via DNS.  If the decryption succeeds, the server knows that it could only have been encrypted with the private key held in secret for your domain.  It calculates its own hash value for the message. If it matches the decrypted one found in the signature, the receiver knows the message was not modified. The DKIM check is now complete.

What are the main benefits to signing with DKIM?

First, DKIM is an important part of protecting your domain from abuse. Email service providers can use the information gleaned from DKIM to identify and block fraud attempts. 

DKIM signing can also improve delivery rates with email services that track sender reputation. For example, if Gmail is unable to authenticate a message using either SPF, DKIM, or DMARC, it is more likely that message could end up delayed or even marked as spam.

Additionally, DKIM is a necessary step towards implementing DMARC, which itself provides further protection from email scams and spoofing attempts. Though DKIM is not explicitly required for DMARC, implementing a reject policy in DMARC is strongly discouraged without first signing with DKIM. DMARC will be discussed in an upcoming blog post.

How do I setup DKIM in Securence?

Configuring Securence to sign your outbound messages with DKIM is a relatively straightforward process. Click here for a PDF which will walk you through the steps.

Summary

DKIM is an important and useful email authentication scheme. Using DKIM, your messages can be signed in such a way that receivers can trust they truly originated from your domain and have not been tampered with. DKIM signing is included with your Securence Outbound service. If you have questions about DKIM or any other part of your Securence email protection suite, reach out to us at support@securence.com.

Need to know

• CEO Fraud-type scams are increasingly prevalent.
• CEO Fraud Protection by Securence guards against sender name spoofing.
• In order to benefit, please configure the filter within the Securence admin portal. 

“Good morning, Jim. Are you at your desk? I need you to do something for me.”

What is CEO Fraud

It begins with a quick morning email from a manager or CEO, which lowers the target’s guard. There are no suspicious attachments or links to raise alarm bells. This can even fool those who are otherwise adept at spotting a phish. If they respond, the scammer then asks for some kind of financial transaction to occur. (e.g. a wire transfer, gift card purchase, or direct deposit change) 

Impersonation scams like this are continually on the rise. They are disturbingly easy to execute and can lead to dramatic payouts for the scammer. They also frequently pass through mail filters because they simply contain conversational text from previously unseen addresses. Also referred to as “whaling” or “spear phishing”, attacks like this cost organizations billions of dollars every year.

Standard domain name protection is ineffective

Standard email authentication schemes such as SPF, DKIM, and DMARC, which operate on the sender’s address, cannot protect against this since the scammer often does not spoof the address. They only need to spoof the executive’s name in order to achieve their goal. In fact, the message will frequently pass SPF, DKIM, and DMARC checks, since it may originate from a large ESP such as Gmail, Yahoo and Outlook.com. For example:

From: “Judy Smith” <ceo.12345@gmail.com>

Subject: Quick question

Hey, are you in the office today? I’ve got a favor to ask you.

The scammer is hoping for one of two things:

1. The target only sees the sender’s name, and assumes it is reliable.

2. The target sees the unusual email address, but assumes it was sent from the executive’s personal account, cell phone, tablet, etc. (The scammer may even include “Sent from my iPhone” at the bottom of the message to aid in this misdirection)

How can Securence help

CEO Fraud Protection by Securence guards the executive’s name, displayed as the sender, and is the key to the scam. If an email claims to be from a protected name in Securence, but the email address does not match, then Securence will take action. Standard actions include: block, quarantine, notify an administrator, or deliver the message after modifying it to include a warning.

Login to your account today to setup this critical feature. It is available under the Phish settings for your Domain, Group, and Company accounts. There you will also find further documentation, including best practices for configuration and tips on avoiding false positives during and after rollout.

As always, we welcome your feedback. Reach out to us at support@securence.com with any questions or concerns.

What is it?

A zero-day virus is a computer virus that can either be a slight mutation of a previously seen virus or completely new. Therefore, the defining characteristic of a zero-day is simply that it is new. It has purposely been changed in order to be able to avoid detection from antivirus programs. They are designed to exploit your systems vulnerabilities and takes advantage of the fact that even the largest antivirus protection may have no current solution to defend against these mutated viruses. By attacking these vulnerabilities, the malware is able to sneak in and perform actions on your system that otherwise would not be permitted.

Most antivirus programs use signatures to search your computer for malicious programs and attachments. But a zero-day virus is good at hiding itself from being caught – It flies under the radar and does not send off a known signal. Antivirus software blocks against signatures that it has seen before. Each virus has a unique known signature, so when a zero-day virus changes it ever so slightly, it is able to slip through the cracks and send malicious content to you. While most programs develop a patch to fix the problem after the attack has occurred, that doesn’t protect against future vulnerabilities once the signature of the virus mutates yet again. Wouldn’t you want to stop the zero-day virus before it does any damage to your private and sensitive data?

How it attacks

One of the most common ways to infect a computer is to create a malicious email attachment. Most of the time, these attachments look completely legitimate. For example – say Fidelity Investments is your financial advisor. Most likely, you have their name, address, and personal advisor’s details in your contact list. If you were to receive an email that looked like this, would you open it?

It’s from a trustworthy name, it’s on letterhead, and there are no spelling mistakes. Though this information looks familiar to you, it’s a trap. For example, we took this attachment at the time it was caught using Virus Total and out of 57 scanners (now there are 58), only four caught it.

It was able to fool Malwarebytes, MacAfee, AVG, and even Microsoft – and this zero-day virus was sent through Microsoft’s own Exchange servers!

By running this same file through Securence, the virus was caught. That is due to the fact that while many of the best antivirus software search for recurring signatures, Securence adds another layer of protection by using predictive blocking. Though we had never seen this specific virus, we are able to catch it because the virus used a pattern similar to what we had seen before.

Ensure you have the best protection

Of course, antivirus software is not without value. Some protection is better than none. However, zero-day viruses are specifically designed to circumvent the best names in antivirus, so for full protection, it is important to add extra layers where they are needed.

Instead of looking for just the “static” pattern that are typical for certain viruses, Securence looks for “fluid behavior patterns.” By looking for these flexible behavioral patterns for things that tend to exist but have never truly been seen before, we can predict how the virus may mutate in the future. This allows our program to be proactive and agile so we can stay ahead of hackers that want your personal information.

Why Securence

You, your company, and your clients deserve the best possible protection against zero-day viruses. Our solutions are affordable, complete, and incredibly agile. They also protect you from every angle including inbound and outbound email filtering, first-in-class encryption, secure email archiving, email shadowing, and more. Rather than providing retroactive fixes once a zero-day virus attacks, we focus our R&D on stopping the virus before your data is accessed. Only 7 percent of the top antivirus scanners caught this Fidelity virus the day it was released and Securence was one of them.

Email Quarantine

Securence scans each of your emails to determine whether or not they are spam. Securence retains messages it determines to be spam in your personal Quarantine.  Instead of allowing spam to be delivered to your inbox, Securence stores these messages securely for a period of 30 days.  After which, they will be automatically deleted.

Spam Digest

If your administrator has enabled the Spam Digest, you will receive a regular summary by email of the most recent messages quarantined for your address. This digest will be sent to you according to the schedule determined by your administrator. The following is an example of a typical digest:

For each quarantined message, the digest displays standard message attributes: sender address, subject, recipient address, date/time and available actions.  To view a quarantined message, simply click on the subject of the message you wish to view and it will be displayed in your web browser. For each message, there are various actions that can be taken directly from the digest:

• If the message is spam, no action needs to be taken. It will be automatically deleted after 30 days.
• To move an email to your inbox, click “Release”.
• To move an email to your inbox and whitelist the sender, click “Allow”.
• To blacklist the sender, click “Block”.

When viewing a quarantined message in your web browser, additional actions may be accessible to you, such as “whitelisting” the sender.  This will add the sender’s address to your list of trusted senders and prevent mail from them from being marked as spam.

Viewing your Quarantine online

Another way to view your quarantined messages is by logging in to the Quarantine interface through a web browser.
This allows you to browse all quarantined messages sent to your email address.

Either click the Login to Securence link at the bottom of your spam digest or
open a web browser and visit https://admin.securence.com/

Activating your account

If this is the first time you are logging in and your administrator has not provided you with a password, you will need click the Activate Account button.  You will be taken through a series of steps in order to confirm your identity and get started with Securence:

1. Enter your email address.
2. Securence will send an email to your address containing a confirmation code. Leave this window open.
3. Check your inbox for a new email from Securence. (If you don’t receive an email, make sure to check your Junk mail folder)
4. Return to your web browser, enter the confirmation code from the email into in the box as directed and click Confirm.
5. Create a password.
6. Click “Submit password and login”

You should now be able to view your Quarantine and/or manage your individual user settings in Securence.

Managing your quarantined messages 

Here is an example of how the Quarantine interface appears upon logging in:

From here, you can search your Quarantine based on multiple criteria including sender address, recipient address, and subject.  To view a message, simply double-click the row in the grid for the message you would like to view.

Additional options from within the Quarantine interface that may be available to you:

• Whitelist Sender. “Whitelisting” the sender pre-approves all emails originating from them for delivery to your inbox and prevents them from being marked spam.
• Release. This will release a message from the quarantine and deliver it to the originally intended recipient.
• Forward. You may forward a quarantined message to a different address.
• Delete. This will delete the message from your quarantine making it no longer visible or available for release.

If your outgoing mail is also filtered by Securence, you may view those quarantined messages separately by first clicking on the Outgoing tab at the top of the page.

You may also take action on multiple messages at one time.  Select all applicable messages by checking the box in the left-hand column.  Then click the desired action (e.g. Release, Forward) at the bottom of the window.

Reporting False Negatives

A false negative is an actual spam message that was not filtered out and sent along to your inbox.  If you believe a message has been delivered to you that is spam, you may forward it to spam@securence.com.  Submitting spam in this way helps to improve the mail filters in Securence.

Email Continuity

In the event of an email server outage, you can still access inbound email through your Continuity mailbox.  To access your Continuity mailbox, go to https://webmail.securence.com and login using your regular email address and password.

If you have forgotten your password, click the Forgot password link and you will be able to create a new one.  However, while your email server is down, since you cannot receive new messages, this procedure requires that you have either an alternate email address or mobile phone number configured in Securence.  Securence will send a confirmation code using either of these alternate channels in order assist you in changing your password.

Continuity is an additional feature that may or may not be enabled for your domain.  Consult your system administrator to confirm access to this powerful feature.

What is a zero day virus?

A zero day virus, is, simply put, a new computer virus for which there is no defense. It is designed to exploit your system’s vulnerabilities, taking advantage of the fact that even the largest antivirus protection programs, like AVG™, Norton™, and McAfee®, have no ready solution.

Most antivirus programs use “signals” to search your computer for malicious codes, attachments, and viruses. But a zero day virus is like a stealth bomber. It flies “under the radar” and does not send off a known signal. Most programs develop a patch to fix the problem after the attack has occurred, but Securence™ has a better solution. We can stop a zero day virus before it does any damage to your private and sensitive data. Read on to learn how.

How Sneaky is a Zero Day Virus? Very!

One of the most common ways to infect a computer is to create a malicious email attachment. Most of these email attachments look completely legitimate. For example, let’s say Fidelity Investments is your financial advisor, so you have their name, address and personal advisor’s details in your email contact list. If you get an email from Fidelity that looks like this:

would you hesitate before opening it? It’s from a name you trust. It’s on letterhead. There are no spelling mistakes. It contains information that looks familiar to you…and it’s a trap.

Securence put this Fidelity zero day virus to the test. Using Virus Total, an analytical tool that simultaneously harnesses the power of 57 antivirus scanners, we scanned the fake Fidelity document. The results were scary.

Out of 57 scanners, only four caught the virus. This virus fooled Malwarebytes, McAfee, AVG and even Microsoft – and this zero day virus was sent on Microsoft’s own exchange servers!

We ran this same file through our own Securence program; and it caught the virus. That’s because while many of the best antivirus software programs search for signals, Securence adds another layer of protection by also searching for patterns.

Securence Protects Against Zero Day Viruses

We are not saying that other virus protections are inadequate. Some protection is better than none. However, zero day viruses are specifically designed to circumnavigate to the top names in antivirus protection, so for full protection, you need something more. That’s where Securence steps in.

As mentioned above, our leading enterprise email filtering system doesn’t just look at signals. It analyzes the patterns that zero day viruses use, and anticipates the signals and patterns that new zero day viruses may use in the future. Our program is designed to be proactive and agile so we can stay ahead of the hackers that want your private information. Our solutions cover you from every angle: inbound and outbound email filtering, first-in-class encryption, secure email archiving, email shadowing and much more.

You Deserve Protection Against Zero Day Viruses

You, your company and your clients deserve the best possible protection against zero day viruses. Our solutions are affordable, complete, and incredible agile. Rather than providing retroactive fixes once a zero day virus attacks, we focus our R&D on stopping zero day virus before they access your data. Only 7 percent of 57 top scanners caught the Fidelity virus, and we were one of them. For smart protection, call Securence today.

Email security protocols are always changing as hackers discover new ways to break into email accounts. That is why Securence offers a wide range of email protection services with every email security package. These services not only help keep your Office 365 email accounts safe; they can also help cut the clutter and keep you running in case of a server crash. Best of all: Securence will beat any competitor’s pricing so you can enjoy the best email security protection program available at an unbeatable price.

Here are the services you can expect when you choose Securence as your email security provider.

1.  Lowest-Cost Inbound Filtering

One of the greatest threats to any email account is the mail that manages to show up in the inbox. It is likely that your Office 365 filters are strong by default, but hackers and malicious email scammers are always outpacing Microsoft’s security protocols. It is one of the most important reasons why companies need extra protection.

Inbound filtering will help eliminate external threats to your business’ email accounts. These can include phishing schemes, requests from foreign “princes,” and other emails that could potentially contain viruses or spyware.

2.  Lowest-Cost Outbound Filtering

Just as inbound filtering protects your email accounts from certain external attacks, outbound emails can help contain the spread of these attacks. In the case where someone manages to download a malicious email, outbound filtering can help their email stop the spread.

3.  Lowest-Cost Email Continuity

Almost every major tech company that offers email suffered server outages this year, including Amazon and Google. These outages can sometimes last a barely-perceived minute or a couple of days. In each instance, emails sent and received during those outages are lost and accounts are all but inaccessible. Email continuity services provide a backup email server that is constantly updated with every piece of mail sent. When the primary servers go down, these servers seamlessly take over. And when the primary servers go back up, they are automatically updated with all of the information sent during the outage.

4.  Lower-Cost Email Encryption

Email encryption is an extra layer of security that helps ensure your emails are seen by the intended recipients and no one else. Without added encryption, sensitive information sent via email can be intercepted, including credit card information, personal details, and other data that should be away from prying eyes.

5.  Lowest-Cost 10-Year or Unlimited Year Email Archiving

Finally, Securence offers email archiving services to ensure that your emails are always available. This program can help you stay compliant with federal regulations and your clients’ own security expectations, all while ensuring every email is at your fingertips.

Securence offers the most effective and lowest cost solution for safe-guarding your Office 365 email system. With a wide array of email filtering, protection, and continuity services built right into every package, you and your business can enjoy unprecedented email protection at the lowest cost available. Not only will Securence price match any competitor’s pricing, but they will also beat it so that you can have the protection you need at a price you can afford.

Being one of the most popular email services on the planet, Microsoft’s Office 365 has also become the most popular target for cyber attacks. People are constantly targeting Microsoft 365 users and servers with spammers, Crypto Locker schemes, malware, viruses, and, in some cases, outright threats. The ways in which they infiltrate people’s email accounts has become more and more sophisticated as well, and Office 365’s low-grade spam filters have made these sorts of malicious behaviors easier and more effective.

Luckily, as these attacks become more prevalent, the solutions do as well. Cyber security companies like Securence have developed custom email protection packages that help keep your emails safe from attacks and other inconveniences that come with Office 365 services. Securence can help your Office 365 users stay safe while staying connected. Here’s how.

Simple, Affordable Filtering

Securence’s email filtering services have Zero Minute update technology providing the most effective blocking signatures in the industry, which will help keep your inboxes free of toxic email scams, spam, and phishing schemes. Best of all, it can be done for as little as a dollar a month.

Securence’s email filtering services are constantly updated with new security protocols, which can help keep your inboxes free of toxic email scams, spam, and phishing schemes. Best of all, it can be done for as little as a dollar a month.

Disaster Recovery

No matter how well you filter emails, disaster may still come. It could be the result of a virus or malware sent through an email that bypassed security. It could be because Office 365 has had to shut down its servers from time to time for maintenance and security reasons.

When your email goes down in today’s world, your business can come to a screeching halt. With disaster recovery options, however, you can gain uninhibited access to your emails, no matter the state of Office 365’s servers. Securence’s disaster recovery protocols keep backups of all your user’s emails on a separate server. In the event of a server issue at Office 365, your users will still be able to access, send, and receive emails. When the original servers are back up and working, the new emails and activity will be automatically updated, letting you enjoy seamless email access and communication, no matter the state of the original servers.

Microsoft’s Office 365 offers some of the most widely-used and powerful programs that are available to modern businesses. Each of the applications has become the standard for the office world almost anywhere on the globe. That prevalence, however, comes with a few risks, and Office 365 users can be targeted by multiple malicious attacks. That is why every Windows product should have its security bolstered, and Securence has effective, affordable services that can help. With email filtering services and backup protocols, you can enjoy seamless email service that’s also more secure, keeping you and your Office 365 users safe and connected at the same time.

What’s the big deal?

Over the weekend of May 13-14 2017 news broke of a new Ransomware called WannaCry.  This Ransomware affected some large institutions.

WannaCry uses a vulnerability in Window’s file sharing to spread from one infected computer to another.  This vulnerability was discovered by the NSA and kept secret until someone hacked the NSA and eventually leaked the information publicly.  The vulnerability was patched in Microsoft’s March 14, 2017 software update.  This was a month before the vulnerability was publicly exposed on April 14,2017.

This exploit may be known as other names or be associated with some of the following terms:

• MS17-010
• EternalBlue
• DoublePulsar
• WannaCrypt
• WanaCrypt0r 2.0
• Wanna Decryptor

How do you protect your computers?

Patch your systems

The most important thing to do to protect your systems from this infection is to update your Windows systems.  There is a patch available for all supported Windows operating systems as well as these no-longer-supported Windows systems:

• Windows XP SP3 x86
• Windows XP SP2 x64
• Windows XP Embedded SP3 x86
• Windows Server 2003 SP2 x86
• Windows Server 2003 SP2 x64
• Windows 8 x86
• Windows 8 x64

Run versioning backup software

Versioning backups are critical, if you only have the most recent version of a file, you will have a backup of the already encrypted file, this is not helpful.  You must have the option to choose a backup from before the Ransomware started encrypting files.

Are Securence Signatures up to date to block WannaCry?

Some Intrusion Detection Systems have signatures for WannaCry, but, there are no specific signatures for emails.  So far, WannaCry spreads exclusively through SMB protocol attacks, not email.  Future variants may use different vectors as noted above.

How does Securence protect against WannaCry?

Securence uses multiple virus engines to identify malicious content in emails and they are all automatically updated as quickly as the A/V vendor publishes new signatures.  Unfortunately, recently A/V engines have been ineffective identifying the newest phishing and ransomware messages.  Securence has developed significant identification techniques to block these messages.  Thousands of malware emails are blocked every day by these techniques.

If current or future WannaCry attacks are spread via  emails they will likely use the same tactics as previous ransomeware and viruses:

• Attached executables
• Zipped executables
• Password protected zipped executables
• Word macro viruses
• Javascript attachments
• Links in email bodies
• Links in attachments
• Many other methods

When they do, Securence is ready.

Securence uses DigiCert certificates, you will find additional details about their certificates here: https://www.digicert.com/digicert-root-certificates.htm

• Root CA:  DigiCert Global Root CA
  • Valid until: 10/Nov/2031
  • Serial #: 08:3B:E0:56:90:42:46:B1:A1:75:6A:C9:59:91:C7:4A
  • Thumbprint: A8985D3A65E5E5C4B2D7D66D40C6DD2FB19C5436
  • Certificate key size: RSA 2048
• Intermediate CA:
  • Valid until: 08/Mar/2023
  • Serial #: 01:FD:A3:EB:6E:CA:75:C8:88:43:8B:72:4B:CF:BC:91
  • Thumbprint: 1FB86B1168EC743154062E8C9CC5B171A4B7CCB4
  • Cert key size: RSA 2048
• Securence Cert: *.securence.com
  • Serial Number: 08:18:f7:4c:e4:de:12:ea:e9:de:fb:ea:20:3a:02:73
  • Signature Algorithm: sha256WithRSAEncryption
  • Cert key size: RSA 2048

See also: SMTP over TLS supported cipher suites