Email is currently known to be the most common method of an attacker acquiring initial access into an organisation. It is for this purpose that security standards such as Cyber Essentials deem the security of an organisation’s email solution to be of paramount importance to administrators. To provide assurance in your organisation’s email solution, Salus offers a two-stage email security assessment service which aims to understand the implementation of your email security from the perspective of a would-be attacker, and an internal user.

This first stage consists of an external review, with external mail infrastructure (if any) tested and reviewed, in addition to configuration of email security, such as DKIM, DMARC, and SPF. This provides an insight into the public impression of the email security, and how the service may be abused by an attacker.

The subsequent internal review phase will consist of a configuration and practical review of email security, through a combination of implemented controls within your organisation, such as MessageLabs, Ironports, Microsoft 365 controls and others, tested against known attacker techniques. This assessment provides a realistic impact assessment of what an attacker may do to access the inboxes of your users or introduce malware within your internal network.