One year of 32Guards – and that’s just the beginning
At the turn of the year 2019/2020, the time had come: After the focus of the 32Guards service was on analysis and learning at the beginning, 32Guards now also sent assessments to the participants of the 32Guards beta. While the functionality of 32Guards was limited at the beginning, the 32Guards service was able to steadily expand it by continuously gathering experience. Over the course of 2020, the repertoire of detections grew significantly. In this article, we will look back at a number of developments and show how 32Guards became increasingly active, especially in the second half of 2020.
What is 32Guards?
The 32Guards service in NoSpamProxy collects and analyses metadata on emails and attachments. The goal is to build an even more powerful anti-malware intelligence that can detect and defend against spam and malware attacks even faster and more accurately.
32Guards analyses a growing number of emails
32Guards’ great strength lies in centrally bundling the meta-information of the numerous distributed NoSpamProxy instances and, based on this, identifying suspicious trends early on. The following graph shows the number of emails reported by 32Guards for the second half of 2020:
In the overview, the emails are divided as follows:
- Outbound emails (Outbound)
- Inbound emails with Level of Trust (Trusted Inbound)
- Inbound emails without Level of Trust (Untrusted Inbound)
The dark line (Trend) represents the averaged overall trend. It is easy to see here that the number of reports to 32Guards increases significantly over time. As expected, email traffic is greatly reduced at the end of the year.
32Guards beta increasingly popular
The free use of the 32Guards service (currently available as a beta version) by NoSpamProxy customers comprises two stages.
In the first stage, participation in 32Guards can be activated locally. The NoSpamProxy instance then reports to the 32Guards service. This allows the algorithms to adjust to the reported meta-data, but does not provide any additional protection.
The second stage becomes active as soon as the NoSpamProxy support has been activated. Then NoSpamProxy not only sends reports, but also receives replies from 32Guards. In this case, additional SCL points are then awarded on the basis of the assessments made.
The graph shows
- how many emails have been reported to 32Guards over the last few months (Nur Berichte)
- and how many of these have already been evaluated by 32Guards (Antworten).
Again, the figures refer to daily values. The proportion of reports that were also answered is represented by the dark line and uses the scale on the right. Especially from the summer of 2020, the proportion of NoSpamProxy customers who used the 32Guards beta increased. As a result, the proportion of 32Guards reports that were answered also increased.
32Guards is constantly improving
In the course of the last year, the malware and spam detection of the 32Guards service has been constantly expanded with new features. The aim is to complement the existing protection mechanisms in NoSpamProxy.
“32Guards takes care of the particularly difficult cases and thus complements the protection provided by NoSpamProxy perfectly.”
The following graphs compare the number of local detections with the number of detections by 32Guards:
It becomes clear here that the local protection mechanisms of NoSpamProxy detect the majority of malicious emails. Nevertheless: Threats keep cropping up where 32Guards contributes a significant amount of additional detection and completes the protection.
One example is the detection of phishing or spam waves, which in many cases last less than an hour. Here, the correlation of meta-data enables fast and targeted detection.
After a little over a year, 32Guards is slowly coming of age. In more and more areas, the existing protection is being effectively supplemented. Especially in the case of special threat situations – such as those caused by Emotet and others – 32Guards can react quickly and flexibly thanks to its cloud infrastructure. Moreover, it is already apparent that 32Guards is gradually developing into a mature malware intelligence.
Start using 32Guards now
32Guards ensures that metadata on emails and attachments are collected and analysed. The goal: to build an even more powerful anti-malware intelligence that can detect and fend off attacks by spam and malware even faster and more unerringly. If you are interested in using the beta version of 32Guards, send an email with the subject “32Guards activation” to NoSpamProxy Support and attach a screenshot of your licence details.