Electric-fencing spam and phishers for Genesis Energy
“ I would absolutely recommend SMX to other businesses. It’s a powerful tool, and easy to manage. And we don’t have to invest a lot of time or resources to manage it – it pretty much looks after itself. It just works.”
– Reyna Ramirez Montes, Security & Compliance Manager, Genesis Energy
For long-time SMX customer Genesis Energy, New Zealand’s largest electricity reseller, SMX’s email filtering and SmartRules® deliver email security and peace of mind for staff, allowing them to work at peak productivity without the hassle of dealing with spam, malware and phishing issues. The service has also integrated smoothly with Microsoft Office 365 to provide an extra layer of protection. As a bonus, the SMX reporting feature creates a competitive edge for the business.
Genesis Energy uses SMX to provide email protection for 1500 users across six domains around New Zealand. The company uses SMX’s inbound and outbound filtering, and SmartRules for content control.
Genesis Energy’s Security and Compliance Manager, Reyna Ramirez Montes, joined the company in February 2016. She is responsible for the overall security of the organisation and she keeps abreast of the local and international cyber threat landscape. SMX is fundamentally important in helping her meet these requirements.
Filtering: Electric-fencing spam boosts productivity
Genesis has been using SMX inbound and outbound email filtering since 2010. Reyna singles out the inbound filtering for specific praise. “The inbound filtering is excellent. We’ve had a good experience with how quickly SMX identifies issues and then resolves them,” she says.
Genesis Energy gets a lot of spam, however almost all of it is intercepted by SMX. “We still get some spam coming through – it’s impossible to stop it completely, after all – but SMX catches most of it.”
Reyna estimates that spam accounts for 10 to 15 percent of the total company email that hits SMX's servers and she says users “don’t know how lucky they are” that SMX is in place. “If they had to deal with that amount of spam in their inboxes, it would waste a lot of time. As it is, the inbound filtering is saving a lot of time in the business, allowing us to be more focused on our customers’ needs.”
This is especially significant in the 200-strong Hamilton-based contact centre, where email traffic is high, and email peppered with spam would be hugely detrimental to staff productivity. Reyna says: “The contact centre teams get and respond to a lot of email every day. They need to receive the email as clean as possible, so that they’re not wasting time dealing with spam – and SMX helps achieve this. It’s a very good benefit for us.”
SmartRules® – Flexibility is key
The SMX SmartRules engine delivers sophisticated content control and can be configured for data loss prevention as well. The beauty of SmartRules is that it is constantly evolving to meet the demands of the changing spam and malware threat landscape and rules can be customised to meet the specific needs of individual customers. It is easy to implement and very cost effective, compared to the potential significant losses that could be inflicted on an organisation without it.
When Reyna joined Genesis, the company’s executive general management team was experiencing regular phishing attacks. Something had to be done – and Reyna didn’t need to look far, as the building blocks for an effective solution were already in place.
“We wanted to be more proactive rather than reactive. That’s when I discovered we weren’t using SMX SmartRules to its full potential. So, I contacted SMX support to get the rules configured in such a way that we get real-time visibility of the threat landscape. Now we know what’s happening and that allows us to respond accordingly.”
Genesis implemented specifically customised versions of the block executables and whaling rules, to give their staff an extra layer of email security.
Genesis uses the whaling module to ensure its executive general managers (EGMs) are as protected as possible against whaling and phishing attacks. The whaling module enables Genesis to identify those that need whaling/phishing protection and restricts the number of addresses their EGMs (the ‘Whales’) can send email from. It inspects email headers to identify emails that are spoofing nominated executive names and if the ‘reply-to’ or ‘from’ headers are not from allowed addresses, the rule will trigger and quarantine the email, and then redirect it to the Genesis information security team for inspection. “Therefore, we not only stop malicious attacks and can forget about them, we also inspect and understand the attacks, “Reyna says.
The block executables rule, used to prevent ransomware-type attacks (e.g. CryptoLocker), is applied to all users. The rule works by referencing a list managed by SMX's support desk to identify and quarantine common executable attachments, stopping them from passing through the SMX filters. Genesis also has a list of types and names of attachments that they want checked, so both lists combined are very powerful, says Reyna. If any of the attachments are detected, the email is quarantined, a ‘Quarantined Email Notification’ is triggered to the recipient and the email is redirected to the information security team for inspection.
“I appreciated the way the SMX support team worked closely with us to make the rules work exactly the way we needed them to,” Reyna says. “We can do so many different things with SmartRules. We really value the flexibility and freedom the rules give us.”
Reporting provides competitive edge
SMX’s reporting capability is a bonus that Reyna sees as a key benefit of the service. She says her team uses the reporting feature quite heavily, extracting logs weekly.
“We like to be proactive and be aware of trends, and the reports give us these insights,” Reyna says. “We use the information we extract weekly for our monthly IT reports. With SmartRules, for example, we configured an alert for every blocked whaling attempt, which we use to track trends, volumes and types. We are now more aware of the security threats and trends and this is helping us develop our own intelligence around the threat landscape and informs the security strategy.
“It has also helped educate the staff and increase awareness. When you receive whaling emails so often, you just start to ignore them. Now, because the EGMs receive fewer whaling emails, whenever they do get one, they report it promptly, and we are better positioned to respond promptly as well.
“The fact that SMX makes this information so readily available to us is really important, and valuable. Being able to identify threats as they happen gives us, as a business, a competitive advantage.”
Integration with Office 365
Genesis recently completed a migration to Microsoft Office 365, and has integrated this with SMX to provide a premium extra layer of security against advanced cyber and malware threats that the email virus filters in Office 365 cannot prevent. The migration and integration with SMX was trouble free, Reyna says. “The change has been transparent for us. We didn’t have any issues at all with the migration to Office 365, and no issues with the integration with SMX either. It all just works.”
Support is valued
Reyna is full of praise for the SMX support team and how they respond to issues, and says she appreciates the personal touch: “We’ve had a really good experience with support from SMX. It’s easy to pick up the phone and get support and advice. They come back to us quickly and explain exactly what the issue was and the steps taken to resolve it. SMX just keeps things running smoothly for us. And nothing is ever too much trouble.”
Asked if she would recommend SMX to other businesses, Reyna’s response is unequivocal: “Oh yes, absolutely. It’s a powerful tool, and quite easy to manage. And we don’t have to invest a lot of time or resources to manage it – it pretty much looks after itself. It just works. Nothing is an issue. We’re not in the market for anyone else.”
About Genesis Energy Limited
Genesis Energy Limited is a diversified energy company that is a publicly listed on the NZX and ASX (GNE). Genesis sells electricity, natural gas and LPG through its retail brands (Genesis Energy and Energy Online). It is New Zealand’s largest electricity and gas retailer, supplying energy to over 650,000 customer connections across New Zealand. Genesis generates electricity, and trades electricity and natural gas through its Generation business, which operates a portfolio of thermal generation and renewable generation assets located in different parts of New Zealand, including Huntly Power station (the largest electricity generation facility in New Zealand by capacity), three hydro schemes – Tongariro, Waikaremoana, and Tekapo – comprising eight power stations, and a wind farm at Hau Nui in the North Island. Genesis has a 46% interest in the Kupe Joint Venture, which owns the Kupe oil and gas field. More about Genesis Energy
Download | Download the full case study PDF
Full Service Details | Find out more about SMX SmartRules