Partner Posture

This section includes:

• Partner Posture
  • About partner posture
  • Using the Partner Posture feature
  • About the "partner profile"
  • Partner Posture - impersonation attack types
  • Partner posture - who's included
  • Limitations with partner posture

About partner posture

The Partner Posture page displays a list of well-known organizations that have been impersonated in malicious emails that were received by your organization during the previous 30 days. These malicious emails fall into the following impersonation categories: domain look-alike, visual similarity, or SPF failure. For details, see Partner Posture - impersonation attack types below.

The following is shown for each partner organization in the Partner Posture list:

• Full Name: The name of the partner organization that was impersonated.

• Domains: The main domain that is associated with the partner organization.

• Malicious Emails: The number of malicious emails that were received by your organization during the previous 30 days, that impersonated the partner organization. [Only emails in the following categories are included: domain look-alike, visual similarity, and SPF failure.]

• Risk Score: An indication of the severity of the email-risk associated with the partner organization. The risk score can be High, Medium, or Low.

  The risk score is a global score that is calculated using a FortiMail Workspace Security proprietary risk scoring algorithm. This algorithm is based on all the malicious impersonation emails that were received in all the FortiMail Workspace Security organizations.

  The risk score is based on the following factors for each partner organization, over the past 30 days:

  • The number of attacks detected in each of the impersonation attack-types. Each attack-type has a different weighting.

  • The total number of emails received from the "real" partner organization by all of the FortiMail Workspace Security organizations.

Using the Partner Posture feature

To access the Partner Posture page, click Security Operations > Partner Posture.

The "Partner Posture" page is available to admin users with the "Admin" user role only.

About the "partner profile"

In the Partner Posture page, there is a Partner Details link on the right of the row for each partner. This link opens a pane that displays the "Partner Profile". The Partner Profile shows various risk-related details associated with the partner organization.

Inside the "Partner Profile", the "Daily Attacks" chart shows the breakdown of the daily partner impersonation attacks, based on the attack-type, during the previous 30 days.

Partner Posture - impersonation attack types

Partner impersonation attacks can be divided into three categories. The categories represent different techniques that attackers typically use to impersonate trusted brands:

• Domain Look-alike: Emails are sent from domains that closely resemble a legitimate brand. Misspellings or brand-related words are used to trick users into believing the email is authentic.

• Visual Similarity: Emails mimic the visual elements of the real brand. FortiMail Workspace Security's visual detection engine identifies suspicious or unauthorized use of a brand's visual elements, including logos, color, and layout design.

• SPF Fail: Emails claim to come from a brand, but the technical authentication (SPF) fails. This indicates that the email was sent from a server not approved by the legitimate brand's domain policy.

You can hover over any column in the Daily Attacks graph to see a breakdown of the attack-types that occurred on any day.

Partner posture - who's included

The list of partner organizations in the Partner Posture page includes all well-known partner organizations that have been impersonated in malicious emails that were received by your organization during the previous 30 days.

Limitations with partner posture

• The "Partner Posture" functionality is available to organizations with any type of integration with FortiMail Workspace Security.

• The "Partner Posture" list shows first all the High risk scores, then Medium, and then Low. Within each risk category, the partners appear in alphabetic order. It is currently not possible to change the display order.

• It's not currently possible to filter or search the Partner Posture list.

• It's not possible to export or download the Partner Posture list.

• Only one domain is shown for each partner organization, even though there may be various domains that are associated with that partner.

See also: 

• Scans