Email security remains more of a challenge than ever for organizations. Not only is email still the preferred mode of attack, but clever cohorts of malicious actors are improvising to develop new evasions of traditional email security defenses.
How secure is your email? Here’s what you need to know:
- The data paint a troubling picture of the threat landscape with the incidence of malware-laden emails attaining a new high. One out of every 131 emails nowadays is malicious (ISTR 22). In comparison, 5 years ago, it was 1 out of 244.
- The WannaCry ransomware attack wreaked havoc recently. While it did not spread through email, most other ransomware attacks do. In fact, the number of ransomware “families” tripled and attacks increased by 36% last year (ISTR 22).
- Attackers are always improvising and they are launching successful attacks through email scams like targeted spear phishing and Business Email Compromise (BEC), that exploit social engineering methods. According to the Federal Bureau of Investigation, total exposed dollars globally was more than $5 billion last year due to BEC scams while phishing attacks grew by 55% (ISTR 22).
Shortcomings of traditional email security tools
The “traditional” email security tools that companies still use to deal with newer, more advanced threats aren’t working.
- Basic email security solutions use signature based methods which cannot keep up with the more than one million new malware variants we saw every day last year (ISTR 22).
- While some security solutions profess to use a sandbox, they are limited to virtual machine detonation, which are easily evaded by “VM-aware” malware. Last year about 20% of the malware was “VM-aware”.
- Increasingly, sophisticated attackers are “living off the land” meaning they employ macros or other scripts to pull off their attacks. Active content in attachments like Microsoft Office documents are not inspected by basic email security solutions, which leave organizations vulnerable to stealthy attacks.
- Traditional email security solutions do not export the Indicators of Compromise (IoC) gleaned from analyzing malicious emails. That means security teams cannot perform security analytics on these IoCs.
- Point solution email security vendor products do not integrate with the rest of the security infrastructure like proxies and endpoint security, slowing down the ability of security teams to respond.
In this ongoing battle of wits with the bad guys, security practitioners need to augment their traditional approach to email protection with newer multi-layered detection methods, such as machine learning, predictive and behavior analysis, and sandboxing. And they need to arm themselves with email security solutions that will stop advanced threats in their tracks – otherwise they remain dangerously vulnerable to data breaches.
Symantec’s One-Two Punch
When it comes to advanced threat protection, Symantec can help with content and malware analysis tools that block targeted attacks and offer the threat intelligence security teams will need to direct their rapid response operations. Our new combined solution consists of Symantec Messaging Gateway and Content & Malware Analysis.
- Symantec Messaging Gateway: This on-premises messaging security solution delivers inbound and outbound messaging security, advanced threat protection, real-time anti-spam and anti-malware protection, and data loss prevention in a single platform.
- Symantec Content & Malware Analysis: An advanced content filtering and malware analysis platform that supplies your defenses with multiple layers of scanning, static file code analysis, and dynamic sandboxing and validation to detect and block unknown threats.
This one-two punch protects the perimeter with the sort of on-premises email security that will stop the new and more sophisticated threats that I referenced earlier. We can block even the stealthiest threats using sandbox detonation of suspicious files and URLs and evaluate their behavior, uncovering advanced threats that would otherwise evade detection.
An additional customer benefit: the trove of threat intelligence that Symantec gleans each day from its Global Intelligence Network – the largest in the industry. We have visibility into more than 175 million endpoints and 57 million attack sensors in 157 countries and that gives us unrivaled insight into the constellation of emerging threats. Combine that with the advanced threat technologies we offer and security teams are going to be better equipped than ever to combat emerging threats and targeted attacks.
Let’s take a deeper technical dive:
- Prevent new and sophisticated email threats such as Business Email Compromise, spear phishing and ransomware with multi-layered detection technologies such as advanced heuristics, machine learning, and behavior analysis.
- Get the strongest protection against spear phishing through deep inspection of potentially malicious URLs before an email is delivered.
- Help protect against targeted attacks and zero day malware by removing active, potentially malicious content from Microsoft Office and PDF attachments. The clean document is reconstructed, reattached to the email, and sent to its destination.
- Block stealthy advanced attacks with powerful virtual and OS emulation sandboxing that is customizable to reflect your actual environment and capture more malicious behavior than other sandbox solutions.
- Get in-depth insights into targeted and advanced attack campaigns with rich threat analysis on every malicious email entering your organization, including data points such as URL information, file hashes, threat risk scores and targeted attack information
- Quickly correlate and respond to threats by exporting rich threat intelligence to your Security Operations Center via integration with third-party Security Information and Event Management (SIEM) systems
- Prevent leakage of sensitive information and meet your compliance and privacy requirements with built-in granular content filtering, integration with market-leading Symantec Data Loss Prevention (DLP) and policy-based encryption controls that block, quarantine, or encrypt sensitive emails.
- Additional integrations with Symantec Endpoint Protection and Symantec ProxySG, to analyze, stop and remediate across network, endpoint and messaging channels.
Watch our webinar, recorded on June 29, 2017, to learn how the combined solution addresses today’s advanced email threats: Watch the webinar
Learn more about