Symantec Email Security Community

Introducing Advanced Protection against Sophisticated Email Threats 

Jun 16, 2017 04:51 PM

Email security remains more of a challenge than ever for organizations. Not only is email still the preferred mode of attack, but clever cohorts of malicious actors are improvising to develop new evasions of traditional email security defenses.

How secure is your email? Here’s what you need to know:

  • The data paint a troubling picture of the threat landscape with the incidence of malware-laden emails attaining a new high. One out of every 131 emails nowadays is malicious (ISTR 22). In comparison, 5 years ago, it was 1 out of 244.


  • The WannaCry ransomware attack wreaked havoc recently. While it did not spread through email, most other ransomware attacks do. In fact, the number of ransomware “families” tripled and attacks increased by 36% last year (ISTR 22).


  • Attackers are always improvising and they are launching successful attacks through email scams like targeted spear phishing and Business Email Compromise (BEC), that exploit social engineering methods. According to the Federal Bureau of Investigation, total exposed dollars globally was more than $5 billion last year due to BEC scams while phishing attacks grew by 55% (ISTR 22).

Shortcomings of traditional email security tools

The “traditional” email security tools that companies still use to deal with newer, more advanced threats aren’t working.

  • Basic email security solutions use signature based methods which cannot keep up with the more than one million new malware variants we saw every day last year (ISTR 22).
  • While some security solutions profess to use a sandbox, they are limited to virtual machine detonation, which are easily evaded by “VM-aware” malware. Last year about 20% of the malware was “VM-aware”.
  • Increasingly, sophisticated attackers are “living off the land” meaning they employ macros or other scripts to pull off their attacks. Active content in attachments like Microsoft Office documents are not inspected by basic email security solutions, which leave organizations vulnerable to stealthy attacks.
  • Traditional email security solutions do not export the Indicators of Compromise (IoC) gleaned from analyzing malicious emails. That means security teams cannot perform security analytics on these IoCs.
  • Point solution email security vendor products do not integrate with the rest of the security infrastructure like proxies and endpoint security, slowing down the ability of security teams to respond.

In this ongoing battle of wits with the bad guys, security practitioners need to augment their traditional approach to email protection with newer multi-layered detection methods, such as machine learning, predictive and behavior analysis, and sandboxing. And they need to arm themselves with email security solutions that will stop advanced threats in their tracksotherwise they remain dangerously vulnerable to data breaches.

Symantec’s One-Two Punch

When it comes to advanced threat protection, Symantec can help with content and malware analysis tools that block targeted attacks and offer the threat intelligence security teams will need to direct their rapid response operations.  Our new combined solution consists of Symantec Messaging Gateway and Content & Malware Analysis.

  • Symantec Messaging Gateway: This on-premises messaging security solution delivers inbound and outbound messaging security, advanced threat protection, real-time anti-spam and anti-malware protection, and data loss prevention in a single platform.


  • Symantec Content & Malware Analysis: An advanced content filtering and malware analysis platform that supplies your defenses with multiple layers of scanning, static file code analysis, and dynamic sandboxing and validation to detect and block unknown threats.

This one-two punch protects the perimeter with the sort of on-premises email security that will stop the new and more sophisticated threats that I referenced earlier. We can block even the stealthiest threats using sandbox detonation of suspicious files and URLs and evaluate their behavior, uncovering advanced threats that would otherwise evade detection.

An additional customer benefit: the trove of threat intelligence that Symantec gleans each day from its Global Intelligence Network – the largest in the industry. We have visibility into more than 175 million endpoints and 57 million attack sensors in 157 countries and that gives us unrivaled insight into the constellation of emerging threats. Combine that with the advanced threat technologies we offer and security teams are going to be better equipped than ever to combat emerging threats and targeted attacks.

Let’s take a deeper technical dive:

Key capabilities:

  • Prevent new and sophisticated email threats such as Business Email Compromise, spear phishing and ransomware with multi-layered detection technologies such as advanced heuristics, machine learning, and behavior analysis.
  • Get the strongest protection against spear phishing through deep inspection of potentially malicious URLs before an email is delivered.
  • Help protect against targeted attacks and zero day malware by removing active, potentially malicious content from Microsoft Office and PDF attachments. The clean document is reconstructed, reattached to the email, and sent to its destination.
  • Block stealthy advanced attacks with powerful virtual and OS emulation sandboxing that is customizable to reflect your actual environment and capture more malicious behavior than other sandbox solutions.
  • Get in-depth insights into targeted and advanced attack campaigns with rich threat analysis on every malicious email entering your organization, including data points such as URL information, file hashes, threat risk scores and targeted attack information
  • Quickly correlate and respond to threats by exporting rich threat intelligence to your Security Operations Center via integration with third-party Security Information and Event Management (SIEM) systems
  • Prevent leakage of sensitive information and meet your compliance and privacy requirements with built-in granular content filtering, integration with market-leading Symantec Data Loss Prevention (DLP) and policy-based encryption controls that block, quarantine, or encrypt sensitive emails.
  • Additional integrations with Symantec Endpoint Protection and Symantec ProxySG, to analyze, stop and remediate across network, endpoint and messaging channels.

Watch our webinar, recorded on June 29, 2017, to learn how the combined solution addresses today’s advanced email threats: Watch the webinar


Learn more about

0 Favorited
0 Files

Tags and Keywords


Jul 12, 2019 07:28 AM

Boooooo. I want content analysis built in to smg.

Jul 05, 2017 08:33 PM

AV protection is an add-on to Content Analysis.  So, you can purchase Content Analysis without AV.

Jul 05, 2017 02:02 PM

what do you mean you dont have to purchase content analysis.  Where is the download link, ill install it now.


Jul 05, 2017 01:50 PM

Hi Keri,

AV service on Content Analysis is optional, you do not have to purchase it. The big advantage to SMG users with this integration is the behavior analysis, machine learning and URL & file sandboxing plus rich threat analytics capabilities. Plus what I mentioned in the above thread about ATP platform support for web, endpoint and email channels.

Jul 05, 2017 01:45 PM

Symantec's decision to integrate with Content & Malware Analysis for sandboxing was made to provide an ATP platform that supports endpoint, email and web channels. Building in sandboxing to SMG would not provide the advanced threat visibility organizations are seeking across these attack vectors.

Jul 05, 2017 11:12 AM

Hello Keri,

Thank you for your feedback. Advanced Threat Protection capabilities are available via Content & Malware Analysis integration with SMG. 



Jul 03, 2017 11:04 PM

YES! I would like to know as well. Agreed about the BlueCoat...The thing is...everyone knows sig-based AV is quickly becomming completely obsolete. You'd think Symantec would be slathering on every ounce of additional features or at least distracting "pretty things" on to their SMG and SEPM appliances so no one notices. lol.

Jul 03, 2017 10:31 PM

i want to know why the sandbox feature is NOT apart of the SMG out of the box.  I dont want to use bluecoat integration.  I want SMG to have it all in one product.  I dont see how symantec (you guys) could miss the obvious here.  I love SMG, it rocks.  Dont make me go to Fortinet or others who offer sandboxing feature right out of the gate; meaining deleting my smg's and starting with fortinet.  Gimme sandboxing with the 10.6.4-0.  Hurry.  You have little time to make me happy.  lol.  In all seriousness, please make sandboxing apart of SMG, i dont want to pay more for bluecoat stuff that i just dont need.  



P.S. add more features for logging in SMG, it needs to have better logging.  thanks.

Jul 03, 2017 10:18 PM

Hello! I find the information a bit misleading-maybe I'm confused?

When you stated "This on-premises messaging security solution delivers inbound and outbound messaging security, advanced threat protection, real-time anti-spam and anti-malware protection, and data loss prevention in a single platform."​.. Aren't some of these capabilities like "Advanced Threat Protection" only available with the BlueCoat integration?


Related Entries and Links

No Related Resource entered.