Advanced Threat Protection

Symantec Leapfrogs the Competition to Deliver Holistic Link Protection 

11-12-2016 01:10 PM

Spear phishing emails have been all over the news lately – from attackers wreaking havoc on the U.S. Presidential Election by leaking confidential emails found through targeted spear phishing attacks, to hackers using crafted emails to expose the personal data of 13,000 patients.

These threats, which use social engineering to trick individuals into clicking on malicious links or downloading malware sent through email, have gained traction as the ubiquity of email and the widespread adoption of traditional email security solutions have caused threats to evolve beyond basic spam and phishing threats in order to infiltrate organizations.

Today, spear phishing attacks target specific individuals in organizations and leverage complex techniques such as obfuscation of links or hiding malware in innocuous-looking documents to evade detection. For example, the spear phishing attack used to hack the Gmail account of John Podesta, chairman of the 2016 Hillary Clinton campaign, compromised his email account by spoofing a Google password reset notification and by using a shortened URL to make a malicious link look authentic.

How Can Organizations Stop Spear Phishing Attacks?

As the market leader in email security, Symantec recognizes that a proactive approach to security that blocks both new and known attacks is needed to combat spear phishing, since these threats are becoming more sophisticated and continuously evolving, with new attacks emerging each day.

In addition, organizations need a way to stop attacks that use smokescreen techniques such as obfuscating a link or weaponizing a link after an email is delivered. When combined with social engineering, these techniques make spear phishing attacks very difficult to prevent. For instance, a recent study found that 56% of individuals click on links in emails from unknown senders!

Symantec addresses these challenges today with strong URL protection through existing Real-Time Link Following capabilities in Symantec Email Security, which blocks malicious links used in spear phishing attacks before an email is delivered. We’ve been working hard to make this protection even better to deliver the most comprehensive URL protection in the email security market by adding new Click-Time URL Protection capabilities in the latest release of Symantec Email Security, which protects all mailboxes – whether they’re in the cloud, hosted, or on-premise! This technology blocks spear phishing attacks that contain malicious links by analyzing them when they are clicked by end-users and stopping links that are harmful.

Click-Time URL Protection3.png

How Does Click-Time URL Protection Work? 

Click-Time URL Protection evaluates links in real-time when users click on them to ensure they don’t contain any malicious content. Links that contain malicious content are blocked while links that are safe proceed to their final destination link. This protects against spear phishing attacks that weaponize a link after an email is delivered by ensuring that links don’t become malicious after email delivery.

Both Real-Time Link Following and Click-Time URL Protection use the same approach to stop spear phishing attacks by performing deep evaluation of links in real-time, whether the link is in the body of an email or inside an attachment. 

Links are tracked to their final destination, even when attackers use sophisticated techniques such as multiple redirects, shortened URLs, hijacked URLs, and time-based delays to bypass detection. Any files found at the destination URL are downloaded and deep heuristic analysis is performed to determine whether they are malware. This deep link evaluation blocks both new and targeted spear phishing attacks that contain malicious links for the most effective protection against spear phishing attacks.

Protect Against Complex Spear Phishing Attacks

Moreover, these technologies work with advanced heuristic capabilities in Symantec Email Security, which can identify spear phishing attacks that deploy even the most obfuscated malware. This functionality employs heuristic technologies to determine if an email contains any components of malicious code. For example, it can identify a malicious link hidden in a document, even if that document is inside another file such as a ZIP file! Skeptic works with Real-Time Link Following and Click-Time URL Protection capabilities to sniff out spear phishing attacks that leverage complex techniques used to evade detection by traditional email security solutions.

At Symantec, we’re continuously evolving and improving our solution, which blocks new and advanced email threats with the highest effectiveness and accuracy, to help you stay ahead of the latest threats, including the latest spear phishing attacks. The latest release of Symantec Email Security includes several other new capabilities and enhancements such as: 

  • Newsletter and Marketing Email Handling enables customers to manage newsletters and marketing emails separately from spam. This increases user productivity by allowing admins to block, quarantine, or tag newsletters & marketing emails for cleaner, more organized inboxes.
  • Email Quarantine Enhancements allow admins to quarantine emails containing confidential or inappropriate content, as well as spam, and newsletters & marketing emails. This includes a new, mobile-optimized quarantine for users in which emails can be released to an admin for further investigation. Detailed reporting provides greater visibility into usage of the quarantine to email admins.
  • Increased Effectiveness against spam and malware strengthens protection against spear phishing, Business Email Compromise, and other advanced attacks with typosquatter analysis and other intelligence that identifies spoofed emails. In addition, new file type analyzers improve detection of the latest ransomware attacks by leveraging active content within emails and URL inspection from attachments. Finally, a new analyzer improves detection of JavaScript attached to an email or within a zip, and our cloud-based sandboxing service now supports file types such as RTF files, Batch files, and VBS files.
  • Automated Malware Alerting sends automatic, post-delivery alerts to customers in case emails containing malware are delivered to end-users. This minimizes exposure to threats by expediting incident detection and remediation.
  • Improved Email Reporting accelerates threat investigation and response with improved reporting of attacks that make it easier for security teams to export Indicators of Compromise such as file hashes and view threat intelligence from the Symantec Global Intelligence Network.

To learn more about the Symantec Email Security solution, please visit the Symantec Email webist today!

0 Favorited
0 Files

Tags and Keywords


11-21-2019 07:18 AM

Where is the issue?. You can make a content filter to bypass the check for those domains you trust.

11-21-2019 05:53 AM

It seems that there are no controls to whitelist IP's or Domains with this Click-Time option against kroger feedback checking URL's embedded in emails.

We have several customers who receive legitimate emails from various sources that require a click on a URL to be tracked by end users. 

02-19-2019 06:20 AM

Ask for what you as a new feature

02-18-2019 07:03 AM

It seems that there are no controls to whitelist IP's or Domains with this Click-Time option against checking URL's embedded in emails.

We have several customers who receive legitimate emails from various sources that require a click on a URL to be tracked by end users. This system appears to create a multitude of false positives - is this correct?

01-08-2018 01:15 PM

I have a serious concern with the way the URLs are presented to end users of the Symantec Click-Time URLs.  For years we have been training our end users to look for suspicious emails and one of the easy giveaways was the URL that did not match the displayed text or the context of the email.  Then when we subscribed to this Click-Time URL protection, the URL is all jumbled up to the end user.  For example -

For some users it's easy to train them and for others, it's difficult.  Also I've seen other URLs that are even more difficult to decipher.  I wish Symantec would figure out another way to display a protected URL without making a mess of the original URL so that users can decipher it correctly. 


Related Entries and Links

No Related Resource entered.