FireEye latest email update includes executive impersonation protection
Malware-less attacks are becoming an increasingly prevalent concern
FireEye has added ‘executive impersonation protection’ in the latest update of its Email Security – Server Edition solution.
Malware-less attacks are becoming an increasingly prevalent concern. In fact, FireEye has seen a rise in business email compromise over the past few years through executive impersonation attacks. According to the latest FireEye Email Threat Report, 19% of all malware-less attacks took this form in the first half of 2018. Impersonation attacks continue to be significant because adversaries are finding that people will often react to an email when it appears to be from an executive.
“While executive impersonation protection has become a commonplace feature within cloud-based email security solutions, this has not been the case on-premises,” said Ken Bagnall, vice president of email security at FireEye. “We’ve added executive impersonation protection to FireEye Email Security – Server Edition as a direct response of customer feedback that they are seeing more impersonation emails getting through their existing security services. This update is designed to catch what other security solutions are missing.”
Executive names are commonly used as display names in fraudulent emails to fool employees into taking action. This new FireEye capability protects employees from display name and header spoofing. Inbound mail headers are analysed and cross-referenced with a Riskware policy created by the administrator, and headers that do not align with the policy and/or show signs of impersonation activity can be flagged.
In addition to the executive impersonation protection capabilities, FireEye Email Security – Server Edition incorporates several other new features including,
Attachment detonation customisation (guest images): There is an increasing amount of malware programmed to execute under certain circumstances to evade sandbox detection. These evasion techniques typically limit file execution to behaviour relating to the target organisation. Administrators can now create a guest image which can ‘fool’ the file into executing, for example, creating browser history or defining ‘recently opened files’.
Full URL Rewrite: This new security capability better protects end users from malicious links by rewriting all URLs contained in an email.
Passwords in images: In direct response to the latest attack techniques seen by FireEye incident response teams, and a rapid innovation cycle, the advanced detection Multi-Vector Virtual Execution (MVX) engine can now use passwords embedded as images within emails to analyse the related password-protected files. Most sandboxes are unable to analyse password-protected files.
New machine learning engine: FireEye’s recently launched machine learning engine, MalwareGuard, is now available for FireEye Email Security – Server Edition. Under development for two years, this detection engine helps defend against emerging and new threats that often bypass traditional security solutions. Using machine learning models trained with data sets collected and labeled by FireEye and Mandiant researchers from real-world attacks, MalwareGuard intelligently classifies malware without human involvement and before signatures are available.