FireEye on Wednesday announced that the latest version of its Email Security – Server Edition product introduces several new features designed to protect organizations against various types of threats.
Email Security – Server Edition version 8.2 brings new capabilities designed to detect and neutralize emails that impersonate a company’s executives.
Business email compromise (BEC) scams often involve fake emails purporting to come from executives and it’s not always easy for employees to identify these fraudulent messages. FireEye hopes to address this using a system that detects display name and header spoofing by analyzing headers and cross-referencing them with a riskware policy created by administrators.
“While executive impersonation protection has become a commonplace feature within cloud-based email security solutions, this has not been the case on-premises,” said Ken Bagnall, vice president of email security at FireEye. “We’ve added executive impersonation protection to FireEye Email Security – Server Edition as a direct response of customer feedback that they are seeing more impersonation emails getting through their existing security services. This update is designed to catch what other security solutions are missing.”
Four other important features and capabilities have been added to FireEye’s email security product, including the recently launched MalwareGuard machine learning engine.
The company has also added a URL rewrite feature designed to protect users against potentially malicious links found in emails.
“URLs that are being analysed by our online Advanced URL Defence service, which dynamically assesses landing pages for phishing pages and other threats, are rewritten in customers emails,” Bagnall told SecurityWeek. “Then at the time of click the user is taken to a page informing them either that the destination URL is malicious and they are blocked or that it is suspicious and to proceed with caution. If everything is fine they can proceed.”
The latest version of the product also allows users to customize guest images in an effort to mitigate attempts to evade detection.
Guest images, which store the operating system and applications, are run in a virtual machine when analyzing suspicious or captured traffic. Until now, FireEye provided regular updates for these images, but users could not customize them.
By allowing users to customize images so that they mimic an actual endpoint when a potentially malicious object in analyzed, FireEye says it increases the chances of evasion techniques being neutralized.
Finally, Email Security can now analyze password-protected files sent via email if the password is sent to the user as an image.
“Password protected files are commonly used to deploy malicious attachments. This evades a number of security products,” Bagnall explained. “Different attackers will go to different lengths to obfuscate the password. Some will put the password in an image in the email. FireEye Email Security already cracks passwords in email to check password protected files. Now it also uses Optical Character Recognition to extract them from images. We have seen attacks like this a number of times in the wild.”
The latest version of FireEye Email Security – Server Edition is available immediately.