Security Experts:

Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Email Security

FireEye Adds New Features to Email Security Product

FireEye on Wednesday announced that the latest version of its Email Security – Server Edition product introduces several new features designed to protect organizations against various types of threats.

FireEye on Wednesday announced that the latest version of its Email Security – Server Edition product introduces several new features designed to protect organizations against various types of threats.

Email Security – Server Edition version 8.2 brings new capabilities designed to detect and neutralize emails that impersonate a company’s executives.

Business email compromise (BEC) scams often involve fake emails purporting to come from executives and it’s not always easy for employees to identify these fraudulent messages. FireEye hopes to address this using a system that detects display name and header spoofing by analyzing headers and cross-referencing them with a riskware policy created by administrators.

“While executive impersonation protection has become a commonplace feature within cloud-based email security solutions, this has not been the case on-premises,” said Ken Bagnall, vice president of email security at FireEye. “We’ve added executive impersonation protection to FireEye Email Security – Server Edition as a direct response of customer feedback that they are seeing more impersonation emails getting through their existing security services. This update is designed to catch what other security solutions are missing.”

FireEye enhances Email Security productFour other important features and capabilities have been added to FireEye’s email security product, including the recently launched MalwareGuard machine learning engine.

The company has also added a URL rewrite feature designed to protect users against potentially malicious links found in emails.

“URLs that are being analysed by our online Advanced URL Defence service, which dynamically assesses landing pages for phishing pages and other threats, are rewritten in customers emails,” Bagnall told SecurityWeek. “Then at the time of click the user is taken to a page informing them either that the destination URL is malicious and they are blocked or that it is suspicious and to proceed with caution. If everything is fine they can proceed.”

The latest version of the product also allows users to customize guest images in an effort to mitigate attempts to evade detection.

Guest images, which store the operating system and applications, are run in a virtual machine when analyzing suspicious or captured traffic. Until now, FireEye provided regular updates for these images, but users could not customize them.

By allowing users to customize images so that they mimic an actual endpoint when a potentially malicious object in analyzed, FireEye says it increases the chances of evasion techniques being neutralized.

Finally, Email Security can now analyze password-protected files sent via email if the password is sent to the user as an image.

“Password protected files are commonly used to deploy malicious attachments. This evades a number of security products,” Bagnall explained. “Different attackers will go to different lengths to obfuscate the password. Some will put the password in an image in the email. FireEye Email Security already cracks passwords in email to check password protected files. Now it also uses Optical Character Recognition to extract them from images. We have seen attacks like this a number of times in the wild.”

The latest version of FireEye Email Security – Server Edition is available immediately.

Related: FireEye – Tech Firms’ Secret Weapon Against Disinformation

Related: FireEye Unveils New Solutions, Capabilities

Related: Open Source Tool From FireEye Helps Detect Malicious Logins

Written By

Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Expert Insights

Related Content

Application Security

Electric car maker Tesla is using the annual Pwn2Own hacker contest to incentivize security researchers to showcase complex exploit chains that can lead to...

Application Security

Password management firm LastPass says the hackers behind an August data breach stole a massive stash of customer data, including password vault data that...

Application Security

Virtualization technology giant VMware on Tuesday shipped urgent updates to fix a trio of security problems in multiple software products, including a virtual machine...

Application Security

Fortinet on Monday issued an emergency patch to cover a severe vulnerability in its FortiOS SSL-VPN product, warning that hackers have already exploited the...

Cybersecurity Funding

UK-based email security and brand protection solutions provider Red Sift on Thursday announced raising $54 million in a Series B funding round that brings...

Application Security

Big-game malware hunters at Volexity are shining the spotlight on a sophisticated Chinese APT caught recently exploiting a Sophos firewall zero-day to plant backdoors...

Application Security

Software maker Adobe on Tuesday released security patches for 29 documented vulnerabilities across multiple enterprise-facing products and warned that hackers could exploit these bugs...

Application Security

Microsoft’s security patching machine hummed into overdrive Tuesday with the release of fixes for at least 97 documented software vulnerabilities, including a zero-day that’s...