The FireEye Email Malware Protection System (MPS) secures against spear phishing email attacks that bypass anti-spam and reputation-based technologies. Spear phishing attacks have soared in popularity with the availability of user-specific information on social networks and other Internet resources. With all the personal information available online, a criminal can socially engineer almost any user into clicking a URL or opening an attachment with a zero-day exploit, and the criminal quickly collects control of a privileged system and user accounts.
To quarantine the spear phishing emails used in advanced targeted attacks, the Email MPS analyzes every attachment using a signature-less, Multi-Vector Virtual Execution (MVX) engine that can safely and accurately identify zero-day attacks. It goes beyond signature and reputation-based systems by detonating each attachment against a cross-matrix of operating systems and applications, including multiple Web browsers and plug-ins like Adobe Reader and Flash. Administrators can quarantine emails with malicious content for further analysis or deletion.
Because advanced attacks use spear phishing as the opening salvo of a multi-vector attack strategy, the Email MPS is often deployed along with the Web MPS and Central Management System (CMS). In this manner, customers not only get real-time protection against malicious URLs, but also the ability to connect the dots of a blended attack. For instance, identifying other targeted individuals who were sent spear phishing emails containing the same malicious URLs is the type of actionable intelligence necessary to protect organizations against advanced targeted attacks.
- Installs within 30 minutes – Deploys as an MTA, SPAN device, or BCC destination, inline (block/monitor-mode) or out-of-band (monitor-only)
- Real-time quarantine of zero-day emails attacks – Using the VX engine, it detects and stops advanced targeted attacks using malicious images, PDFs, Flash, or ZIP/RAR/TNEF archives
- Integrates with Web MPS to stop blended attacks – Works with FireEye Web MPS protection to quarantine emails with malicious URLs and trace Web-based attacks back to the original spear phishing email
- Enhances existing email control infrastructure – Layers dynamic malware and attachment analysis behind the static signature-based detections of anti-spam and anti-virus gateways
- Dynamically generates malware intelligence – Captures details such as callback coordinates and communication characteristics to protect locally and share globally through the cloud
- Supports YARA-based rules – Enables information security analysts to specify byte-level rules and quickly analyze email objects for threats specific to the organization
- Supports third party anti-virus – Malicious objects that anti-virus can also identify can be linked to the deeper forensic information from the Email MPS for more efficient incident response prioritization