FireEye Stories Blog

The Latest in On-Premises Email Security Detection and Evasion Defense

No organization can anticipate all emerging threats. Some are too well camouflaged and others are simply unknown, and exposing them requires cyber security defenses that adapt just as quickly as the evolving threat landscape. However, by combining threat intelligence with detection technologies, it is possible to gain a much clearer picture of potential email threats that could impact an organization.

Unfortunately, most email security solutions just don’t evolve fast enough to stop potential future threats. This issue is the very reason why FireEye pioneered the technology to detect advanced email threats. As attackers develop techniques for evading detection technology, FireEye continues to keep pace to develop the latest in evasion defenses and help ensure organizations are properly equipped to defend against emerging threats.

The latest release of FireEye Email Security – Server Edition incorporates many important detection features to combat new threat vectors, and to deliver performance enhancements.

  • Executive Impersonation Protection: Executive names are commonly used as display names in fraudulent emails to fool employees into taking action. This new FireEye capability protects employees from display name and header spoofing. Inbound mail headers are analyzed and cross-referenced with a Riskware policy created by the administrator, and headers that do not align with the policy and/or show signs of impersonation activity can be flagged.
  • Full URL Rewrite: This new security capability better protects end users from malicious links by rewriting all URLs contained in an email.
  • Passwords in Images: Most sandboxes only look at a single file. Trouble is, if that file happens to be password protected, the sandbox can’t analyze it. Email Security – Server Edition is different. FireEye’s rapid innovation cycle now means the advanced detection Multi-Vector Virtual Execution (MVX) engine can analyze passwords embedded as images within email. This is a direct response to the latest attack techniques experienced in the field by our incident response teams.
  • MalwareGuard Machine Learning Protection: FireEye Email Security – Server Edition now supports MalwareGuard machine learning-based capabilities to help defend against emerging and new threats that often bypass traditional security solutions. Recently launched on FireEye Endpoint Security, this advanced detection and protection engine has been two years in the making and combines the technology, expertise, and intelligence learned over more than 10 years on the front lines of the world’s biggest breaches. By building in the insights of FireEye data scientists and our real-world incident response testing, this machine learning model is trained to make intelligent malware classifications without human involvement.

Attachment Detonation Customization (Guest Images)

In addition to continual innovation in advanced threat detection, FireEye is also focused on evasion mitigation. Many evasion techniques can be prevented by ensuring the Guest Image reproduces an endpoint domain, a domain user, Outlook data and browser history. As a unique differentiator, this latest release enables Guest Images to be customized so they mimic a “used” endpoint when a potentially malicious object is executed. There is an increasing amount of malware programmed to execute under certain circumstances to evade sandbox detection. These evasion techniques typically limit file execution to behavior relating to the target organization. Administrators can now create a guest image, which can ‘fool’ the file into executing, for example, creating browser history or defining ‘recently opened files’.

Move Fast and Stay Ahead

One big quality that separates a good security solution from a better one is speed. When it comes to email, a FireEye Threat Intelligence subscription combined with FireEye Email Security helps ensure organizations have built agility into their cyber security program, ultimately allowing them to move fast and stay one step ahead of attackers.