FireEye Stories Blog

Empowering Government Agencies with Advanced Email Security

We’re seeing several strong reasons for organizations shifting their email workloads to the cloud. First, users have already embraced these solutions for personal email accounts, so less training and support is required. And, perhaps more importantly, cloud provides significant savings for government agencies, which is why the White House advocates for accelerated adoption of cloud email and collaboration tools.

However, moving email to the cloud presents challenges for government departments and agencies. Cyber attacks have rapidly evolved over the past decade, making them difficult to counter. Some examples include attachments with sophisticated multistage attacks, deceptive URLs, and impersonation tactics where executives’ names are used to deceive employees and encourage them to act on instructions within the email. Additionally, the dramatic uptick in mobile device usage, in which email apps often simplify email headers, compounds these challenges.

Unfortunately, the attacks are escalating with cloud use. In our M-Trends 2019 study, we found that as more organizations move to software-as-a-service and cloud offerings, attackers are following that data. In fact, FireEye has discovered that cloud users are being targeted more than the cloud infrastructure itself. The attackers use phishing, client-side exploits, or victim missteps – and sometimes all three – to acquire valid credentials and authenticate to the cloud.

In addition to implementing security technologies, the key to countering these attacks is having the ability to continually adapt by leveraging victim- and adversary-derived intelligence. This is where FireEye can help.

A Holistic Email Security Solution

First, it’s worth noting that FireEye Email Security Cloud Edition for Government is the only service that facilitates cloud email adoption with a FedRAMP-authorized service, while also supporting Continuous Diagnostics and Mitigation (CDM), Trusted Internet Connection (TIC) initiatives and the Department of Homeland Security’s Binding Operational Directive 18-01. Specifically, FireEye Government Email Threat Prevention integrates with legacy TIC gateways, the GSA Managed Trusted Internet Protocol Service, and evolving TIC version 3 guidance.

Plus, it’s the only service that has been tested with the three largest Internet service providers (Verizon, AT&T, and CenturyLink) to directly route traffic to their DHS Intrusion Prevention Security Services EINSTEIN 3 Accelerated (E3A) offerings.  

How has FireEye Email Security Cloud Edition for Government has met federal Cloud First guidelines? Some of its capabilities and features include:

  • Superior threat detection
  • Integration to improve alert handling efficiences
  • Rapid adaptation to the evolving landscape
  • Easy deployment and cross-enterprise protection
  • Active protection or monitor-only mode

We'll explore these in greater detail in the rest of the post. Let's start from the top.

Superior Threat Detection

Email Security Cloud Edition for Government helps mitigate the risk of costly breaches by identifying and isolating advanced, targeted, and other evasive attacks camouflaged as normal traffic. Once detected, these attacks are quickly stopped, analyzed, and fingerprinted for faster identification of future threats.

We’re able to do this thanks to in-house developed technology with innovative algorithms, systems, and tools that specialize in impersonation detection and defense. For example, a common indicator of an email attack is the age of the sender’s domain. When creating an impersonation campaign, threat actorsr send out attack emails from a domain “similar-to” that of the person or company they are impersonating, usually within a few hours of that domain’s creation.

Email Security Cloud Edition for Government can determine the age and maturity of a domain using our in-house developed tools. Then we defend against this type of sender by determining a display name’s and username’s authenticity using friendly name identification.

In addition, our service is available with anti-spam and antivirus protection to detect common attacks that use conventional signature matching, as well as these impersonation techniques.

Integration to Improve Alert Handling Efficiencies

Email Security Cloud Edition for Government analyzes every email attachment and URL to accurately identify today’s advanced attacks. Real-time updates from the entire FireEye security ecosystem, combined with attribution of alerts to known threat actors, provide context for prioritizing and acting on critical alerts and blocking advanced email attacks.

Known, unknown and non-malware-based threats are identified with minimal noise and false positives so that resources are focused on real attacks to reduce operational expenses.

Rapid Adaptation to the Evolving Threat Landscape

Our email security service also helps organizations continually adapt and take a proactive defense against email-borne threats. Email Security Cloud Edition for Government creates its own threat intelligence for sophisticated attacks and incorporates third-party feeds for malware. Our in-house experts and threat analysts provide the underlying infrastructure for enhanced anti-spam technologies and impersonation detection. These capabilities help ensure that we can:

  • Deliver real-time visibility into threats
  • Identify specific capabilities and features of detected malware and malicious attachments
  • Provide contextual insights to prioritize and accelerate response
  • Determine the probable identity and motives of an attacker and track their activities within the agency or department
  • Retroactively identify spear phishing attacks and prevent access to phishing sites by rewriting malicious URLs
Easy Deployment and Cross-Enterprise Protection

Email Security Cloud Edition for Government is cloud-based, with no hardware or software to install. It’s ideal for organizations migrating their email infrastructure to the cloud. This shift eliminates the complexity of procuring, installing and managing a physical infrastructure.

In addition, our service integrates seamlessly with cloud-based email systems such as Microsoft Office 365 and G Suite. To protect against malicious and fraudulent emails, organizations simply route messages to Email Security, which analyzes the emails for spam, known malware, and impersonation tactics first. It then analyzes attachments and URLs for threats to stop advanced attacks in real time.

Active-Protection or Monitor-Only Mode

FireEye Email Security Cloud Edition for Government can analyze emails and quarantine threats for active protection. Organizations simply route messages to FireEye. For monitor-only deployments, federal agencies and departments just need to set up a transparent blind-copy rule to send copies of emails to FireEye for analysis.

Both configurations help reduce the amount of routing hops that an email must take before delivering to customers. This simplifies business processes and redundant routing configurations that can slow mail flow. Perhaps best of all, the deployment – even for complex environments – is done within hours, not days or weeks.

Superior Protection for Cloud-based Email

As the email threat landscape continues to become more sophisticated, federal agencies that are migrating email workloads to the cloud should ensure they take greater security measures.

FireEye Email Security Cloud Edition can reduce costs and increase employee productivity, while minimizing the risk of breaches caused by advanced email attacks.

And for government agencies trying to meet Cloud First guidelines, Email Security Cloud Edition for Government is on the DHS Approved Products List via CDM – helping departments improve their security posture through a mix of advanced technologies and capabilities.

Head over to our website to learn more about how FireEye Email Security Cloud Edition for Government can help your organization detect and stop advanced and targeted attacks.