Symantec Email Security Community

Back to Library

Introducing the Strongest Protection and Visibility for Business Email Compromise  

Jul 27, 2017 05:44 PM

Last week, we announced comprehensive protection for Business Email Compromise and the deepest visibility into advanced email attacks. Today, we’re pleased to deliver new, simplified impersonation controls in the latest release of Symantec Cloud Email Security! With Business Email Compromise fraud on the rise and becoming increasingly dangerous by using advanced techniques such as machine learning to drive successful attacks, these capabilities help Symantec defend your organization from Business Email Compromise, spear phishing, and other spoofing threats with the strongest protection and visibility.

Comprehensive Protection with New Impersonation Controls

Let’s understand how these controls work. First, we uncover scams impersonating an end-user in your organization with user impersonation controls. You can either protect groups of users or focus on specific users that are more likely to be spoofed (see Figure 1). This comes in handy, since many Business Email Compromise attacks pretend to be senior executives such as your CEO or COO. Furthermore, these controls include protection from user impersonation attacks leveraging free email providers such as Gmail or Yahoo. For instance, we stop threats that claim to be from an executive’s personal email account such as ‘Joe_CEO@gmail.com’.

Figure 1: User Impersonation Controls

Next, we detect Business Email Compromise threats that masquerade as legitimate email domains in your organization through domain impersonation controls. This includes scams that use cousin or lookalike domains (think ‘@Symanlec.com’) to trick users into falling for them. Similar to user impersonation controls, you can have this protection apply to all of your domains or just certain selected domains (see Figure 2).

Figure 2: Domain Impersonation Controls

Both user and domain impersonation controls are powered by our sophisticated impersonation engine, which easily sniffs out Business Email Compromise attacks that evade detection by traditional email security solutions. Moreover, you can exclude trusted senders from these controls by whitelisting specific users, domains, and IP addresses. This includes third-parties that send email messages on your behalf (See Figure 3).

Figure 3: Approved users, domains, and IP addresses

 

Deepest Visibility through Reporting and Analytics

In addition to these simple, yet powerful controls, we provide visibility into Business Email Compromise fraud through dashboard and detailed reporting on these threats (see Figure 4). These reports help you better understand schemes targeting your organization as well as fine-tune protection against Business Email Compromise through insights into these scams. This visibility also includes rich threat intelligence on malicious emails that provide deep visibility into Business Email Compromise attacks with data points such as subject lines, email senders, and email recipients.

Figure 4: Dashboard Reporting on Business Email Compromise

We’ve expanded this visibility through advanced email security analytics on both clean and malicious emails, which will provide more visibility than ever into Business Email Compromise. For instance, you can get information such as email domains and headers used in Business Email Compromise scams.

Additional Protection with Sender Authentication

Although relying on sender authentication such as DKIM, SPF, or DMARC to block Business Email Compromise is often ineffective, there are certain scenarios where these tools can help. Therefore, Symantec enables customers to use these open-source standards to block Business Email Compromise via support for SPF and DMARC (which includes SPF and DKIM) authentication (see Figure 5). Note that these methods are only effective for schemes that directly spoof an email sender. In addition, these standards also help protect your brand from threats that try to spoof your email domains.

Figure 5: SPF and DMARC settings in Symantec Cloud Email Security

Unparalleled Security and Insights for Business Email Compromise

When combining the new user and domain impersonation controls, detailed reporting and analytics, and sender authentication tools, Symantec provides the strongest protection and visibility for Business Email Compromise. Most importantly, while other vendors require a lot of tuning to get their Business Email Compromise protection to work with hand-holding required, the Symantec solution has low false positives and simple, out-of-the-box setup. No other vendor offers both this level of security and insights into Business Email Compromise with low false positives and easy configuration. Moreover, we’re always enhancing and improving our solution to evolve with the changing threat landscape and help you stay ahead of the latest threats.

To learn more about the Symantec solution for Business Email Compromise and to see our new impersonation controls in action, join our webcast on August 30! In addition, please see the above video to learn more about Business Email Compromise, including how these attacks work, why they are successful, and how to defend against these threats. 

Follow us on Twitter: @SymantecEmail

Join the Symantec Email Security Community

 

Statistics
0 Favorited
2 Views
0 Files
0 Shares
0 Downloads

Tags and Keywords

Comments

Migration User
Aug 29, 2017 01:49 PM

Hi Travis, we have tight integration with Symantec DLP, which provides advanced, multi-channel DLP across email, web, network, storage, and other control points. You can learn more about this integration via the Symantec DLP webpage (see the 2nd panel). 

In addition, we provide more details about recipients via integration with the Symantec Advanced Threat Protection suite, which provides visibility and correates threats across multiple control points such as email, endpoints, and networks. You can learn more about this integration via this datasheet.

Let me know if you have any follow-up questions or if you'd like me to connect you with a Symantec representative for a briefing on these solutions.

-Nirav

m.travis
Aug 29, 2017 11:13 AM

This seems like a great product for any business to have. I might have missed it or possibly not mentioned but how is the integration with DLP? Does it integrate with any other symantec products to provide more details about valid recipients in the company. Either way this would be a benefit at my location.

Powershell_Guru
Aug 26, 2017 06:33 PM

This looks really incredible and addresses one of the biggest issues with corporate security next to the employee themselves.  Email continues to be a huge source of problems and requires constant dilligence.  I would love to see an on-prem version of this that deals specifically with legacy Exchange environments.

mprocter
Aug 22, 2017 09:36 AM

Nice looking dashboard, good to see an overview although more granular controls would be fantastic. Recently played around with the Intercept X offering from Sophos and was very impressed. As always great article, thanks Symantec.

Darren Jones
Aug 21, 2017 04:39 PM

Interesting article thanks. The dashboard looks useful too. I can see almost all companys needing this sort of protection!

Migration User
Aug 21, 2017 11:10 AM

We've implemented DKIM and SPF to our enterprise email due to so much spoofed spam. I'm looking forward to Symantec's advanced analytics coming next quarter. 90% of email our spam filter receives or malicious so it's obvious companies need this type of protection.

Migration User
Aug 21, 2017 09:20 AM

Hello Nirav,

Great to see that Symantec diversifing itself with the features and bring more in-depth analysis with little or no user intervention required.

We would surely like to have Symantec focus on maintaining high security standards and market integrity.

We all wish Symantec, Best of Luck !!!

 

Migration User
Aug 08, 2017 01:40 PM

Hi Carlos,

Thank you for your question. Yes, our user and domain impersonation controls use analyzers to identify attacks leveraging typosquatting. 

-Nirav

Migration User
Aug 08, 2017 07:25 AM

Hello Nirav:
Can you protect against Typo squatting? I mean monitoring domains that are similar to the real and avoid emails coming from fake domains.

Migration User
Aug 07, 2017 01:45 PM

No problem, glad we could help! While you have a good point that other vendors have functionality that seems similar (at least at first sight), what makes the Symantec technology innovative is that it has low false positives and it's easy to configure (out-of-the-box setup). Many other vendors require a lot of tuning to get their Business Email Compromise protection to work with hand-holding required, since it's so tricky to catch these scams without also catching legitimate emails. Even then, their controls result in a lot of false positives. 

We can't go into the details of how the Symantec Impersonation Controls work here, but they're pretty easy to setup with little to no tuning required, and most importantly they don't result in a ton of false positives. Plus, we give you visibility into Business Email Compromise with the granular reports and API.

Let me know if you're interested in learning more these announcements, I can connect you with the right team at Symantec. By the way, the MessageLabs technology has changed a lot in the past couple of years, so I recommend you take a second look at them (I think you'll be surprised!).

Migration User
Aug 04, 2017 01:05 PM

Thanks for clarifying - I'm glad there's more granular reporting available than what was shown!  My other question remains though - what is so innovative and "unparalleled" that other vendors haven't already been offering? I see lookalike domain checking, display name checks, SPF, and DMARC checks - all things at least two or three other leading security solutions have had for well over a year.  Aside from those checks, what is so special about this announcement/these features that I'm missing?  I've spent a long time working in email and have recommended several people away from MessageLabs due to lacking features (such as these) and was interested when I saw this announcement, but I'm not seeing what makes this "the Strongest Protection and Visibility for Business Email Compromise".

Migration User
Aug 01, 2017 01:36 PM

Sorry to hear your feedback. The graph we showed is a dashboard report designed to give high-level visibility into Business Email Compromise. We offer much deeper insights into Business Email Compromise such as sender & receipient information, subject lines, email domains, protection methods, and more via our Detailed Reports. In addition, you can stream all of this information into a SIEM or other security tool via an API, which will be available later this quarter. These data points includes detailed email header information as well. Check out this blog for more information on these analytics.

Migration User
Aug 01, 2017 11:01 AM

So I've read through the blog and am confused as this functionality has existed, with a lot more controls, in other vendors. Using marketing terms such as "Deepest Visibility through Reporting and Analytics" is followed up with a percentage based graph that shows no real insight.  Who is the sender, the exact reason(s) it was blocked, and is there anything else?  Then you say "Unparalleled Security and Insights for Business Email Compromise" when again, other vendors have far more controls.  This isn't anything groundbreaking, it's catchup. I've been in this space for a long time and announcements like this don't give me much confidence when you remove the buzzwords and actually digest what the product actually does.

Related Entries and Links

No Related Resource entered.