FireEye Focuses on Email Security Analysis with Free Offering
FireEye has begun offering a free service through which IT organizations can evaluate their email security, as those systems have become the primary mechanism through which malware gets introduced into the enterprise.
Ken Bagnall, vice president of email security for FireEye, said email as an attack vector doesn’t get the respect it deserves, and spending on email security is completely disproportionate. Most malware arrives either as an attachment or via a link in an email that enables cybercriminals to eventually compromise a credential. Yet, the amount of dollars allocated to email security pales in comparison to what is spent on defending the network perimeter.
Bagnall freely admits that by offering FireProof – Email Threat Analysis as a free cloud service FireEye is aiming to drum up interest in FireEye Email Security, which features a Multi-Vector Virtual Execution (MVX) engine capable of analyzing email attachments and URLs across a range of operating systems, applications and web browsers.
The goal is to make it easier for cybersecurity professionals to make the case for allocating budget dollars to email security by presenting hard evidence of compromise, Bagnall said. To accomplish that goal, FireEye leverages the application programming interface (API) exposed in, for example, Microsoft Office 365 to ingest emails into cloud service. FireEye claims its email security software can analyze an average of 1 million email inboxes in 48 hours.
FireEye then compares those emails against threat intelligence it collects via sensors and the team of cybersecurity professionals it hires to provide cybersecurity services. That analysis is then employed to prioritize alerts and block threats in near real time. FireEye claims that approach makes false positives, which today are the bane of cybersecurity, nearly nonexistent.
A recent FireEye analysis of more than a half-billion emails found that less than one-third (32 percent) of email traffic seen in the first half of 2018 was considered ‘clean’ and delivered to an inbox. Phishing attacks alone make up 81 percent of the blocked malware-less emails, the report found. In fact, most of attacks blocked (90 percent) during analysis were malware-less. Impersonation attacks (19 percent) remain relatively proportional to the total number of attacks seen. The report found that one in every 101 emails had malicious intent.
The study also noted more malware-based attacks tend to occur on Mondays and Wednesdays. Malware-less attacks were most likely to occur on a Thursday, including domain-name spoofing and attacks using a spoofed friendly user name, with the notable exception of newly existing domains that peak on Wednesdays. Impersonation attacks were most likely to fall on a Friday. On the weekend, malware-less attacks continue to be more prevalent than malware-based attacks.
Cybercriminals focus on email because they know it works, Bagnall said, noting there are now five times as many malicious URLs than a year ago.
It is clear email security is often taken for granted in far too many organizations. A big part of that reason is that email security is difficult because humans tend to make a lot of mistakes. A firewall, by contrast, tends to only require cybersecurity professionals to focus on rules they can control. And yet, email remains the vector that ultimately causes cybersecurity professionals the most amount heartache.
