Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Endpoint

1/9/2019
06:10 PM
Dark Reading
Dark Reading
Products and Releases
50%
50%

FireEye Updates Email Security with New Threat Detection and Evasion Defenses Based on Insights from the Front Lines

On-premises email enhancements include executive impersonation protection, expanded URL protection, a new machine learning engine to detect emerging threats, password-protected image analysis, and guest image customization

MILPITAS, Calif., Jan. 9, 2019 – FireEye, Inc. (NASDAQ: FEYE), the intelligence-led security company, today announced a number of new defenses that are now available on FireEye® Email Security – Server Edition, in direct response to the changing cyber threat landscape.

“FireEye continues to keep pace with the most sophisticated attackers,” said Ken Bagnall, vice president of email security at FireEye. “With our knowledge gained on the front lines with our incident response experts, we build new techniques for detecting attacks and attempts to bypass defenses. The speed and flexibility with which an email security solution adapts separates the good from the best. FireEye Email Security – Server Edition continues to detect an average of over 14,000 malicious emails per customer per month that get past other email security services.”

Adding Executive Impersonation Protection to FireEye Email Security – Server Edition 

Malware-less attacks are becoming an increasingly prevalent concern. In fact, FireEye has seen a rise in business email compromise over the past few years through executive impersonation attacks. According to the latest FireEye Email Threat Report, 19 percent of all malware-less attacks took this form in the first half of 2018. Impersonation attacks continue to be significant because adversaries are finding that people will often react to an email when it appears to be from an executive.

“While executive impersonation protection has become a commonplace feature within cloud-based email security solutions, this has not been the case on-premises,” continued Bagnall. “We’ve added executive impersonation protection to FireEye Email Security – Server Edition as a direct response of customer feedback that they are seeing more impersonation emails getting through their existing security services. This update is designed to catch what other security solutions are missing.”

Executive names are commonly used as display names in fraudulent emails to fool employees into taking action. This new FireEye capability protects employees from display name and header spoofing. Inbound mail headers are analyzed and cross-referenced with a Riskware policy created by the administrator, and headers that do not align with the policy and/or show signs of impersonation activity can be flagged.

In addition to the executive impersonation protection capabilities, FireEye Email Security – Server Edition incorporates several other new features designed to combat emerging threat vectors while enhancing performance. These include:

  • Attachment Detonation Customization (Guest Images): There is an increasing amount of malware programmed to execute under certain circumstances to evade sandbox detection. These evasion techniques typically limit file execution to behavior relating to the target organization. Administrators can now create a guest image which can ‘fool’ the file into executing, for example, creating browser history or defining ‘recently opened files’.
  • Full URL Rewrite: This new security capability better protects end users from malicious links by rewriting all URLs contained in an email.
  • Passwords in Images: In direct response to the latest attack techniques seen by FireEye incident response teams, and a rapid innovation cycle, the advanced detection Multi-Vector Virtual Execution™ (MVX™) engine can now use passwords embedded as images within emails to analyze the related password-protected files. Most sandboxes are unable to analyze password-protected files.
  • New Machine Learning Engine: FireEye’s recently launched machine learning engine, MalwareGuard™, is now available for FireEye Email Security – Server Edition. Under development for two years, this detection engine helps defend against emerging and new threats that often bypass traditional security solutions. Using machine learning models trained with data sets collected and labeled by FireEye and Mandiant researchers from real-world attacks, MalwareGuard intelligently classifies malware without human involvement and before signatures are available.
Availability

These new features are now available in the latest version of FireEye Email Security – Server Edition (8.2). A free email threat analysis is also available for authorized FireEye partners worldwide. More product information on FireEye Email Security – including both Server and Cloud Edition – can be found at www.fireeye.com/email.

Combining a FireEye Threat Intelligence subscription with FireEye Email Security is the best way for organizations to establish the agility that is needed to stay one step ahead of attackers. Organizations can learn more about FireEye Threat Intelligence at www.fireeye.com/intelligence.

About FireEye, Inc.

FireEye is the intelligence-led security company. Working as a seamless, scalable extension of customer security operations, FireEye offers a single platform that blends innovative security technologies, nation-state grade threat intelligence, and world-renowned Mandiant® consulting. With this approach, FireEye eliminates the complexity and burden of cyber security for organizations struggling to prepare for, prevent, and respond to cyber attacks. FireEye has over 7,300 customers across 67 countries, including more than 50 percent of the Forbes Global 2000.

© 2019 FireEye, Inc. All rights reserved. FireEye, Mandiant, Multi-Vector Virtual Execution, MVX and MalwareGuard are registered trademarks or trademarks of FireEye, Inc. in the United States and other countries. All other brands, products, or service names are or may be trademarks or service marks of their respective owners.

Contacts

Media
Dan Wire 
FireEye, Inc. 
[email protected] 
415-895-2101

Investor
Kate Patterson
FireEye, Inc.
[email protected]
408-321-4957

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
97% of Americans Can't Ace a Basic Security Test
Steve Zurier, Contributing Writer,  5/20/2019
TeamViewer Admits Breach from 2016
Dark Reading Staff 5/20/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: I told you we should worry abit more about vendor lock-in.
Current Issue
Building and Managing an IT Security Operations Program
As cyber threats grow, many organizations are building security operations centers (SOCs) to improve their defenses. In this Tech Digest you will learn tips on how to get the most out of a SOC in your organization - and what to do if you can't afford to build one.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-7068
PUBLISHED: 2019-05-24
Adobe Acrobat and Reader versions 2019.010.20069 and earlier, 2019.010.20069 and earlier, 2017.011.30113 and earlier version, and 2015.006.30464 and earlier have an use after free vulnerability. Successful exploitation could lead to arbitrary code execution .
CVE-2019-7069
PUBLISHED: 2019-05-24
Adobe Acrobat and Reader versions 2019.010.20069 and earlier, 2019.010.20069 and earlier, 2017.011.30113 and earlier version, and 2015.006.30464 and earlier have a type confusion vulnerability. Successful exploitation could lead to arbitrary code execution .
CVE-2019-7070
PUBLISHED: 2019-05-24
Adobe Acrobat and Reader versions 2019.010.20069 and earlier, 2019.010.20069 and earlier, 2017.011.30113 and earlier version, and 2015.006.30464 and earlier have an use after free vulnerability. Successful exploitation could lead to arbitrary code execution .
CVE-2019-7071
PUBLISHED: 2019-05-24
Adobe Acrobat and Reader versions 2019.010.20069 and earlier, 2019.010.20069 and earlier, 2017.011.30113 and earlier version, and 2015.006.30464 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.
CVE-2019-7072
PUBLISHED: 2019-05-24
Adobe Acrobat and Reader versions 2019.010.20069 and earlier, 2019.010.20069 and earlier, 2017.011.30113 and earlier version, and 2015.006.30464 and earlier have an use after free vulnerability. Successful exploitation could lead to arbitrary code execution .