Epsilon Outlines Post-Breach Security Plans

Working with Verizon Business, marketing firm launches new secure services

2 Min Read

Three months after disclosing a security breach that affected dozens of companies and millions of customers, email marketing firm Epsilon today unveiled plans for shoring up the security of its systems and rolled out several new secure services.

Working with Verizon Business, Epsilon launched a custom cloud-based service that provides a "significant improvement over conventional methods of breach detection," according to a statement.

Epsilon said it will use Verizon’s ability to track malicious IP addresses to identify and mitigate "electronic crimes in motion" in a way that has not been possible until now. In addition, Epsilon said it is restricting access to its email platform, both inbound and outbound, to white-listed IP addresses.

Epsilon also said it will extend two-factor authentication, currently in place for employees, to all of its clients by the end of the third quarter. The statement does not say what form of two-factor authentication it will use.

Separately, Epsilon said it is working with top Internet service providers (ISPs) to building an anti-phishing strategy that includes "developing an open, rapid communication channel between marketers and ISPs, methods to easily differentiate legitimate communications from fraudulent ones, and a way to monitor brand abuse across email domains."

The anti-phishing solution, currently in development, is anticipated for presentation and release to clients in the fourth quarter, the statement said.

“We have already made significant progress to bolster security measures and remain focused on creating a more secure environment using the most sophisticated resources available in order to protect our clients and their customers from cyber attacks,” said Bryan Kennedy, president and CEO of Epsilon, in the statement.

Epsilon is using Verizon Business services to establish a baseline for normal network behavior, according to Verizon. "With that baseline in place, the company now is alerted by Verizon to incidents that are not normal, and receives near real-time notification of other indicators of behaviors of an attack." This approach eliminates the need to analyze thousands of lines of log data, Verizon said in a separate statement.

Have a comment on this story? Please click "Comment" below. If you'd like to contact Dark Reading's editors directly, send us a message.

About the Author(s)

Tim Wilson, Editor in Chief, Dark Reading


Tim Wilson is Editor in Chief and co-founder of Dark Reading.com, UBM Tech's online community for information security professionals. He is responsible for managing the site, assigning and editing content, and writing breaking news stories. Wilson has been recognized as one of the top cyber security journalists in the US in voting among his peers, conducted by the SANS Institute. In 2011 he was named one of the 50 Most Powerful Voices in Security by SYS-CON Media.

Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like

More Insights