July 15, 2015 — has announced two new measures designed to protect against spear-phishing. Attachment Protect and user awareness enhancements reduce the threat from malware-laden attachments, and help IT teams improve employee security awareness. They join Mimecast Targeted Threat Protection – URL Protect to give customers a comprehensive line of defense against the key technical and human risks from spear-phishing in one cloud-based service.
Mimecast Targeted Threat Protection - Attachment Protect reduces the threat from weaponized or malware-laden attachments used in spear-phishing and other advanced attacks. It includes pre-emptive sandboxing to automatically security check email attachments before they are delivered to employees. Attachments are opened in a virtual environment or sandbox, isolated from the corporate email system, security checked and passed on to the employee only if no threat is detected.
Attachment Protect also includes the option of an innovative transcription service that automatically converts attachments into a safe file format, neutralizing malware as it does so. The attachment is delivered to the employee in read-only format without any delay. As most attachments are read rather than edited by employees, this is often sufficient. Should the employee need to edit the attachment, they can request it is sandboxed on-demand and delivered in the original file format.
Neil Murray, chief technology officer at Mimecast, commented, “A new generation of services are needed to tackle spear-phishing. Firstly it was about stopping URL links to malicious websites. Now sandboxing has become a critical technical defense in the ongoing war on advanced attacks. But there have been attacks that recognize an attachment is held in a sandbox so the malware doesn’t deploy to avoid detection. Traditional sandboxing also delays email delivery, which may raise productivity concerns, and is expensive. So organizations often limit the use of sandboxes to contain the cost and only protect high profile or at risk employees, leaving the wider organization vulnerable to attack.
“With Attachment Protect we have addressed these limitations by creating a cost-effective layered defense to help protect against malicious attachments. The integration of a pre-emptive sandbox, a virtually instant transcription service with on-demand sandboxing, and URL protection, now makes it easy and affordable to protect every employee from the growing threat of spear-phishing.”
Mimecast Targeted Threat Protection – URL Protect offers click-time protection and now includes innovative user awareness capabilities so IT teams can raise the security awareness of employees. Once enabled, a percentage of links in emails clicked by an employee will open a warning screen. This will provide them more information on the email and destination, prompting them to consider if the page is safe. If they choose to continue, their opinion is logged, URL Protect scans the link and blocks access if the destination is unsafe. IT administrators can set how frequently these awareness prompts are shown to ensure employee caution is maintained. Repeat offenders that click bad links will get more frequent prompts automatically until their behavior changes. The IT team can track employee behavior from the Mimecast administration console and target additional security training as required.
Murray continues: “Technology is only part of your defense against spear-phishing and other security threats for that matter. A comprehensive strategy requires employee education. Organizations need to improve employee skills and vigilance, and turn them into a human firewall that can thwart the scammers and hackers. But traditional IT training is ineffective, time consuming and ultimately unable to keep up with advanced security threats that change all the time. Organizing spoof spear-phishing attacks to catch out employees is time consuming, disruptive and resented by those who are exposed and it also needs repeating regularly. These approaches change behavior for short periods but can be easily forgotten. URL Protect puts targeted security information on screen at the time of the actual click and this ensures employees keep thinking and learning about the risks.”
Mimecast makes business email and data safer for more than 13,000 customers and millions of employees worldwide. Founded in 2003, the company’s cloud-based security, archiving and continuity services protect email, and deliver comprehensive email risk management in a single, fully-integrated subscription service. Mimecast reduces email risk and the complexity and cost of managing the array of point solutions traditionally used to protect email and its data. For customers that have migrated to cloud services like Microsoft Office 365, Mimecast mitigates single vendor exposure by strengthening security coverage, combating downtime and improving archiving.
Mimecast Email Security helps protect against malware, spam, advanced phishing and other emerging attacks, while preventing data leaks. Mimecast Mailbox Continuity allows employees to continue using email during planned and unplanned outages. Mimecast Enterprise Information Archiving unifies email, file and Instant Messaging data to support e-discovery and give employees fast access to their personal archive via PC, Mac and mobile apps.
Disclaimer: Press releases are provided for historical purposes only. The information contained in each is accurate only as of the date the press release was originally issued.