Email Security For Advanced Malware And Evasive Persistent Threats
Enhancing Email Gateway Technologies
Email is a key mission-critical application. Unfortunately, it is also one of the most dominant vectors for delivery of traditional viruses and advanced malware. Traditional Secure Email Gateways (SEG) have addressed traditional threats such as spam and viruses. However, they are insufficient to detect and stop today’s evasive malware intended to bypass detection from SEG systems.
Lastline Enterprise is a complementary layer of defense to enhance your SEG investments and provide you email security against advanced malware. Presently, there are three deployment options available, as illustrated below.
|Option||Deployment Description||Detect And Block||In-Line|
|1||SMTP Monitoring||Detect Only||No|
|2A||MTA Mode W/ Email Delivery||Detect & Block||Yes|
|2B||MTA Mode W/ No Email Delivery||Dectect Only||No|
|3||BCC Configuration||Detect Only||No|
Lastline Enterprise is comprised of Sensor, Manager, Engine and Threat Intelligence components, as described here. You can configure these components to complement SEG and MTA (Mail Transport Agent) systems.
Option 1: SMTP Monitoring
You can deploy the Sensor off of a network tap to passively monitor SMTP (Simple Mail Transport Protocol) traffic and extract attachments for all inbound emails for further analysis.
There is no integration required with your SEG or MTA server. You can easily detect and generate alerts on email attachments delivering evasive malware. To enable blocking, you will have to import these alerts to a SIEM (Security Information Event Management) system that could help modify and configure policies on your SEG or MTA server. Ideal to conduct a spot audit of your SEG or evaluate Lastline Enterprise detection capabilities.
Option 2: MTA Mode
Your SEG or MTA server can be instructed to route emails to the Lastline Enterprise Sensor with email delivery (in-line) or no email delivery (not-inline) via the SMTP protocol.
Option 3: BCC Configuration
You can configure your SEG or MTA to BCC (Blind Carbon Copy) emails into an account that the Sensor later accesses via IMAP (Instant Message Access Protocol) or POP (Post Office Protocol).
Email content attachments can be inspected for evasive malware. The Sensor can generate alerts that can be imported into your existing SIEM (Security Information Event Management) system. Optimal to monitor a batch of users by creating a single inbox (account) for them. Recommended alternative if you cannot implement SMTP monitoring.With Lastline you have multiple deployment methods at your disposal to detect and stop advanced malware over email. For more information, please request a Lastline Enterprise evaluation.
Common Secure E-Mail Gateways: Cisco, Proofpoint, Symantec, Microsoft, McAfee, Mimecast, WebSense, Barracuda Networks, Sophos, Trend Micro, Clearswift, SilverSky, TrustWave, Fortinet, WatchGuard, and Dell.
Latest posts by Lastline (see all)
- Choosing a VPN for Added Internet Security - March 23, 2020
- Emergency response: How construction companies should react to a hack - March 11, 2020
- Spam Campaign Leverages IQY Files to Distribute Paradise Ransomware - March 11, 2020