Subscribe
  • Home
  • /
  • Malware
  • /
  • New Mimecast services extend spear-phishing protection

New Mimecast services extend spear-phishing protection

New spear-phishing protections are designed to tackle threats from weaponised attachments and support employee security awareness.

Issued by Clockwork Media for Mimecast
Johannesburg, 16 Jul 2015

Mimecast has announced two new measures designed to protect against spear-phishing. Attachment Protect and user awareness enhancements reduce the threat from malware-laden attachments, and help IT teams improve employee security awareness. They join Mimecast Targeted Threat Protection - URL Protect to give customers a comprehensive line of defence against the key technical and human risks from spear-phishing in one cloud-based service.

Mimecast Targeted Threat Protection - Attachment Protect reduces the threat from weaponised or malware-laden attachments used in spear-phishing and other advanced attacks. It includes pre-emptive sandboxing to automatically security check e-mail attachments before they are delivered to employees. Attachments are opened in a virtual environment or sandbox, isolated from the corporate e-mail system, security checked and passed on to the employee only if no threat is detected.

Attachment Protect also includes the option of an innovative transcription service that automatically converts attachments into a safe file format, neutralising malware as it does so. The attachment is delivered to the employee in read-only format without any delay. As most attachments are read rather than edited by employees, this is often sufficient. Should the employee need to edit the attachment, they can request it is sandboxed on-demand and delivered in the original file format.

Neil Murray, chief technology officer at Mimecast, commented, "A new generation of services are needed to tackle spear-phishing. Firstly it was about stopping URL links to malicious Web sites. Now sandboxing has become a critical technical defence in the ongoing war on advanced attacks. But there have been attacks that recognise an attachment is held in a sandbox so the malware doesn't deploy to avoid detection. Traditional sandboxing also delays e-mail delivery, which may raise productivity concerns, and is expensive. So organisations often limit the use of sandboxes to contain the cost and only protect high-profile or at risk employees, leaving the wider organisation vulnerable to attack.

"With Attachment Protect we have addressed these limitations by creating a cost-effective layered defence to help protect against malicious attachments. The integration of a pre-emptive sandbox, a virtually instant transcription service with on-demand sandboxing, and URL protection, now makes it easy and affordable to protect every employee from the growing threat of spear-phishing."

Mimecast Targeted Threat Protection - URL Protect offers click-time protection and now includes innovative user awareness capabilities so IT teams can raise the security awareness of employees. Once enabled, a percentage of links in e-mails clicked by an employee will open a warning screen. This will provide them more information on the e-mail and destination, prompting them to consider if the page is safe. If they choose to continue, their opinion is logged, URL Protect scans the link and blocks access if the destination is unsafe. IT administrators can set how frequently these awareness prompts are shown to ensure employee caution is maintained. Repeat offenders that click bad links will get more frequent prompts automatically until their behaviour changes. The IT team can track employee behaviour from the Mimecast administration console and target additional security training as required.

Murray continues: "Technology is only part of your defence against spear-phishing and other security threats for that matter. A comprehensive strategy requires employee education. Organisations need to improve employee skills and vigilance, and turn them into a human firewall that can thwart the scammers and hackers. But traditional IT training is ineffective, time consuming and ultimately unable to keep up with advanced security threats that change all the time. Organising spoof spear-phishing attacks to catch out employees is time consuming, disruptive and resented by those who are exposed and it also needs repeating regularly. These approaches change behaviour for short periods but can be easily forgotten. URL Protect puts targeted security information on screen at the time of the actual click and this ensures employees keep thinking and learning about the risks."

Share

Mimecast

Mimecast makes business e-mail and data safer for more than 13 000 customers and millions of employees worldwide. Founded in 2003, the company's cloud-based security, archiving and continuity services protect e-mail, and deliver comprehensive e-mail risk management in a single, fully-integrated subscription service. Mimecast reduces e-mail risk and the complexity and cost of managing the array of point solutions traditionally used to protect e-mail and its data. For customers that have migrated to cloud services like Microsoft Office 365, Mimecast mitigates single vendor exposure by strengthening security coverage, combating downtime and improving archiving.

Mimecast E-mail Security helps protect against malware, spam, advanced phishing and other emerging attacks, while preventing data leaks. Mimecast Mailbox Continuity allows employees to continue using e-mail during planned and unplanned outages. Mimecast Enterprise Information Archiving unifies e-mail, file and Instant Messaging data to support e-discovery and give employees fast access to their personal archive via PC, Mac and mobile apps.

Editorial contacts

Ntombi Gama
Clockwork Media
(011) 463 0366
ntombi@clockworkmedia.co.za