Finally, a Way to Isolate Phishers from Your Valuable Data

Try as they might, frustrated IT Security managers face a herculean task trying to stop employees from committing the preventable mistake of opening unknown email links.

They educate. They implore. They threaten.

And yet it goes in one ear and out the other.

Year after year, we read about security breaches caused when someone ignored security best practices and fell for another phishing scam. All it takes is one person in your organization to click on a booby-trapped link to put your data at risk.

Unfortunately, this has become an expensive learning experience.

Here’s more food for thought:

• Malware attacks rose 36% in the last year
• 1 in 6 malicious emails contain malicious links
• Spear phishing campaigns are up 55%
• 30% of users open phishing emails.

Conventional email security has a hard time handling suspicious links because attackers have become increasingly sophisticated about hiding their fingerprints.

But this story ends on an optimistic note. I want to share news about some new security technology that we’ve pioneered to keep your organizations protected, even if your employees sometimes wind up doing the wrong thing.

Over the last year, Symantec has built out a series of offerings around our Integrated Cyber Defense to provide better defense for endpoints, network, the cloud and yes, email. When it comes to the latter, our engineers have come up with two clever ways to tackle the phishing menace.

Firstly, we have integrated security awareness training into our email security solution. Security teams are now able to run simulated campaigns to assess the readiness of the organization to phishing attacks. These simulations closely resemble real-world attacks and can be easily customized. Security teams can now get a heat map of which users are susceptible to such attacks and can provide immediate training to harden their users from getting phished when they are actually targeted.

The second major innovation, which is an industry-first, is to use isolation technology to solve for advanced email threats, whether it involves ransomware or phishing links. Let’s take a closer look how it works in practice.

How it Works

You can deploy threat isolation either as a cloud-based service or as an on-premises solution.

Email Threat Isolation adds elevated levels of protection and isolation to the Symantec Email Security solution and solves three key use cases.

In the first use case, we isolate malicious URLs by overwriting links in emails to point to the Symantec Cloud. When an user clicks on the link, it is now rendered in our isolation portal so that any malware payloads like ransomware are now completely neutered and only inoculated web content is sent down to the browser.

The second use case focuses on preventing phishing scams that steal credentials or other sensitive data. Attackers have become very clever in ways they can craft emails to resemble an account lockout notification from legitimate services like Office 365.

Unsuspecting users get lured into submitting their actual credentials - all the while assuming they were responding to a critical alert. This is your typical John Podesta scam and it’s now happening on enterprise email. But Symantec email threat isolation is able to prevent these attacks by rendering suspicious websites (based on reputation) in a read-only mode so that the user is prevented from submitting the sensitive data.

The third case use is about preventing any weaponized attachments that users end up downloading from taking over the endpoints. This is achieved with the synergy with our newly released Symantec Endpoint Protection (SEP) Hardening solution. SEP Hardening firstly protects the email client itself from being exploited due to zero-day vulnerabilities. Secondly it monitors the email attachments and isolates any executables so that they are run in a “jail-like” environment which prevents the application from any bad behavior. Lastly it protects the document clients like Word, Excel, Acrobat Reader, etc. from weaponized documents that might be trying to exploit any vulnerabilities or trying to use scripts like macros or PowerShell from downloading and executing additional payloads.

In summary, Email Threat Isolation essentially defangs malicious links or attachments and leaves them harmless.

Why This Matters  

This constitutes a major shift in the battle against phishing. For the first time, IT Security is not only able to better prepare their organizations by training them to not click or open suspicious emails but when that inevitably happens, they will be able to deploy a trusted backstop that can compensate for the mistakes employees make with email.

Think about what this means. From now on, if there’s an executable that someone triggers in a phishing email, we are going to put it into a jail. If it’s a content file with a weaponized document, we are going to completely isolate it. All the while, we can keep the user safe and secure.

The same goes for credential theft. If there’s a login page asking users for their credit card or social security numbers, isolation will automatically make those forms read-only, preventing users from revealing their valuable data to cyber criminals. At the same time, the system will generate an alert to the security admin, informing them of an attempt data theft.

This is a powerful statement about how new approaches to technology can help keep your organization safe. It’s also part of our integrated commitment to security at Symantec to create multi-channel protection across endpoints, web, and messaging apps.

If you found this information useful, you may also enjoy:

• Click here to download the Email Threat Isolation Solution Brief
• Attend this webinar to see a demo of Email Threat Isolation in action: Phish me not! Stop Sophisticated Phishing Attacks and Ransomware with Email Threat Isolation