Advanced Threat Protection
Protection from Zero Hour Attacks
Most email filters can detect known threats which account for more than 99% of email attacks. The remaining 1% are the unknowns. These are the never-before-seen attacks that have been designed specifically to target your organization and will evade traditional means of detection.
The Email Laundry’s Advanced Threat Protection includes Attachment Detonation and Advanced URL Defense, capable of detecting these new, sometimes ‘Zero-Hour’ attacks.
Advanced URL Defense
Protecting against phishing and spear-phishing attacks, Advanced URL Defense goes beyond traditional URL inspection by dynamically analyzing links found in the message body, or in an attachment, along with their landing pages. Links are followed to their final destination, even when attackers use sophisticated techniques such as multiple redirects, shortened URLs, or hijacked URLs, to avoid detection. Any files found at the destination URL are detonated to determine if they contain malicious code.
76% OF ORGANIZATIONS REPORT BEING VICTIMS OF A PHISHING ATTACK
- Unknown links are rewritten to offer time-of-click protection.
- Blocks emails containing malicious links in the message body, attachments, and even password-protected attachments.
- Linked landing pages are dynamically analyzed in real-time to determine authenticity.
Phishing attacks commonly contain links to fake login pages for well-known websites such as Office 365, Google Docs, and Dropbox, to steal an employee’s login credentials. Phish Vision utilizes artificial intelligence to dynamically analyze source code, images, submission forms and other criteria to determine authenticity.
Click Protection – URL Rewriting
To evade traditional email filters, attackers wait until after an email has been delivered before ‘weaponizing’ the landing page behind a link. Advanced URL Defense rewrites unknown and potentially suspicious links, allowing for continual analysis of the link and landing page post-delivery, preventing a user from accessing a now-known malicious link.
Attachment Detonation (Sandboxing)
‘RansomWare as a Service’ removes the cost and coding barrier to entry, resulting in a threat landscape that has never been more diverse. Even minor variations in code can make previously seen malware/ransomware undetectable to reputable filters.
As the last layer of protection in our entire stack, Attachment Detonation is designed to investigate unknown and potentially suspicious attachments that haven’t yet been detected.
These unknown and potentially suspicious attachments are detonated on over 200 virtual machines in a cross-matrix of operating systems, programs, and applications to detect zero-day exploits and never-before-seen malware.
DETECTS MORE ZERO-DAYS, THAN EVERY OTHER SANDBOX – COMBINED
- Detects never-before-seen malware and ransomware
- Unknown attachments are detonated on over 200 virtual machines to observe their behavior
- Even password-protected documents can be detonated if considered to be potentially malicious
- Over 80 file types supported
Cyber criminals are constantly developing new tactics to gain access to an organization’s network in order to steal money and/or data. Unknown exploits have demonstrated how damaging zero-day exploits can be for organizations. With over 80 file types supported, attachments are opened in a virtual environment, including current and old versions of operating systems, programs, and applications. This enables The Email Laundry to detect and quarantine these never-before-seen attacks.
To evade detection by signature and heuristic-based AV engines, attackers commonly password protect their malware-laden attachments, usually including the password in the message body so that the recipient can still gain access. Attachment Detonation overcomes this tactic by scanning both the text and images in the message body, along with using a directory of commonly-used passwords, enabling for the attachment to be opened virtually.
Attachment Detonation detects more zero-days and unknown malware than every other sandbox in the security industry – combined.