Symantec Email Security is a deeply customizable tool that protects against ransomware, phishing and business email compromises and insulates users from sophisticated email attacks such as credential theft and spearphishing. With automated sender authentication, it helps protect customer brands and ensure sender trust. Accelerated response and remediation for advanced attacks also helps protect intra-company, outbound and inbound email communications and control sensitive data to meet compliance and privacy requirements.
The Global Intelligence Network covers malware and spam protection, phishing defense and emerging threat prevention. With a multilayer approach and real-time link following, it eliminates the risk of phishing and credential theft from untrusted links. Other approaches include blacklisting known malicious URLs, evaluating links at click-time, URL rewriting and URL threat isolation to protect users without over blocking unknown URLs.
Symantec claims to be the only security vendor to integrate isolation technology into the security stack where it can defeat even the most convincing phishing attacks. The solution defends users from spearphishing by isolating malicious links and prevents credential phishing and account takeover attacks by rendering suspicious websites in read-only mode so users cannot enter their login credentials, even if they are duped. These emails may not necessarily be marked malicious, but rather, new.
The email impersonation control service lets you configure policies that guard against email impersonation, including CEO scams, business email scams, and “whaling” attacks. The Domain Impersonation and User Impersonation controls can be configured to apply actions against messages identified by the service. The analytics platform gives customers insight into rich metadata of every scanned email including reports, logs and API data feeds. They strive to provide this information in near real-time, two minutes from the time of scan.
Cynic sandboxing is used to detect and prevent complex, persistent threats. It launches an attachment in the secure sandbox environment and then mimics typical end user behavior to trigger malicious actions. Some of the most advanced threats are VM-aware and will not exhibit true behavior in sandbox on a VM so the solution detonates these attachments on bare metal to combat advanced threats using this evasive technique. Cynic can be ingested into a SIEM through their API. Many customers take advantage of this so they can coordinate data from other control points and discern a pattern of attack.
Symantec’s link following technology traces any redirects and blocks the attack chain. When a link is analyzed, often the one in the actual email is not the link that delivers the malicious payload. It may be redirected multiple times before a different link attacks comes in. It offers visibility to customers in cases like this displaying original URL, destination URL, file name, redirect type, file hash and count as well as additional insight like command control information and behavioral information from sandbox.
At the time of this review, we were told a new feature would be released in March to allow automatic blacklisting emails based on IOCs.
Pricing starts at $80 per year, including Standard Technical Support with options to upgrade to Premium Support.
Tested by Matthew McMurray