How to Stop Phishing Attacks Being Missed

Email attacks are a significant problem for all organizations today because of how hard they are to secure. Thousands of emails include attachments, images, links and large files that need to be processed and inspected without disrupting business flow on a daily basis. Attackers take advantage of this volume, using tactics to hide malware with more advanced evasion tactics that adjust to and bypass organizations best security tools.

Security teams may get alerted to a suspicious email by customers, employees or detection, but they still must manually try to figure out which of the hundreds of alerts per hour really contain malware and of those, which pose the greatest threat.

Existing security tools don’t have object level visibility into files coming into the network, so analysts have no way to make fast determinations as to whether malware is present. Unfortunately, these analysts spend a lot of time looking at false positives because they lack critical actionable intelligence even though many of the file attachments are known to be good by file reputation services.

Take a commonly used security strategy like sandboxes in which file attachments are analyzed for malware. They can’t analyze all file types, sizes, and formats. They cannot analyze at the speed and volume of incoming security, and they are often bypassed by malware containing multiple layers of deception.

AV’s don’t have a prayer with catching commonly used polymorphic malware where only a few bit changes are needed (and automatically configured in malware payloads) to throw them off the signature scent. Email gateways can be creative with AI tools to detect unusual behaviors related to phishing attacks (imposter and fraudulent addresses, email arrival patterns) but they do not offer visibility into the actual objects that contain malware so that targeted attacks remain a threat.

Organizations clearly need a level of protection that their existing security can’t provide, including Exchange and Gmail.

What about a solution that works with all the security tools already in place in your network and enriches dashboards with visibility into the malware embedded in files or links – no matter the file type or size, instantly?

ReversingLabs processes all objects in all incoming email instantly using complex binary analysis, exposing embedded malware indicators. Results are instantly filtered by classification and prioritization of highest risk threats, and grouped using real world, actionable language.

Everything that enters our customers networks is automatically scanned and comprehensively analyzed at the object level — rapidly identifying threats for complete coverage of all email and attachments in motion.

The service integrates with Exchange and cloud providers like Proofpoint, IronPort, Symantec Email Gateway, and FireEye EX/AX for instant insights into all inbound destructive objects, for the most advanced and actionable threat intelligence available. And adding depth to existing controls with destructive object visibility - making sure nothing is missed.

Complex binary analysis results across all files in motion are also instantly sent to abuse boxes, SIEM and triage tools, extending and optimizing existing capabilities for better ROI. Our customers are finding that with enriched malware intelligence sent directly to SIEM, SOAR and EDR dashboards, security teams can instantly understand threat levels for prioritization and the quickest possible triage.

Learn more about ReversingLabs Email Threat Resilience Solution, which can help automate email analysis, enhance existing security controls, and optimize SOC workflows.