New spear-phishing protections are designed to tackle threats from weaponized attachments and support employee security awareness.

Mimecast has announced two new measures designed to protect against spear-phishing. Attachment Protect and user awareness enhancements reduce the threat from malware-laden attachments, and help IT teams improve employee security awareness. They join Mimecast Targeted Threat Protection – URL Protect to give customers a comprehensive line of defense against the key technical and human risks from spear-phishing in one cloud-based service.

Mimecast Targeted Threat Protection - Attachment Protect reduces the threat from weaponized or malware-laden attachments used in spear-phishing and other advanced attacks. It includes pre-emptive sandboxing to automatically security check email attachments before they are delivered to employees. Attachments are opened in a virtual environment or sandbox, isolated from the corporate email system, security checked and passed on to the employee only if no threat is detected.

Attachment Protect also includes the option of an innovative transcription service that automatically converts attachments into a safe file format, neutralizing malware as it does so. The attachment is delivered to the employee in read-only format without any delay. As most attachments are read rather than edited by employees, this is often sufficient. Should the employee need to edit the attachment, they can request it is sandboxed on-demand and delivered in the original file format.

Neil Murray, chief technology officer at Mimecast, commented, “A new generation of services are needed to tackle spear-phishing. Firstly it was about stopping URL links to malicious websites. Now sandboxing has become a critical technical defense in the ongoing war on advanced attacks. But there have been attacks that recognize an attachment is held in a sandbox so the malware doesn’t deploy to avoid detection. Traditional sandboxing also delays email delivery, which may raise productivity concerns, and is expensive. So organizations often limit the use of sandboxes to contain the cost and only protect high profile or at risk employees, leaving the wider organization vulnerable to attack.

“With Attachment Protect we have addressed these limitations by creating a cost-effective layered defense to help protect against malicious attachments. The integration of a pre-emptive sandbox, a virtually instant transcription service with on-demand sandboxing, and URL protection, now makes it easy and affordable to protect every employee from the growing threat of spear-phishing.”

Mimecast Targeted Threat Protection – URL Protect offers click-time protection and now includes innovative user awareness capabilities so IT teams can raise the security awareness of employees. Once enabled, a percentage of links in emails clicked by an employee will open a warning screen. This will provide them more information on the email and destination, prompting them to consider if the page is safe. If they choose to continue, their opinion is logged, URL Protect scans the link and blocks access if the destination is unsafe. IT administrators can set how frequently these awareness prompts are shown to ensure employee caution is maintained. Repeat offenders that click bad links will get more frequent prompts automatically until their behavior changes. The IT team can track employee behavior from the Mimecast administration console and target additional security training as required.

Murray continues: “Technology is only part of your defense against spear-phishing and other security threats for that matter. A comprehensive strategy requires employee education. Organizations need to improve employee skills and vigilance, and turn them into a human firewall that can thwart the scammers and hackers. But traditional IT training is ineffective, time consuming and ultimately unable to keep up with advanced security threats that change all the time. Organizing spoof spear-phishing attacks to catch out employees is time consuming, disruptive and resented by those who are exposed and it also needs repeating regularly. These approaches change behavior for short periods but can be easily forgotten. URL Protect puts targeted security information on screen at the time of the actual click and this ensures employees keep thinking and learning about the risks.”