Your browser is not supported. Please use Chrome, Firefox, Edge or Safari browser. More information

  • HUN

  • |

    4iG

    {{ portfolioStock.last }} Ft

    {{ portfolioStock.change_percent }}

SolutionsCybersecurityCybersecurity operations and managed services Advanced e-mail protection

ADVANCED E-MAIL PROTECTION

PROTECTION AGAINST BUSINESS E-MAIL COMPROMISE (BEC) ATTACKS

Most of the targeted attacks start with the application of social engineering, for which e-mail is used as the primary channel, so it is of the utmost importance to protect e-mail traffic. Today's classic protection tools (SPAM filter, antivirus) are not suitable for full protection against a targeted attack, because the attackers are now prepared for their presence. Malware, APT campaigns, phishing and social engineering attacks can only be filtered out on a behavioral basis.

During the E-mail ATP service of 4iG, incoming e-mails are examined in a separate so-called sandbox environment for the behavior of files, macros, URLs and scripts, on the basis of which a risk value is determined. Based on this risk value, we can identify targeted (spear-phishing, social engineering) and ransomware attacks and detect Business E-mail Compromise.

Depending on policy settings, our tool can block, quarantine or tag the e-mails based on the subject field. It is also able to remove and replace harmful attachments and rewrite suspicious URLs. The asset can be used to host operating system images used in the client's own infrastructure, making the sandbox environment more realistic for attackers than other assets, or even ‘standard’ VMs of such cloud services. In addition to fully replicating the environment of real workstations, the asset is also able to detect and manage various sandbox avoidance methods (e.g. delayed start-up, interaction request, virtualization search, etc.).

The asset can be implemented in several different modes. In the so-called MTA4 mode, it can act as an e-mail gateway and filter e-mail traffic in-line, or it can scan e-mail traffic copied as BCC, or scan mirrored traffic on SPAN/TAP ports. Of course, in the second case, we can only generate alerts, based on which the client can prevent harmful content from getting in using his specific procedure.

It is important to point out that the device behaves like a black box in a similar way to a SPAM filter, it does not examine the content of e-mails, only their ‘behavior’.