New Email Fraud Protection monitors third parties, obviates need to manually set and maintain e-mail sender parameters
Symantec added fraud prevention capabilities to its e-mail security platform this week with features designed to help organizations defend against the growing menace of business e-mail compromise (BEC) attacks.
The Lowdown: Available now, Symantec Email Fraud Protection integrates with Symantec’s Email Security and Email Threat Isolation offerings and features automated e-mail authentication controls that specifically target e-mail impersonation attacks.
The Details: Business e-mail compromise attacks typically involve impersonation of an internal executive or trusted third party who socially engineers a recipient into handing over data, access, or, increasingly, large amounts of money via wire transfer.
To combat such attacks, organizations deploy lists of senders approved to use the company domain using authentication standards such as DKIM, DMARC, and SPF. Enforcing the lists and keeping DNS entries up-to-date is a time-consuming, manual process that often falls to the bottom of the priority list for understaffed security teams.
Symantec Email Fraud Protection approaches the problem by automating and maintaining the authorized senders’ lists. It gives organizations a single tool to audit who sends e-mail on their behalf, confirm their legitimacy, issue authorization, and maintain the sender list.
The Impact: According to the FBI, business e-mail compromise attacks increased 136 percent over the past two years, costing victim organizations more than $12 billion.
The Buzz: “Symantec is focused on delivering business value to customers through our Integrated Cyber Defense Platform. Email Fraud Protection is a great addition to Symantec Email Security, ensuring enterprises are equipped with an automated and comprehensive e-mail security solution,” said Patrick Gardner, senior vice president of e-mail security at Symantec. “Our goal is to give businesses and IT departments time and money back that can be spent elsewhere in the organization.”
“Symantec monitors the underlying e-mail services used and keeps these detailed records up-to-date,” said Anant Vadlamani, Symantec’s director of product management for e-mail security. “Now, a single DNS change enables you to attain, and maintain, sender authentication, drastically reducing the amount of staff time needed while achieving enforcement in a considerably shorter time scale.”