Mimecast has announced two new measures designed to protect against spear-phishing. Attachment Protect and user awareness enhancements reduce the threat from malware-laden attachments, and help IT teams improve employee security awareness.

They join Mimecast Targeted Threat Protection – URL Protect to give customers a comprehensive line of defence against the key technical and human risks from spear-phishing in one cloud-based service.

Mimecast Targeted Threat Protection – Attachment Protect reduces the threat from weaponised or malware-laden attachments used in spear-phishing and other advanced attacks. It includes pre-emptive sandboxing to automatically security check e-mail attachments before they are delivered to employees. Attachments are opened in a virtual environment or sandbox, isolated from the corporate e-mail system, security checked and passed on to the employee only if no threat is detected.

Attachment Protect also includes the option of an innovative transcription service that automatically converts attachments into a safe file format, neutralising malware as it does so. The attachment is delivered to the employee in read-only format without any delay. As most attachments are read rather than edited by employees, this is often sufficient. Should the employee need to edit the attachment, they can request it is sandboxed on-demand and delivered in the original file format.

Neil Murray, chief technology officer at Mimecast, commented, “A new generation of services are needed to tackle spear-phishing. Firstly it was about stopping URL links to malicious websites. Now sandboxing has become a critical technical defence in the ongoing war on advanced attacks. But there have been attacks that recognise an attachment is held in a sandbox so the malware doesn’t deploy to avoid detection. Traditional sandboxing also delays e-mail delivery, which may raise productivity concerns, and is expensive. So organisations often limit the use of sandboxes to contain the cost and only protect high profile or at risk employees, leaving the wider organisation vulnerable to attack.

“With Attachment Protect we have addressed these limitations by creating a cost-effective layered defence to help protect against malicious attachments. The integration of a pre-emptive sandbox, a virtually instant transcription service with on-demand sandboxing, and URL protection, now makes it easy and affordable to protect every employee from the growing threat of spear-phishing.”

Mimecast Targeted Threat Protection – URL Protect offers click-time protection and now includes innovative user awareness capabilities so IT teams can raise the security awareness of employees. Once enabled, a percentage of links in e-mails clicked by an employee will open a warning screen. This will provide them more information on the e-mail and destination, prompting them to consider if the page is safe. If they choose to continue, their opinion is logged, URL Protect scans the link and blocks access if the destination is unsafe. IT administrators can set how frequently these awareness prompts are shown to ensure employee caution is maintained.

Repeat offenders that click bad links will get more frequent prompts automatically until their behaviour changes. The IT team can track employee behaviour from the Mimecast administration console and target additional security training as required.

Murray continues: “Technology is only part of your defence against spear-phishing and other security threats for that matter. A comprehensive strategy requires employee education. Organisations need to improve employee skills and vigilance, and turn them into a human firewall that can thwart the scammers and hackers. But traditional IT training is ineffective, time consuming and ultimately unable to keep up with advanced security threats that change all the time.

“Organising spoof spear-phishing attacks to catch out employees is time consuming, disruptive and resented by those who are exposed and it also needs repeating regularly. These approaches change behaviour for short periods but can be easily forgotten. URL Protect puts targeted security information on screen at the time of the actual click and this ensures employees keep thinking and learning about the risks.”