The advent of email transformed business communication, enabling people to exchange information 24/7, regardless of location. Fast forward and today, email has become the top attack vector, with a staggering 83% of organizations surveyed in the 2023 State of the Phish report indicating they have experienced phishing attacks.

The widespread use of email and the ease with which threat actors can create and evolve phishing attacks make business email compromise an inexpensive and highly effective attack technique.

Cybercriminals can easily trick users into clicking malicious URLs or opening compromised attachments through targeted social engineering.

In the February 2023 Threat Report, the Trellix Advanced Research Center reported a significant surge in malicious emails impersonating CEOs and other business leaders. In this email compromise tactic, employees receive a fake email from an executive asking them to confirm their direct phone number, so attackers can execute a voice phishing—or vishing—scheme.

Requirements for Cutting-Edge Email Protection Solutions 

Extended enterprises need email security solutions that can:
Catch advanced threats that email infrastructure solutions miss.
● Detect and defend against multistage campaigns. ● Activate multiple layers of detection, powered by innovative AI, ML, and security analytics. ● Gain real-time detection and prevention against credential harvesting, impersonation, and spear-phishing attacks.
Integrate with your existing security operations workflows.
● Empower SOC analysts to retrieve emails that have been weaponized post-delivery. ● Provide alerts with rich metadata to enable analysts to quickly identify the source of compromise. ● Use newly identified IOCs to search previously received emails and perform retrospective analysis.
Deploy as a cloud or on-premises solution.
● Integrate via API with Microsoft 365 and Google Workspace. ● Deploy in-line or in bcc/monitor mode. ● Gain high availability (99.995% or more).  

Trellix Email Security 

Trellix offers a comprehensive enterprise communication and collaboration security solution. Our flexible deployment models provide on-premises and cloud email security solutions to secure email infrastructure and collaboration tools, minimizing the risk of costly breaches.

Trellix Email Security offers industry-leading detection to identify, isolate, and immediately stop ransomware, business email compromise, spear phishing, credential harvesting, impersonation, and attachment-based attacks before they enter your environment.

Email Security is an integral part of the Trellix learning and adaptive ecosystem. Trellix continuously monitors the threat landscape, correlating threat data gathered from more than 40k enterprise customers, technology partners, and service provider networks around the world, ensuring you stay ahead of known and emerging threats.

Email Security is an essential component of a comprehensive Trellix XDR solution. It provides valuable data that can be combined with other controls to detect the most advanced and high-risk threats. By taking a proactive approach that prioritizes email protection as a fundamental aspect of extended detection and response (XDR), you can strengthen your infrastructure and create a resilient organization that can withstand the challenges of the digital age.

Trellix Email Security Features 

Superior threat detection
Attackers use multi-stage campaigns, designed to evade email infrastructure providers. For example, in multi-staged phishing campaigns, attackers steal credentials and use them to log into Microsoft 365 and distribute phishing emails throughout the organization.
Email Security offers multiple detection techniques, powered by cutting-edge machine learning, artificial intelligence, and security analytics. It provides unparalleled defense against multi-stage campaigns.
Email Security analyzes every email attachment and URL to identify threats hidden in:
● All attachment types, including EXE, DLL, PDF, SWF, DOC/ DOCX, XLS/XLSX, PPT/PPTX, JPG, PNG, MP3, MP4, and ZIP/RAR/TNEF archives. ● Password-protected and encrypted attachments. ● Credential-phishing and typo squatting URLs. ● URLs embedded in emails, PDFs, and Microsoft Office documents. ● OS, browser, and application vulnerabilities. ● Malicious code embedded in spear-phishing emails.
Advanced URL Defense
Email Security offers multiple advanced URL defense techniques to identify malicious URLs, protecting your organization from credential harvesting and spear-phishing attacks.
PhishVision is an image classification engine that uses deep learning to compile and compare screenshots of trusted and commonly targeted brands against web and login pages referenced by URLs in an email. Working in tandem with PhishVision, Kraken is a phishing detection plug-in that applies domain and page content analytics to augment machine learning.
While PhishVision compares screenshots to identify phishing attempts, Kraken performs a more thorough analysis of new page content by comparing it to a known phishing knowledge base. Attackers often use deferred phishing, which involves sending benign emails that pass inspection, and then updating them with malicious URLs after they have been delivered. To protect users from deferred phishing, Trellix rescans emails to identify any weaponized URLs that were added post-delivery. If any malicious emails are found, they are automatically removed from users' inboxes using an auto-remediate policy and Microsoft 365 and Google Workspace APIs.
Impersonation protection
CEO fraud and impersonation attacks also rely on social engineering techniques, rather than malicious attachments or links. Trellix offers dedicated detection engines specializing in impersonation detection and defense.
A common indicator of an email attack is the age of the sender’s domain. When creating an impersonation campaign, adversaries send attack emails from a domain similar to that of the person or company they are impersonating, usually within a few hours of that domain’s creation.
Trellix Email Security labels newly existing and observed domains as suspicious and further inspects emails for other attack indicators, such as typo-squatting.
Spoofing is when adversaries change the sender display name, so the email appears to come from a trusted source. Trellix defends against email spoofing by checking the authenticity of sender display names and email addresses in addition to examining content for other malware-less impersonation tactics.
Malware protection
Trellix Intelligent Virtual Execution (IVX) helps further defend your organization from phishing and ransomware by detonating all email attachments and URLs to determine if previously legitimate files have been weaponized. IVX is a signature-less, dynamic intelligence-driven analysis engine that inspects suspicious objects using real-time multi-flow, multi-vector analysis to identify and block targeted, evasive and emerging threats.
Email Security is also available with anti-spam and antivirus (AVAS) protection to detect both common attacks that use conventional signature matching and impersonation techniques.

Extend Protection with Collaboration Security 

Collaboration platforms such as Slack, Box, Microsoft Teams, and Google Workspace have transformed both the nature and velocity of collaboration. We now freely share information with co-workers and external partners — increasing an organization’s risk exposure by providing attackers an easy on-ramp to the network.

Trellix Email Security, paired with Trellix Intelligent Virtual Execution (IVX) provides a comprehensive enterprise communication and collaboration security solution, spanning enterprise email infrastructure, collaboration platforms, and enterprise applications, ensuring people can work together securely across the extended enterprise.