eWEEK content and product recommendations are editorially independent. We may make money when you click on links to our partners. Learn More.
Cyber-security firm Sophos announced its Sophos Email Advanced service on June 12, delivering protection against email threats as well as providing DMARC email authentication capabilities.
Sophos Email Advanced integrates with multiple email technologies, including Office 365, Microsoft Exchange and Google G-Suite. The new service benefits from artificial intelligence capabilities that help detect potential threats in enterprise email. Sophos Email Advanced aims to add a layer of email security capabilities that improves upon what Sophos has had in market to date.
“Email is a pretty important threat vector if you want to protect companies,” Bill Lucchini, senior vice president and general manager of the Messaging Security Group at Sophos, told eWEEK.
Sophos Email Advanced is a cloud-based service with customers setting their email MX record to point to Sophos’ cloud, which filters the email for potential risks. Sophos Email Advanced protects against both known and unknown malware that finds its way into enterprise email inboxes, according to Lucchini. The CryptoGuard technology that is part of the new Sophos service provides specific protection against ransomware. Sophos now also provides a predictive threat capability to detect threats, he added.
“We built out a model that can reliably predict, for items we’ve never seen before, whether it’s going to be malware,” Lucchini said.
Not only can malware be delivered via attachments, but often it also is simply sent as a link inside of an email. Lucchini noted that attackers are increasingly stealthy and so, in attempt to trick initial email security scans, they don’t always make a link instantly malicious.
“So what we’ve done is we’ve created a system that we’re calling Time of Click protection, where no matter when a user clicks on the link, at the time of click we will check that URL again and make sure that you are safe,” he said.
Another core capability in Sophos Email Advanced is DMARC (Domain-based Message Authentication, Reporting and Conformance) standard conformance. DMARC includes a pair of email authenticity standards with the Sender Policy Framework (SPF) as well as Domain Keys Identified Email (DKIM) to help verify email authenticity. Lucchini said DMARC ensures organizations have trusted email addresses, limiting the risk of phishing.
Sophos has multiple threat protection capabilities in its portfolio, including InterceptX, which was announced in September 2016. Among the core capabilities in InterceptX is ransomware protection. Lucchini sees a need for both InterceptX for endpoint protection as well as the separate email security service.
“Email has changed; it’s got more sophisticated,” he said. “As much as we’re proud of our endpoint protection and what we do with InterceptX, I think everybody would agree they would rather not have malware on the machine and have to block it, and instead just keep the malware out of the network entirely to begin with.”
Lucchini said there is still more work for Sophos to do to improve its email security technology.
“The industry has been moving relatively slowly on email security, and attackers have found that to be helpful,” he said. “So we’ve got to move quickly to get back in control of the situation.”
Sean Michael Kerner is a senior editor at eWEEK and InternetNews.com. Follow him on Twitter @TechJournalist.