Symantec Improves Email Security With Fraud Protection

Symantec is looking to reduce the risk of business email compromise attacks with a new offering that makes it easier to implement and manage Domain-based Message Authentication, Reporting and Conformance (DMARC) for email authenticity.

BEC Email Scam

Among the most common risks that enterprises face are email fraud attacks, often referred to as Business Email Compromise.

On Feb. 14, Symantec announced its latest innovation to help organizations combat BEC, with the company's Email Fraud Protection offering. BEC fraud involves attackers somehow spoofing or gaining access to an email system and tricking a victim into paying what appears to look like a legitimate invoice or payment request.

"Symantec Email Fraud Protection is a new addition to the platform," Jane Wong, vice president of Engineering & Product Management at Symantec, told eWEEK. "Symantec is committed to expanding the Integrated Cyber Defense Platform for Email Security with both homegrown technology and with API integrations."

BEC is a global problem, with the FBI estimating that between October 2013 and May 2018, there were $12.5 billion in losses from victims around the world.

The new Email Fraud Protection offering works together with other services already available in the Symantec product portfolio. Wong said that Symantec Email Fraud Protection is a cloud-based service that is available as an add-on to both the Symantec Email Security cloud and Symantec Messaging Gateway. To deploy Email Fraud Protection, she said  customers only need to make a quick, one-time change to point a one-line DNS record to Symantec. 

How It Works

Symantec Email Security is a platform that helps  protect Office 365, G Suite and on-premises email from email threats. Wong explained that Symantec Email Security protects customers from email attacks by blocking threats such as phishing, malware, spam and BEC; Email Fraud Protection helps customers automate implementation of sender authentication standards such as DMARC, DKIM and SPF. 

Domain-based Message Authentication, Reporting and Conformance (DMARC) is specification that includes both Domain Key Identified eMail (DKIM) and Sender Policy Framework (SPF) protocols to help protect the authenticity of an email domain.

"This stops attackers from abusing brands, increases sender trust and improves email deliverability rates," she said.

Wong explained that Email Fraud Protection automates implementation of the DMARC standards for customers by cataloging thousands of software-as-a-service (SaaS) and third-party emailing services, and dynamically updating configuration changes that remove the need for administrators to manually set up and maintain the senders. Furthermore, organizations no longer need resources from messaging and security teams, since adding or removing senders is now a simple, one-click process. Critical privacy standards are complied with as Symantec Email Fraud Protection does not use personally identifiable information (PII).

DMARC

While DMARC is a known approach to help improve email authenticity, implementing DMARC hasn't always been an easy process for organizations. Among the challenges of implementing DMARC properly is the need to identify all the places where email for a given domain are sent from. 

"Email Fraud Protection greatly simplifies enforcement of sender authentication controls such as DMARC, DKIM and SPF by automatically and accurately identifying third-party senders while dynamically keeping this list up-to-date in case the configuration of any underlying email service changes," Wong said. "Additionally, customers get full visibility into all email traffic using their domains with detailed reporting on email senders."

By implementing DMARC, the goal is to limit the risk of potential attackers to use an email domain in a BEC attack. Wong said that implementing DMARC controls stops unauthorized senders from impersonating domains via BEC attacks, since emails from these senders are rejected. 

"This also increases trust in email senders, since only authentic emails from approved senders are allowed into the inbox, as users can now trust emails they receive in their organization’s name," she said.

What's Next

Wong commented that many organizations make use of fragmented security tools from multiple point-product vendors to help reduce risk. She said that Symantec is looking to give its customers a stronger, more unified protection via an Integrated Cyber Defense Platform. 

"This integrated platform helps customers achieve better security outcomes across multiple control points with enhanced security controls and products that work together seamlessly to defend against the latest threats," she said. "As a result, Symantec is working on tightly integrating the Email Security solution with this broader platform as well as a large technology partner ecosystem to deliver an integrated solution to customers."

Sean Michael Kerner is a senior editor at eWEEK and InternetNews.com. Follow him on Twitter @TechJournalist.

Sean Michael Kerner

Sean Michael Kerner

Sean Michael Kerner is an Internet consultant, strategist, and contributor to several leading IT business web sites.