Symantec Improves Email Security With Threat Isolation Technology

Symantec continues to build out product offerings that benefit from isolation technology which reduces an organization's attack surface.


Symantec announced its Email Threat Isolation technology on July 17, providing organizations with new capabilities to help block advanced email attacks.

According to Symantec, Email Threat Isolation blocks advanced email attacks on end-user devices and protects users against spear phishing, credential theft, account takeover and ransomware attacks. Symantec built Email Threat Isolation to secure email links and attachments inside of an isolated environment, such that malware or other attacks cannot impact system functions.

"This technology is tightly integrated with the Symantec Email Security solution, which safeguards Office 365, G Suite and on-premises email from email threats such as business email compromise, phishing and ransomware," Jane Wong, vice president of product management and engineering for Messaging Security at Symantec, told eWEEK. "While this is similar to Symantec Web Isolation, which protects users who access uncategorized web traffic, Email Threat Isolation gives users elevated levels of protection from advanced email attacks such as spear phishing, account takeover and ransomware attacks." 

Symantec Web Isolation is a capability that the company announced on June 7 as part of the Symantec Web Security Service (WSS). The core isolation technology for both web and email threat isolation has its roots in technology that Symantec gained through its acquisition of Fireglass in July 2017.

How Email Threat Isolation Works 

When a user clicks on a malicious link in an email protected by Symantec Email Threat Isolation, the link appears identical to one opened in a native (i.e., regular) browser, Wong said. However, the malicious link is executed remotely in a secure remote environment. 

"This environment confines all malicious activity and only sends safe rendering information to the user," she said.

One of the most common email threat vectors is malicious attachments, which is also an area where isolation helps to limit risks. Wong explained that Email Threat Isolation remotely renders and blocks malicious downloads and documents and alerts users when a malicious download is blocked. In comparison, non-malicious downloads or documents sent via email links are also rendered remotely and opened via the browser for safe viewing by users, she said.

There is also a reporting capability for links and malware that are blocked by the Email Threat Isolation technology.

"These reports can be viewed via the Email Security administrative console and exported for further analysis," Wong said. "In addition, analytics on isolated links can be streamed into the Security Operations Center via integrations with third-party security information and event management systems and Symantec Managed Security Services."

Business Email Compromise

While Email Threat Isolation can limit multiple types of email threats, that’s not the case with business email compromise (BEC). With BEC, attackers trick victims into paying fraudulent invoices. It is an increasingly lucrative attack vector, with the FBI reporting an increasing pace of financial losses in 2018.

"Business email compromise is a different issue, since these attacks do not contain a malicious link or attachment," Wong said. "Symantec stops these threats by using sophisticated impersonation controls to identify and prevent email attacks that imitate a legitimate user or domain within an organization."

Wong added that Symantec has capabilities to perform typo-squatting analysis to detect BEC attacks that use lookalike domains to trick users into falling for their scams. Symantec also aims to help block BEC attacks that directly spoof legitimate email domains by enforcing sender authentication methods.

Looking forward, Wong said Symantec is looking to move beyond email security to broader messaging security. Communications flow over a range of messaging channels, beyond traditional email, she said. Examples include business communication channels such as Slack, proprietary messaging services for Amazon and Salesforce, personal webmail (e.g., Gmail) and LinkedIn. 

"We see attackers using the same tactics over these channels as core email," Wong said. "We are building integrated services to cover threats across these messaging channels, sharing intelligence between them, and reporting holistically on messaging security posture."

Sean Michael Kerner is a senior editor at eWEEK and Follow him on Twitter @TechJournalist.

Sean Michael Kerner

Sean Michael Kerner

Sean Michael Kerner is an Internet consultant, strategist, and contributor to several leading IT business web sites.