SpamTitan Sandboxing

Due to the sophisticated nature of advanced persistent threats via email Spamtitan has been significantly upgraded to include a sandboxing feature and additional anti-spoofing layers. The SpamTitan email sandboxing feature is powered by Bitdefender.

SpamTitan email sandboxing protects against breaches and data loss from zero-day threats and sophisticated email attacks by providing a powerful environment to run in-depth, sophisticated analysis of unknown or suspicious programs and files. This advanced email security layer will provide protection against malware, spear-phishing, advanced persistent threats (APTs), offering insight into new threats and helping mitigate risks.

SpamTitan sandboxing is a powerful next-gen email sandbox security solution that protects against advanced, sophisticated attacks via email. Our solution is packed with award-winning machine learning and behavioral analysis technologies, enabling your security team to safely detonate suspicious files in a secure environment that mirrors your production endpoints, tricking cyber attackers into believing they have reached their target.

SpamTitan email sandboxing achieves the highest detection rates due to its global threat intelligence gathered from the 500+ million endpoints it helps to protect. 

A powerful layer of protection against stealthy email attacks

The email sandbox service analyzes suspicious files in depth, detonates payloads in a contained virtual environment, analyzes their behavior and reports malicious intent. The SpamTitan email sandbox service acts as a ‘real target environment for potentially malicious files, where everything is carefully crafted so a potential threat acts as it would in the wild, making it a powerful tool against targeted malware attacks and malware infiltration.

• Files accessed by end users are first analyzed with our award-winning anti-malware technologies. Strong machine learning, static analysis and behavior detection technologies ensure that only files that require further analysis get sent to the sandbox
• The files are detonated in the sandbox and monitored for signs of malicious activity; self-protection mechanisms are in place and every evasion attempt by a piece malware is properly marked and the files are flagged
• The sandbox service analyzes the files by leveraging purpose-built, advanced machine learning algorithms, decoys and anti-evasion techniques, anti-exploit, and aggressive behavior analysis
• All results are checked across known threats in an extensive array of online repositories, and all in just a few minutes
• Since the file is not analyzed on the endpoint, this eliminates the risk associated with allowing a potentially malicious file to run on the endpoint. 
• If the verdict is malicious, the email sandboxing service updates Bitdefender’s Global Protective Network (cloud threat intelligence service), ensuring that the new threat is blocked globally, and the service does not have to detonate the same file again

Features of SpamTitan Email Sandbox

SpamTitan sandbox combines the latest threat analysis with powerful emulation tools to ensure that files are inspected using real-time intelligence along with comprehensive detection techniques:

• Provides advanced threat protection and zero-day exploit detection
• Utilizes global cloud intelligence to detect malware
• Leverages purpose-built, advanced machine learning algorithms, aggressive behavior analysis, anti-evasion techniques and memory snapshot comparison to detect threats
• Analyzes a broad range of targets ( including documents and application files)
• Helps uncover malicious files including polymorphic and other threats designed for undetectable targeted attacks

One typical way data is exposed via email is by accidentally sending an email to the wrong recipient. This was found to be a prevalent security problem in healthcare and financial services.

The Verizon Data Breach Investigations Report (DBIR)

Benefits

The sandbox service augments the protection against targeted malware attacks and malware infiltration:

• Detects advanced attacks early and prevents breaches, reducing incident response costs and efforts
• Reduces threat-hunting burden
• Greatly increases the detection rate of elusive threats in the pre-execution stage, including APTs, targeted attacks, evasion techniques, obfuscated malware, custom malware, ransomware
• Provides a complete solution for quickly integrating advanced emulation-based malware analysis
• Ensures continuous protection and maximum performance against rapidly evolving advanced threats

Email Sandboxing

Email servers where users from the public Internet can email employees are always under attack. From phishing to malicious attachments, these servers must always have the best security and email filters installed or employees are at a greater risk of falling for a malicious email campaign from an attacker. With free, public email accounts such as Gmail, many of the malicious campaigns still wind up in the user’s spam box. This procedure isn’t enough to protect an organization from an attack, so email filters and sandboxed environments are implemented.

Keeping malicious content completely out of a user’s inbox is necessary for an organization. With email such as Gmail where users can scroll through spam filtered messages, an organization must stop users from innocently opening an attachment or viewing a phishing email from a spam inbox. Sandboxed email filtering scans incoming email on the server and quarantines it in a safe place away from user access. The quarantined area is usually a network drive with only administrator access or a directory on the local email server. This directory is sandboxed from other sections of server resources where administrators can review content. Malicious triggers could be for the numerous ways attackers identify weaknesses in cybersecurity and attempt to get emails delivered to the user’s inbox.

Two common attacks using email include malicious attachments with macros that download malware or steal user keystrokes and phishing emails that trick users into opening a link that points to an attacker-controlled site. By sandboxing these emails, an administrator greatly reduces the ability for these emails to reach the targeted user’s inbox. An administrator must be able to deal with false positives, so sandboxed email filters provide greater control of email that should legitimately reach a user’s inbox but gets flagged by email filters. Instead of automatically deleting an email, a sandboxed email filtering system places content in a safe location where administrators can review the email messages and files. With an administrator review, the message is then sent to the user.

The right email filter gives administrators solutions for a whitelist, so any false positives flags can be controlled. This reduces administrator overhead, so they can automate the way email is sent to an inbox should it be a false positive. A good email filter has configuration options for administrators to avoid the massive overhead of administrator required interaction.

Without an email sandbox, you could either lose important emails to false negatives or risk having users open malicious content. With sandboxed email protection, administrators have more control of the type of content that reaches user inboxes. With email fraud on the rise, organizations need strong anti-malware and block messages from ever reaching the end users inbox. An email security system that includes sandboxing can do this for you, and successful attacks will be greatly reduced. 

Start a free trial of SpamTitan today and find out for yourself how the advanced, layered anti-spam protection blocks spam and malicious email threats from reaching your business network.