Market Overview

FireEye Updates Email Security with New Threat Detection and Evasion Defenses Based on Insights from the Front Lines


On-premises email enhancements include executive impersonation
protection, expanded URL protection, a new machine learning engine to
detect emerging threats, password-protected image analysis, and guest
image customization

FireEye, Inc. (NASDAQ:FEYE), the intelligence-led security company,
today announced a number of new defenses that are now available on
FireEye® Email Security – Server Edition, in direct response to the
changing cyber threat landscape.

"FireEye continues to keep pace with the most sophisticated attackers,"
said Ken Bagnall, vice president of email security at FireEye. "With our
knowledge gained on the front lines with our incident response experts,
we build new techniques for detecting attacks and attempts to bypass
defenses. The speed and flexibility with which an email security
solution adapts separates the good from the best. FireEye Email Security
– Server Edition continues to detect an average of over 14,000 malicious
emails per customer per month that get past other email security

Adding Executive Impersonation Protection to FireEye Email Security
Server Edition

Malware-less attacks are becoming an increasingly prevalent concern. In
fact, FireEye has seen a rise in business email compromise over the past
few years through executive impersonation attacks. According to the
latest FireEye
Email Threat Report
, 19 percent of all malware-less attacks took
this form in the first half of 2018. Impersonation attacks continue to
be significant because adversaries are finding that people will often
react to an email when it appears to be from an executive.

"While executive impersonation protection has become a commonplace
feature within cloud-based email security solutions, this has not been
the case on-premises," continued Bagnall. "We've added executive
impersonation protection to FireEye Email Security – Server Edition as a
direct response of customer feedback that they are seeing more
impersonation emails getting through their existing security services.
This update is designed to catch what other security solutions are

Executive names are commonly used as display names in fraudulent emails
to fool employees into taking action. This new FireEye capability
protects employees from display name and header spoofing. Inbound mail
headers are analyzed and cross-referenced with a Riskware policy created
by the administrator, and headers that do not align with the policy
and/or show signs of impersonation activity can be flagged.

In addition to the executive impersonation protection capabilities,
FireEye Email Security – Server Edition incorporates several other new
features designed to combat emerging threat vectors while enhancing
performance. These include:

  • Attachment Detonation Customization (Guest Images): There is an
    increasing amount of malware programmed to execute under certain
    circumstances to evade sandbox detection. These evasion techniques
    typically limit file execution to behavior relating to the target
    organization. Administrators can now create a guest image which can
    ‘fool' the file into executing, for example, creating browser history
    or defining ‘recently opened files'.
  • Full URL Rewrite: This new security capability better protects
    end users from malicious links by rewriting all URLs contained in an
  • Passwords in Images: In direct response to the latest attack
    techniques seen by FireEye incident response teams, and a rapid
    innovation cycle, the advanced detection Multi-Vector Virtual
    Execution™ (MVX™) engine can now use passwords embedded as images
    within emails to analyze the related password-protected files. Most
    sandboxes are unable to analyze password-protected files.
  • New Machine Learning Engine: FireEye's recently launched
    machine learning engine, MalwareGuard™, is now available for FireEye
    Email Security – Server Edition. Under development for two years, this
    detection engine helps defend against emerging and new threats that
    often bypass traditional security solutions. Using machine learning
    models trained with data sets collected and labeled by FireEye and
    Mandiant researchers from real-world attacks, MalwareGuard
    intelligently classifies malware without human involvement and before
    signatures are available.


These new features are now available in the latest version of FireEye
Email Security – Server Edition (8.2). A free email threat analysis is
also available for authorized FireEye partners worldwide. More product
information on FireEye Email Security – including both Server and Cloud
Editions – can be found at

Combining a FireEye Threat Intelligence subscription with FireEye Email
Security is the best way for organizations to establish the agility that
is needed to stay one step ahead of attackers. Organizations can learn
more about FireEye Threat Intelligence at

About FireEye, Inc.

FireEye is the intelligence-led security company. Working as a seamless,
scalable extension of customer security operations, FireEye offers a
single platform that blends innovative security technologies,
nation-state grade threat intelligence, and world-renowned Mandiant®
consulting. With this approach, FireEye eliminates the complexity and
burden of cyber security for organizations struggling to prepare for,
prevent, and respond to cyber attacks. FireEye has over 7,300 customers
across 67 countries, including more than 50 percent of the Forbes Global

© 2019 FireEye, Inc. All rights reserved. FireEye, Mandiant,
Multi-Vector Virtual Execution, MVX and MalwareGuard are registered
trademarks or trademarks of FireEye, Inc. in the United States and other
countries. All other brands, products, or service names are or may be
trademarks or service marks of their respective owners.

View Comments and Join the Discussion!