What is FireEye Email Security (MX)?
FireEye Email Security (MX) is a cybersecurity solution that detects and blocks advanced cyberattacks such as targeted attacks.
Email security is important
The threat of cyberattacks which maliciously use email is increasing every year. Currently, about two-thirds of emails are spam emails and cyberattacks triggered by emails account for 91% of all cyberattacks. This clearly shows the importance of email security. It can be said that the attackers who launch targeted attacks are organizations with abundant funds and high technology, and are likely to be a professional group with state support.
Cannot be detected through conventional security measures
In recent years, there has been explosive growth in new types of malware.
2013: 23,000,000 types → 2018: 137,500,000 types
Additionally, 3 million new websites for malicious use are generated annually. In this way, signatures cannot be used to detect threats which are growing explosively in number.
Multi-stage attacks cannot be detected by testing each file
Uploading and downloading files is contingent upon accessing the website and checking the environment. It is not possible to detect all stages of attacks on the multi-flow.
Malware that avoids sandbox analysis
In recent years, malware avoids checks for user operation, checks of virtual environments, etc.
Features
- Achieves quick and efficient detection by sharing analysis results with FireEye products
- Automatic update of security contents
- High-speed static analysis
- Detailed dynamic analysis
- Specializes in targeted attacks and zero-day attack countermeasures
- No. 1 share in Japan and the world
- First to detect more than half of unknown attacks
- Low level of false detection, so operation load is reduced
- Automatically blocks malicious emails in the cloud
- Achieves high-accuracy detection
- Proprietary analysis technology supports measures against the latest attack methods
The service will solve problems such as the following.
- Risk of overlooking cyberattacks which skillfully evade detection and malicious files in virtual execution environments
- Targeted attacks are difficult to detect on a clear basis, so over-detection and false detection are likely to occur
- Unable to identify skillfully disguised phishing sites
Main Functions
MVX engine for reliable detection of attacks in a proprietary virtual environment
- Reliably track and analyze complex malware behavior such as communication to C&C servers and modules that load directly into memory
- Keeps malware unaware that it is in a virtual environment
- Attacks in multi-stage communication are also analyzed in the virtual execution environment, so the attacks cannot avoid detection
- Since the series of file activities is analyzed in the virtual execution environment, the finally created malware is detected without being overlooked
- Delayed onset malware is also detected by fast-forwarding the passage of time
Phish Vision: High-accuracy detection of phishing sites
- New approach using AI image analysis
- Even possible to identify sites that exactly mimic a legitimate login screen
- After acquiring the URL of the website via screenshots, the website is analyzed using deep learning
- Phishing Site Analysis (Kraken): Comparative analysis of URL of the website page content with known phishing sites
Other detection functions
- Analyzes attached files, URLs, and headers
- Sender spoofing detection: Fraud countermeasures for business email
- DUA: Dynamically parses URL files and attached files
- FAUDE: Analyzes suspicious URLs, rewrites URLs, and send emails (access restrictions)
- Multi-stage attack analysis: Detects attacks through external communication via files
- Malware information collection system (Skyfeed): Collects the latest information to monitor threat feeds on SNS, etc.
Achieves quick and efficient detection by sharing analysis results with FireEye products
Specialized fields of FireEye products
Advantages of FireEye products
