Home Intel Hub T02 FireEye Products and Services Central Spring Into the Latest FireEye Email Security Release

Spring Into the Latest FireEye Email Security Release

FireEye Stories 2021-05-17

With the wide-scale adoption of cloud-based email services such as Microsoft 365 and Google Workspaces, we've seen a dramatic increase in threats targeting these platforms. In fact, over the entire year of 2020 we detected more than 1 million messages impersonating the Microsoft and Google brands alone—and the pace is accelerating. To better protect our customers, we've focused this release on product enhancements specific to Microsoft 365 and Google Workspaces.

Right now customers have access to the latest release of FireEye Email Security—Cloud Edition. This release continues to raise the bar by expanding existing capabilities to new cloud providers and expanding native integration with others. Let’s Spring forward into some of the latest and greatest features.

Google Workspace Remediation (Automatic and Manual)

A common security concern for administrators is that some malicious actors have learned to delay activating malicious links embedded in email until sometime after the email is sent—with the hope that any scanning will have already occurred and the email declared safe. FireEye Email Security keeps a constant watch out for any links that become malicious after delivery, and when this activity is detected an alert is raised and automatic action can be taken.

FireEye announced Threat Remediation for Microsoft 365 in 2019 and now users will have the same capabilities for their Google Workspace environments. Threat Remediation provides users both protection and flexibility to address emails that become malicious after delivery.

Threat Remediation works in the following way:

  1. When a retroactive alert is generated, Threat Remediation extracts emails from a user’s inbox. FireEye Email Security—Cloud Edition removes emails classified as malicious after delivery using an API.
  2. Security professionals or email administrators can create an automatic remediation policy and select one of three policy actions including quarantine, move to an administrator-defined folder, and permanent deletion.
  3. The assigned action is implemented on the malicious message. 

Figure: Google Workspace remediation actions

End User Notification

Users can get frustrated when they see an email come in, then to go look for it later and it has just disappeared. Removing malicious emails is certainly the right idea, but end users may not be aware that this is what is happening.

With this release, customers can now notify and provide details to end users about malicious emails remediated from their mailboxes. This will help free up valuable help desk time by reducing requests about moved malicious emails.

Microsoft 365 Native API Protection: Alert Correlation and Outbound Scanning Support (Limited Availability)

Currently our Microsoft 365 Native API Protection is in Limited Availability for select customers. However, as we work towards general availability, we continue to add features and functionality. This release introduces two important features for our Microsoft 365 customers in native alert correlation and outbound scanning support. Native alert correlation improves the overall customer experience by grouping alerts generated from the same email from different end user mailboxes. This helps to reduce alert noise and load on security teams.

The other feature we are introducing for native integration customers is outbound email scanning. Customers accessing the early adopter program for native integration can set up outbound email scanning over SMTP if they want full outbound scanning using Cloud Edition.  We have had many customers express the desire to scan both inbound and outbound email traffic and this allows customers to easily set up this capability on Microsoft 365.

A Sprinkling of Other Features

Beyond the features targeting Microsoft 365 and Google Workspace are numerous other enhancements coming to the platform, including:

  • Japanese Language Support: We continue our expansion of FireEye Email Security into international markets with the addition of Japanese language support. Customers can switch between English and Japanese languages for the dashboard, the navigation bar, Email Trace and the On-Demand Quarantine page.
  • REST API Enhancements: This enhancement allows customers to fetch email statistics of delivered, received, accepted, scanned and remediated emails with statistics on delivered, temporary and permanent failure statistics over REST APIs.

FireEye continues to innovate, enhancing Email Security so our customers can address evolving trends with new features and functionalities that are automatically deployed. The latest updates discussed in this post are immediately available for all customers from within the Email Security console and we invite all existing customers to try them out!