Advanced Email Security

Frequently Asked Questions

• What features are included in Advanced Email Security?

  Advanced Email Security, powered by Perception Point, helps prevent all email-borne threats, including spam, phishing, BEC and impersonation attempts, malware, APTs, and zero-days before reaching end-users with multiple protection layers.

  The anti-spam engines act as the first line of defense, applying anti-spam and reputation-based filters, including IP reputation checks, to email upon being received to block malicious or unwanted communication.

  Then all emails are recursively unpacked into smaller, individual components like URLs and files by the anti-evasion technology. This process detects malicious embedded or hidden content. The URLs and files are separately run in multiple versions and patterns through the subsequent security layers to catch any hidden threats.

  Advanced Email Security leverages powerful threat intelligence from six marketing leading sources combined with Perception Point’s technology that scans URLs and files in the wild to stay ahead of emerging threats.

  The anti-phishing engines apply URL reputation filtering from four market-leading sources combined with a unique image recognition technology that detects unknown, malicious URLs based on logos and images used on the webpage.

  To catch payload-less attacks (BEC), such as impersonation attempts, look-alike domains, and display-name deceptions, Advanced Email Security leverages machine learning algorithms with IP reputation, sender policy framework (SPF), DomainKeys Identified Mail (DKIM), and Domain-Based Message Authentication Reporting and Conformance (DMARC) record checks.

  Known malware is stopped with the help of best-in-class signature-based detection technologies, specifically developed to prevent email-borne threats, that act as another layer of protection on top of users’ local anti-malware solution.

  The last line of defense is the next-generation dynamic scanning that prevents advanced threats that evade conventional defenses such as zero-days and APTs. The unique, CPU-level technology acts earlier in the kill chain than any other solution to block attacks at the exploit phase by analyzing the applications’ execution flow during runtime to identify deviations from standard flow based on the assembly code.

  Moreover, service providers have access to a dashboard that provides a holistic view of the threat landscape across organizations with forensics data for each email, proactive insights on threats seen in the wild, and analysis of any file or URL on which the service delivery team needs forensics.

  With the incident response service, you also gain access to cyber analysts that monitor all customer traffic and malicious intent with ongoing reporting and ongoing support, including handling false positives, remediating, and releasing when required.

• How easy is it to migrate to Advanced Email Security from another solution?

  If you choose to migrate to Advanced Email Security from another solution, the process of upgrading your services is as seamless as possible. Advanced Email Security is an API-based email security technology that integrates directly into the email system without the need for any additional configuration, including configuring MX records.

  If you already use Acronis Cyber Protect Cloud, implementing Advanced Email Security happens with the flip of a switch.

• Will Advanced Email Security affects clients’ email delivery?

  Due to the unmatched detection speed, which is up to a few seconds, compared to seven to 20 minutes for legacy sandboxing solutions, all emails are scanned before delivery to end users with near-zero delays to ensure proactive protection without disrupting every day business process.

• What is email security?

  Email security ensures the availability, integrity and authenticity of email communications by detecting and blocking email threats to reduce the risks of email-borne attacks.

• What are some types of email security threats?

  Email security threats come in many forms:

  • Spam is any type of unwanted, unsolicited digital communication that is sent out in bulk.
  • Phishing is a common attack technique that utilizes deceptive communications (including email, instant messages, SMS, and websites) from a seemingly reputable source in order to gain access to sensitive information.
  • Business email compromise (BEC) involves phishing emails that use impersonation and company knowledge to trick employees to wire money or data, or to change bank account information.
  • Malware is an application written with the intent of causing damage to systems, stealing data, gaining unauthorized access to a network, or generally wreaking havoc.
  • Ransomware is a form of malware that infects systems and encrypts files. The user cannot access their data until a ransom is paid in exchange for a decryption key. Once the ransom is paid, a user can only hope that the attacker will provide the decryption key and permit them to regain access to their files.
  • Advanced persistent threats (APTs) are complex attacks intended to establish an illicit, long-term presence in a network in order to collect highly sensitive data or compromise an organization’s operability.
  • Zero-day exploits refer to a vulnerability that is actively being exploited in the wild, but is not yet known to the software provider. Thus, a software patch to fix the exploit is unavailable.

• Is email security important?

  Email is the primary attack vector, with 94% of malware being delivered via email, according to a 2019 Verizon Data Breach Investigations Report. More recent reports from Verizon, HP and Acronis still point to email as one of the most common entry points for attacks.

  Cybercriminals will continuously target business’ email accounts, attempting to open a backdoor and infiltrate an organization’s network. That’s why it is vital to secure your clients’ riskiest communication channel. It’s important to note that no matter how trained an employee is, they receive hundreds of emails a day and with email exhaustion, they can inadvertently click on a malicious email.

• Do MSPs need email security?

  Amidst the rising number of digital threats, more service providers are seeing cybersecurity as their primary revenue generator. Email security is an essential service for the majority of businesses as email is still the most used communication channel and the primary channel cybercriminals attack.

  To remain competitive and reduce security risks for clients, service providers must offer a portfolio of services with multiple defense layers, including email security. Launching such a service can help MSPs increase their client base and increase per client revenues.