VMRay Email Sensor: Automated Analysis and Detection of Malicious Email
The average corporate employee will receive 75 emails per day. So it’s no surprise that email is still an integral part of daily business processes. With two-thirds of all malware installed via email attachments in 2016 (according to the Verizon’s 2017 Data Breach Investigations Report), it is critical to ensure that employees and company’s internal networks are protected from malicious inbound emails.
Enter the VMRay Email Sensor. Available with VMRay Analyzer – Cloud and On-Premises licenses, the VMRay Email Sensor enables organizations to protect their email infrastructure from malware and targeted attacks using VMRay’s unique agentless threat detection.
The Sensor can be integrated into any email deployment with minimal configuration. Once deployed the Sensor scans inbound email for known malicious URLs that lead to malicious downloads. Going a step further, the Sensor extracts attached files and sends them to VMRay Analyzer for further investigation. When the analysis is completed, results can be sent to a Security Information and Event Management (SIEM) system using Syslog in a JSON-based or custom format for further insights and advanced correlation.
The Email Sensor has the capability to alert an end-user that an attachment was identified as malicious by sending a notification via email. Figure 1 shows a complete view of the Email Sensor Deployment.
Our goal at VMRay is to enable seamless integration of VMRay Analyzer with our customers’ existing infrastructure. The email sensor is the newest piece of the puzzle in our support for the technology ecosystem, whether that’s endpoint protection, security operations automation or more.