Cisco and McAfee decide users just can't be trusted not to click on dodgy attachments

brambedkar59

Level 29
Thread author
Verified
Top Poster
Well-known
Apr 16, 2017
1,869
Cisco's adding McAfee's Advanced Threat Defense to platforms supported by its Email Security Appliance platform.

The alliance is designed to make integration between the two systems easy – the Advanced Threat Defence (ATD) e-mail connector is a single checkbox in the McAfee UI, plus selecting permitted hosts and the file extension types that should be scanned.

If the Email Security Appliance (ESA) spots an incoming e-mail with an attachment it doesn't recognise, it'll forward the message to the McAfee ATD system. ATD then checks the attachment against known signatures, and if it comes up blank, it will run the attachment in a sandbox.
 
F

ForgottenSeer 58943

We deploy Trend HES which has been doing this for a couple of years now. McAfee's Email filter has gone legacy, it was a failed business model so now they are trying to shop out their API for sandboxing, etc.

Intel Security will discontinue McAfee SaaS products

We setup our corporate clients with HES using a 4 policy system for guarding attachments;

First policy checks for attachments allow/deny rules. For example by default we block DOCM, WSF, etc. Attachments w/passwords are blocked, etc.
Second policy we use is to check for 'traits' that are malicious - quarantine attachments that match. (file size, other traits)
Third policy checks for malware/viruses/scripts in signature based scanning.
Fourth policy tosses it into a sandbox and evaluates behavior. This adds a 5 minute to 30 minute delay to emails with attachments.

Using a 4 policy method, we're only seen a couple of malicious attachments in 3 years make it past to the thousands of endpoints we manage. False positives are kept really low because of the tailored rules.
 
Last edited by a moderator:

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top