Cisco Systems, which reported recently that mass spam email attacks on computer users are being replaced with more sophisticated, targeted attacks, has introduced a new security technology to thwart those attacks. At its Cisco Live conference in Las Vegas, the company unveiled Cisco IronPort Outbreak Filters, which, when spotting a suspicious email containing what might be a malware link, rewrites the link to direct it to a Cisco security tool that will determine if it is malware and, if so, block it.
Also at Cisco Live, the company unveiled a Business Class E-mail (BCE) system that delivers automatic user identification, embedded email controls, added encryption security and universal device support. The latter is designed to extend security to the personal devices workers now use in the workplace, such as smartphones and tablet computers.
The Outbreak Filters product is designed to respond to new targeted attacks on specific email users. At a news conference in the San Francisco area June 30, Cisco shared results of an internal study that showed that mass spam attacks, in which messages are sent to millions of inboxes, are on the decline because they’re increasingly ineffective. Instead, cyber criminals are launching targeted attacks that are written to a specific individual with a message more likely to trick him or her into clicking on a link that downloads a malware payload.
Outbreak Filters look out for such messages, and when a suspicious one is found, it rewrites the link before sending it on to the intended recipient, says Nick Edwards, director of Cisco's Security Technology Business Unit. Rewriting the link redirects it to Cisco’s ScanSafe Cloud Web Security system--technology from a Cisco acquisition done a year and a half ago--which scans the link destination to determine if it is a malware site. If it is malware, ScanSafe blocks user access, preventing the download; if it’s legitimate, the site opens up.
"Rewriting the link is what allows us to scan the payload that would come from that site," Edwards explains. "We do a deep scrub, determine the context of [that link] and where that email originated."
