Criminals often impersonate key individuals in an organisation to trick other employees into falling for their scams. Sophos Email uses advanced machine learning to detect targeted impersonation and Business Email Compromise attacks. Utilising the deep learning neural network created by Sophos AI, Sophos Email analyses email body content and subject lines for tone and wording to identify suspicious conversations.
For added protection, Sophos Email also includes a setup assistant that integrates with AD Sync to automatically identify the individuals within an organisation who are most likely to be impersonated. It scans all inbound mail for display name variations associated with those users, further extending protection against phishing imposters.
Adversaries are experts at using social engineering in their attacks. That’s why Sophos Email scans all inbound messages for key phishing indicators such as brand spoofing and impersonation attempts in real-time using SPF, DKIM, and DMARC authentication techniques and email header anomaly analysis. It spots and blocks phishing emails before they reach your users.
The danger with phishing is not the email itself but what it gets people to do. Phishing emails often include malicious links and malware that attackers try to trick you into activating. Sophos Email’s real-time URL scanning and AI-powered cloud sandbox protect against malicious URLs and attachments, ensuring malware never reaches your users’ inboxes.
To avoid detection, attackers sometimes update the link in an email after it has landing in the victims’ inboxes, for example, re-directing safe URLs to malicious ones, or insert malware into a previously-clean web page. Time-of-Click URL rewriting analyses all URLs at the moment they are clicked, and automatically removes dangerous emails to protect against these post-delivery techniques.
Sophos Email’s Search and Destroy capabilities take this one step further, directly accessing Office 365 mailboxes, to identify and automatically remove emails containing malicious links and malware at the point the threat state changes and before a user ever clicks on them.
Find out more about this product and how to trial it for your users by “contacting us”.