What's new in 2016 Release 6?

TRITON AP-EMAIL with Email Cloud Module | 13-December-2016

Limited availability: Secure suspicious attachments

For cyber criminals, attaching malicious files to emails continues to be a very effective attack strategy. TRITON AP-EMAIL performs rigorous analysis of attachments, including sending suspicious files to a sandbox for observation and analysis (optional feature). However, even when a file passes analysis, some attributes of the attachment can continue to make it suspicious. These attributes include sender and domain reputation, attachment file type, attachment size, and the spam score of the message, among others.

Email administrators now have the option to secure suspicious attachments in a password protected zip file that is delivered to the recipient along with a report that includes the message details, a preview of the attachment content, and a link that the recipient can use to retrieve the zip file password. The email is also annotated with a customizable message. Below is a sample of a message delivered with a secured attachment.

Here is a sample Secured Attachment Report.

By securing the attachment in this way, the recipient and organization have the time and information needed to take a fully considered action.

Should the recipient choose to retrieve the zip file password by clicking the Retrieve Password link, they are taken to a Forcepoint TRITON AP-EMAIL portal to confirm their request. Once confirmed, a separate email is sent containing the password.

Only the original recipient can receive the password. If a message with secured file attachments is forwarded, recipients of the forwarded message must ask the original recipient for the password.

Should you choose to enable the feature and secure suspicious file attachments, it's very important that you prepare your users to receive them and take appropriate action. Users should know that:

Their email security service analyzes email attachments for malicious content. When found, the attachment is not delivered.

The email security service also looks for suspicious file attachments. An attachment can be suspicious for several reasons including the reputation of the sender or sending domain, attachment file type, attachment size, the spam score of the message, and other attributes.

When a suspicious attachment is found:

The attachment is placed in a password protected zip file and delivered, along with the original message, to the intended recipients.

A Secured Attachment Report is also attached to the original message. The report includes the message details, a preview of the attachment content, and support for retrieving the password for the secured zip file.

Recipients should carefully examine the Secured Attachment Report to help determine if the attachment is safe.

Opening a suspicious attachment could lead to the computer being compromised or infected. Recipients should open the attachment only if they're sure that it's safe. If in doubt, contact the IT team for assistance.

If a user receives a forwarded copy of a message with the secured zip file, they need to ask to original recipient for the password. Only the original recipients can retrieve the password.

The Secure suspicious attachments feature is enabled at the policy level (per policy).

To enable the feature:

In the portal go to Email > Policies > policy_name and select the Content Filter tab.

In the Inbound Content Filter section, enable Secure suspicious attachments.

Click the adjacent Customize settings link to review and customize the message that is inserted into the original message.

You can also add sender addresses or domains to exclude from the secure attachment rule.

Save your changes.