Blog Email Attachments (Even the Bad Ones) Can’t Bypass Application Isolation [video]

Malicious Email Attachments are bad.

January 2, 2018 Category: Threats By: Jennifer Carole Comments: 0

Email Attachments (Even the Bad Ones) Can’t Bypass Application Isolation [video]

  • Safely open any email attachment from Outlook or web mail, even if it contains malware
  • Eliminate restrictive IT security policies that limit access to email attachments
  • Improve user productivity by removing the risk of opening malicious email attachments

Email attachments drive cybersecurity experts nuts. Despite advancements in malware detection, malicious email attachments are still getting through defenses, leading to enterprise data breaches, loss, and destruction.

End users can’t be held responsible for cybersecurity and still get their jobs done.

Legitimate applications—many expressly whitelisted including the Microsoft Office Suite—are easily exploited to bypass layered defenses and gain an organizational foothold from a single compromised host.

Watch: containing ransomware in a micro-VM.

To do their jobs, users must open email attachments from external sources—whether reading resumes, processing invoices, receiving delivery notifications, sharing financial statements, or collaborating on legal agreements with outside parties. Cybercriminals know this and work the vulnerability: ransomware is commonly delivered via weaponized Office documents or PDFs, with total ransomware-related damages estimated to exceed $5 billion in 2017.

99% of malware now has polymorphic capabilities and 97% of malicious files are completely unique to each endpoint. Organizations’ infrastructure and proprietary enterprise assets are under continuous assault against theft, misuse, and destruction—with costs increasing at an alarming rate, up 23% in just the past year.

Detection alone is not enough to provide security for email attachments.

Relying solely on detection as a viable defensive strategy for email attachments doesn’t work well enough at enterprise scale. Detection will never reach 100% effectiveness. Whether by signatures, heuristics, artificial intelligence, or machine learning, full-stack detection rarely exceeds high-90% effectiveness, and detection typically lags the latest attacker techniques, creating chasms of vulnerability that attackers rely on to breach organizations using malicious email attachments.

A new large-scale enterprise email security study shows a massive 10.5% failure rate in the detection of email messages that contain spam, phishing, and malware attachments, allowing dangerous content to land in users’ email inboxes – undiscovered and waiting for a simple click.

Application Isolation delivers security while allowing end users to get back to work.

Today’s defensive perimeter has now shrunk down to the application level, where a last line of defense is needed – in this case – to ensure email attachments are contained and now allowed to access the host. Bromium isolates tasks and eliminates remediation by containing email attachments using virtualization-based security.

Get the report: Security Current CISOs Recommend Endpoint Security

  • Hardware-enforced application isolation: when an attachment is opened, it is instantly and transparently hardware-isolated inside a single-use, disposable micro-virtual machine. When the file is closed, the threat terminates along with the micro-VM.
  • Continuous protection follows the malicious attachment: whether it opens directly from within Outlook (including Preview mode), is downloaded to the local host PC from Outlook or web mail, is saved onto a network file share, or is edited and renamed, it remains isolated.
  • Bromium isolation protects against common email attachment attack vectors including Microsoft Outlook, third-party email clients and web mail sites.
  • Shared intelligence: Breachless attack information is shared across all Bromium devices in your network—including detailed indicators of compromise (IOCs) and indicators of attack (IOAs)—instantly improving endpoint protection, reducing the overall attack surface, and enhancing situational awareness.
  • Breachless response: Bromium-isolated devices prevent infection and self-remediate when the email attachment is closed, no immediate remediation or cleaning of the PC is required when email-delivered malware is discovered running on these endpoints, safely contained within micro-VMs.

Zero-breach is within reach using application isolation when 99% effectiveness simply isn’t good enough. Application isolation delivers clear benefits over detection-based solutions, so you can:

  • Save time and resources by allowing employees to open documents from unknown sources without additional verification steps by IT Security
  • Defend against malicious attachments with native application performance online or offline
  • Stop unknown threats that bypass existing layered defenses

Get immediate value from Bromium and put an end to email attachment breaches once and for all. Contact us to see how to add Bromium to your security stack.


Enter your email address to receive notifications.

About the Author

Jennifer Carole

Recent Posts

2018-01-02T06:05:31+00:00January 2nd, 2018|Threats|

Leave A Comment

See Bromium in Action

Request a demo and see how Bromium isolation will put an end to malware and attacks once and for all.

Request a Demo

By continuing to use the site, you agree to the use of cookies. More information

The cookie settings on this website are set to "allow cookies" to give you the best browsing experience possible. If you continue to use this website without changing your cookie settings or you click "Accept" below then you are consenting to this.