Symantec has released Email Threat Isolation, a solution designed to neutralise advanced email attacks, which are still the primary source of malware and scamming in businesses.

The service, the company says, can help to protect users against phishing, ransomware, account takeovers and credential theft.

Symantec says that this product is the first ‘integrated email security solution with threat isolation technology for enterprise email.’ It does this by isolating possibly dangerous links, allowing safe access to potentially harmful pages.

By creating this ‘secure remote execution environment’ the company says customers are provided with a better level of protection. It assesses risk and bases its isolation policies on that risk. If considered risky enough, links are sent to the remote environment, which isolated malicious activity and sends a ‘visual representation’ to the user.

The tool also allows users to open websites in read-only mode which stops employees from entering sensitive corporate information. Symantec states that it is currently the only security vendor taking these steps.

Symantec’s view

Greg Clark, Symantec CEO, believes that protecting against email threats is high priority. “Despite significant efforts by our industry to detect and block email-borne threats, messaging remains the primary vector for malware and scams within the enterprise.

“The industry requires a paradigm shift to properly secure messaging, and we are excited to be bringing the innovation of integrated isolation technology to email. Because the technology is cloud-based, organizations can be up and running quickly and easily, reducing stress on already taxed IT teams.”

“We are bringing innovation to this critical control point, to significantly reduce reliance on employee behaviour, and give IT administrators greater control over their email environment,” added Patrick Gardner, Symantec senior vice president.

A report by Symantec [PDF] found that the overall rate of email malware fell in 2017 from 0.8% in 2016 to 0.2% in 2017. Most of these used a malicious attachment rather than a malicious URL, though in certain industries such as construction, the rate using links was much higher, at 27.2%.

At the start of 2017, 1 in 53 users was sent a phishing attack. This rose to 1 in 33 by the end of the year. The most typical phishing attack subject lines included words such as ‘payment’, ‘urgent’, ‘confidential’ and ‘transfer.’