Today is a big day for Valimail, as we’re announcing the second major product to be built on our IDEA™ Platform: Valimail Defend™.
Valimail Defend eliminates a new class of inbound email impersonation attacks, including friendly-from spoofing as well as lookalike-domain (aka cousin-domain) attacks.
Defend complements Valimail Enforce™, our automated solution for DMARC enforcement, which eliminates both inbound and outbound exact-domain impersonation attacks. Together, the two offer broad, 360-degree protection against almost all types of email impersonation.
Valimail Defend builds on three years of experience with Enforce and the IDEA platform that powers it. In that time we’ve helped many enterprise customers get to enforcement (in a median of 62 days), and we’ve protected those customers from billions of fraudulent messages. We’ve also been constantly building our intelligence on the email ecosystem — including legitimate senders, suspicious/fraudulent senders, domains, and mail gateways — making our knowledge base second to none.
We’ve brought the same mindset to Defend that gives Valimail Enforce the verifiably best track record in the industry for getting customers to enforcement (the point at which customer domains are actually protected from impersonation). We are so confident of our ability to get customers to enforcement that we guarantee it — and in fact, Enforce is the only email authentication solution on the market to offer an enforcement guarantee.
Since the beginning, Valimail has taken a unique approach to email anti-impersonation. We have never felt it was necessary to examine the contents of email messages or to process anything that could be considered personally identifiable information (PII) or protected health information (PHI). Instead, we’ve taken a strictly domain-based approach to authentication that allows us to determine the authenticity of incoming messages without reading the content of those messages.
That’s not to say that content-scanning is unimportant. In fact, the filtering and malware detection that secure email gateways (SEGs) do is a critical part of an effective, layered approach to cybersecurity.
Our philosophy is simple: If someone is sending you a message under fraudulent pretenses — they’re pretending to be someone or something they aren’t — that is a definitive indicator of bad intent, and the message should be deleted. We partner with SEGs and SIEMs so they can investigate the attack vector. We’re focused on stopping the attack in the most automated and effective way possible. And once you have authenticated the sender, content-scanning and user-training become more meaningful and effective.
In other words, Valimail — through Enforce and Defend — has built a “trust layer” for email and communications that enables customers to eliminate a huge class of threats.
We know from many research studies that 90 percent or more of successful cyberattacks start with email phishing. And the majority of phishing attacks use impersonation techniques. Eliminate email impersonation, and you’ve just kneecapped hackers by taking away their most-used attack technique. This then forces them to try other, more difficult attacks.
In short, adding a trust layer to email enables a significant improvement in the overall cybersecurity posture of an enterprise. And, over time, we believe it will lead to a renaissance of trust in email.
We’re well on our way in that journey, and the launch of Valimail Defend gets us significantly closer to that goal.
Stay tuned: We’ll have more to show you very soon.
And in the meantime, if you’re a current Valimail Enforce customer and you’re not already participating in the beta for Valimail Defend, let us know.
Top photo: Flickr/Lars Plougmann