Complementary solutions provide a comprehensive defense against phishing, email impersonation, and email fraud
SAN FRANCISCO, August 15, 2019 — Valimail, the world’s leading provider of anti-phishing technologies to stop fake email and restore trust to communications, announced today that it is now an Alliance Partner with Mimecast. Joint customers of the two companies can now create a comprehensive, layered email defense that addresses both content-based email attacks (malicious attachments and links) and sender identity attacks (including business email compromise, or BEC).
Reported losses from BEC exceeded $1.2 billion in 2018, according to the Internet Crime Coordination Center (IC3), but reported losses are only a fraction of the total: The FBI estimates that BEC attacks have actually caused more than $12.5 billion in worldwide losses over the past five years — and those losses are accelerating.
Furthermore, email impersonation attacks increased 80 percent in the first half of 2018, according to research from Mimecast. These attacks often contain no malware or malicious links. As a result, email security solutions that focus solely on the contents of email messages — “what” an email contains — often miss these attacks. Mimecast’s recent Email Security Risk Assessment found that between 18 and 60 percent of email impersonation attacks were not caught by email security providers.
What is needed is a layered defense strategy that examines, validates, and authenticates the identities of email senders — “who” the email comes from. The Valimail Trust Layer™ provides exactly that, with DMARC reporting and enforcement to stop exact-domain impersonations, plus trusted-sender validation to block lookalike domains and friendly-from spoofing.
Valimail and Mimecast take vastly different approaches to stopping BEC and other types of impersonation-based phishing, making their solutions complementary, and stopping a wider set of attacks while providing a more robust defense layer than any one solution. Valimail’s Trust Layer identifies, dynamically whitelists, and authenticates trusted senders, while blocking all others. It dovetails with Mimecast Targeted Threat Protection – Impersonation Protect, which is designed to analyze and combine multiple indicators of compromise to block impersonation attacks targeting employees. The two combine for robust defense against lookalike domains (aka cousin domains or homomorphic domain attacks), open-signup (friendly-from) attacks, exact-domain spoofing, and malicious emails sent from compromised accounts.