Why switch from Symantec Cloud Security to Hornetsecurity?

Why switch from Symantec Cloud Security to Hornetsecurity?

Are you a partner of Symantec who is currently selling Symantec Cloud? Or are you on the receiving end; the customer who is being provided Symantec’s Cloud Security? Have you begun considering your switch? With the recent news of the Broadcom acquisition of Symantec, it was announced that over 1 Billion + in funds will be removed from the budget that was set specifically for Symantec Cloud’s Research and Development, Marketing, and Support. For Symantec Email Security partners and customers this is unsettling news, as email cyber-attacks make up over 90% of all threats in today’s modern IT world.

Email is the #1 attack vector, and hackers are constantly creating and identifying new ways to successfully penetrate a business or user’s privacy. With the budget cuts Broadcom has put in place, innovation and research and development will cease hindering updated security levels that are necessary to combat the ever-changing security landscape. Experts believe, knowing that these budget cuts have been put in place, that the security needed for the future will not be met within the MessageLabs solution.

Choosing Hornetsecurity as your Symantec Email Security alternative

With email security being more important for society than ever, it is critical that you choose a provider who is heavily focused on the future of their email security solutions. A provider who fulfills the highest level of protection, but also a provider who aims to continually innovate in preparation for the future. A provider who offers the full package in the realm of email security solutions such as various forms of encryption, automatic archiving, advanced threat protection, continuity, and more. This is where Hornetsecurity fits in perfectly for your organization.

With Hornetsecurity, you are partnering with a vendor who focuses specifically on the security of business cloud communications. Hornetsecurity is a well-known trusted cloud email security provider in much of the world, and is an industry leader throughout Europe. Hornetsecurity operates across 11 offices, spread out over several countries, securing over 45,000+ businesses with our proprietary solutions. Hornetsecurity offers clear advanatages over Symantec Cloud, providing ease of use, comfortability, and reduced management time for any administor working with our solutions.

Independent of all software and hardware, Hornetsecurity saves organizations time and money giving administrators control and transperency. With hundreds of new features and improvements being made within the last 12 months, you can be assured that Hornetsecurity’s offerings are of maximum security and reliability. With a 100% channel focus, our partners benefit from our MSP and Value Added Reseller partner programs, in which direct business is funneled to them in addition to receiving up to 30% margins. With longer system logs, instantenous set-up, and full white-label capabilites, Hornetsecurity allows partners to make the most of the award-winning solution suite. Whether it be on Office 365, Gsuite, Linux Based, etc. Hornetsecurity has the product portfolio to secure your business email communications at the highest level available on the market.

Award-Winning Managed Cloud Security Services by Hornetsecurity

Hornetsecurity has been focusing on cloud computing since 2007 and offers high level protection for customers’ IT infrastructures. 365 Total Protection from Hornetsecurity offers comprehensive protection for Microsoft cloud services – specially developed for Office 365 and is seamlessly integrated to provide comprehensive protection for Microsoft cloud services. Easy to set up and extremely intuitive to use, 365 Total Protection simplifies your IT Security management from the start. 365 Total Protection Business provides all-around protection for the Microsoft Office 365 Suite. 365 Total Protection Enterprise enhances the Business package with features such as email archiving and ATP sandboxing.

With Hornetsecuritys’ Spam and Malware Protection you can be assured of the highest detection rates on the market, with 99.999% guaranteed spam detection and 99.99% virus detection and protects mail servers against DDoS attacks and phishing emails.

With the comprehensive features of our award-winning Advanced Threat Protection, even the most sophisticated cyber attacks have no chance. In times of a wide range of attack vectors, Hornetsecuritys’ Advanced Threat Protection was developed to cope with a multitude of methods in order to ward off all kind of threats like Spear Phishing, Ransomware, Zero-Day Threats and more. With freezing, URL scanning, rewriting and sandboxing Advanced Threat Protection secures the email traffic from insidious cyber attacks.

Switch from Symantec to Hornetsecurity now to receive an exclusive offer!

Hornetsecurity Services compatible with SIEM services thanks to new SIEM Connector

Hornetsecurity Services compatible with SIEM services thanks to new SIEM Connector

The IT infrastructures of companies are exposed to a variety of different threats – ranging from ransomware attacks to phishing waves, or bot attacks aimed at firewalls. To avoid becoming a victim of cyber attacks, complex defense mechanisms must be installed. SIEM services are an important component of this process. SIEM services bundle and analyze all security-relevant data at a central location, which allows suspicious activities to be detected early.

With the new Hornetsecurity SIEM Connector, Hornetsecurity now also offers an interface for SIEM services for its 365 Total Protection and Spam Filter Service products. The Connector automatically receives and imports e-mail log entries from the Hornetsecurity Cloud.

SIEM-Services

Data relating to IT security can be found in many different places in an organization – on end devices, servers, network devices, and special security infrastructure such as firewalls, antivirus or mail security systems. Information and Event Management Services (SIEM) are software products that collect and analyze this information in real-time at a central location.  The programs derive patterns and trends based on this information so that targeted cyber attacks with multiple attack vectors can be detected more quickly. Among the best-known SIEM services are IBM QRadar and Splunk.

The Hornetsecurity SIEM Connector

With the new Hornetsecurity SIEM Connector, users of SIEM services can have email log entries automatically read from the Hornetsecurity Cloud. The new product can be booked if the Hornetsecurity Spam Filter Service or 365 Total Protection (Business or Enterprise) is already in use.

The Hornetsecurity SIEM Connector sends detailed information by means of syslog packets containing the following details:

• General email information: Email subject, attachment file names, message ID from the header, encryption method used and size of the email.

• Processing information: date and time of first processing, classification and reason for classification and number of log entries for this email.

• Sender information: Source address from the SMTP dialog and sender as specified in the email header.

• Information about the recipient: Mailbox to which this email has been assigned by the Hornetsecurity Spamfilter service and recipient, as specified in the e-mail header.

Thanks to the connector, Hornetsecurity services can provide critical log data to SIEM services to provide comprehensive protection for the IT infrastructure.

Simple onboarding of the Hornetsecurity Services: Video tutorial for product training

Simple onboarding of the Hornetsecurity Services: Video tutorial for product training

Extortion, theft, drug trafficking – in times of digitalization, all these crimes are also committed online. Email communication has a central role therein: it is considered the most popular means of communication in companies and at the same time the main vector of incidence for malware. Through social engineering, cybercriminals manipulate their victims in order to persuade them to click on links and open attachments containing ransomware and trojans, for example.

However, companies are not only facing the challenge of protecting email inboxes from misuse as a gateway for cyberattacks. Information and data communicated via email are also increasingly becoming a valuable digital resource in a cybercriminal environment. Managed Security Services offer comprehensive protection against increasing cybercrime without the installation of additional hardware or software. Every day, several new cyber threats emerge that seek their way into the system, so it is important to act quickly.

Hornetsecurity’s Email Security Services protect your email communications from the most sophisticated cyber attacks, annoying spam and malware. In order to offer customers, the opportunity to familiarize themselves with the services in advance and to make the implementation of the products as easy as possible, Hornetsecurity extends its onboarding service with a training program in form of YouTube videos. The activation of the services can thus be implemented as quickly and easily as possible directly by the user.

The trainings are organized in different playlists: The Spamfilter Basic Playlist provides information about the setup of Hornetsecuritys Spam & Malware Protection and its different features. The Spamfilter Advanced I Playlist contains further information on the use of 365 Total Protection, Email archiving and the Signature & Disclaimer. The Spamfilter Advanced II Playlist provides users with useful information on Email encryption and Advanced Threat Protection.

The videos can be accessed at any time using the links below and provide customers all the information they need for onboarding.

Hornetsecurity mobile – on the move with the Progressive Web App

Hornetsecurity mobile – on the move with the Progressive Web App

In recent years, the number of apps downloaded from app stores to mobile devices has steadily decreased. According to a forecast by the IT consulting firm Gartner, half of all apps used in 2020 will be Progressive Web Apps (PWA). Hornetsecurity reacted to this trend and released a Progressive Web App for the Hornetsecurity Control Panel.

A Progressive Web App is a combination of a responsive website and a native app. Since February 2019, a Progressive Web App is available to all Hornetsecurity customers, enabling them to access the control panel from a mobile device in a simple way. Since the release of the control panel version 6.5.2.0 at the end of June 2019, the Progressive Web App has also been available as a white label version with which Hornetsecurity customers and partners who have booked the white label option can customize the app name, icon and splash screen.

Advantages of the Progressive Web App from Hornetsecurity

With the Progressive Web App, it is possible to create an icon on the home screen, allowing easy access to the control panel. In comparison to a responsive website, the Control Panel does not has to be opened in a browser but is accessed directly by clicking on the icon. With the white label version, the icon, app name and logo on the splash screen can also be adapted to the company’s design.

Another advantage is that, unlike native apps, the Progressive Web App does not need to be downloaded and therefore does not consume any storage capacity on the mobile device. The Progressive Web App software also updates automatically. Furthermore, the use of the Progressive Web App saves time, as the user name and password can be saved and thus prevent the time-consuming, repeated input of user data.

So, if you want to access the control panel quickly and conveniently from home or on the train, install the Progressive Web App and benefit from better usability.

How to

1. Open the Internet browser on your smartphone and enter “cp.hornetsecurity.com” in the address bar.
2. At the bottom of your browser, a pop-up opens with the instructions for installing the Web App.
3. After installing the Web App on your home screen, open the app and log in with your login data.

CONTENT FILTER 2.0 – The security officer for your data transfer

CONTENT FILTER 2.0 – The security officer for your data transfer

The State Criminal Police Office of Lower Saxony is currently warning against an increase of emails with fraudulent application content. These emails are explicitly directed at companies with advertised vacancies and endanger in particular personnel departments that are involved in application processes. The seriously formulated emails are attached with alleged application documents in the form of archive data. If these files are unpacked, however, no application documents are revealed, but rather dangerous malware that infects the system.

Secure data transfer with Hornetsecurity’s Content Filter

With Hornetsecurity’s Content Filter, effective protection measures can be taken against unwanted file attachments. In addition to the general protection provided by the spam and virus filter, individual settings for attachments of incoming and outgoing emails can be made within the content filter. Updating the content filter to version 2.0 now also checks nested archives. Defined rules can still be applied for the entire domain or for certain user groups. This allows particularly vulnerable groups in the company to be deliberately protected against current attacks.

Easy setting – secure data transfer

The Content Filter offers an uncomplicated handling for the management of email attachments. Unwanted file formats, such as executable files, are grouped under the collective term .executable and can be selected from a predefined list with just a few clicks by the first time they are set up. Additional file formats that do not fall under one of the collective terms can be added if required. In addition, it is possible to individually configure the maximum permitted size for affected email attachments.
Hornetsecuity Content Filter 2.0

Fig. 1: Settings in the content filter for incoming emails

In case of application two actions can be set for handling the affected: Block email or cut attachment. In addition, encrypted Attachments, which are increasingly used in common formats such as PDF, ZIP, RAR etc., can be explicitly prohibited (Fig. 1). Furthermore, the content filter includes an automated comparison of file extensions with the supplied MIME type, which can differ significantly from the file extension in the case of suspicious email attachments. Archive Files that have internal nesting structures in the form of additional archives are analyzed and evaluated down to the security-relevant level.
If the content filter intervenes and removes a suspicious attachment, it changes the original state of the message. For signed emails, active intervention by the content filter causes the signature to be corrupted. If this occurs, the content filter informs the recipient and specifies whether the signature was valid before the change (Fig.2).
Hornetsecurity Content Filter 2.0

Fig. 2: Valid signature after truncating the content

However, if the certificate of the signed email is available on our systems, the email whose signature was broken by truncating the file attachment is re-signed and thus retains its validity.
The content filter can be activated for all Hornetsecurity partners and customers in addition to the spam and virus filter.

ATP – the interoperable complement for comprehensive protection

The current threat landscape of malware ranges from ransomware to cryptominers and is constantly changing. Spam, virus and content filters provide a solid basis against cyber attacks. These filters do not provide 100% protection against targeted and sophisticated attacks on companies. Further protection mechanisms are needed that adapt to the constantly changing types of attacks and malware. By combining Hornetsecurity’s interoperable filters, full protection against specific cyber attacks can be achieved and sustainably secured for companies.
In addition to the spam and virus filter, Advanced Threat Protection (ATP) from Hornetsecurity offers reliable protection against current malware attacks. ATP integrates seamlessly into the existing filters from Hornetsecurity email services and has, in comparison to the content filter, profound behavior analyses of file contents. Thanks to the integrated ATP engines such as the sandbox, URL Rewriting and URL Scanning , attacks such as targeted or blended attacks are detected early and the necessary protective measures are initiated in real time. For example, hidden links infiltrated in files can be recursively tracked in an isolated environment and the content hidden within can be subjected to forensic analysis. For content patterns that indicate malicious intent, the company’s IT security team is notified in real time for immediate protection.
EFAIL: A vulnerability in the PGP and S/MIME encryption methods?

EFAIL: A vulnerability in the PGP and S/MIME encryption methods?

UPDATE from May 16, 2018:
In order to proactively protect our corporate customers, who are still encrypting and decrypting their emails via an in-house solution and have not yet booked the Hornetsecurity Encryption Service, from EFAIL, we have also developed a special filter level for attacks according to the EFAIL pattern. The only prerequisite for this is that their email communication runs via the Hornetsecurity servers, which is generally the case with our email security products.   The filter level is already activated by default for all our customers who have booked at least the Hornetsecurity spam filter service and. It protects not only against EFAIL, but also against future attacks with similar patterns.   +++++   A known vulnerability is transferred to the PGP and S/MIME protocols and takes email manipulation to a new level. No problem for Hornetsecurity.
On Monday, May 14, 2018, a team of security researchers from the University of Applied Sciences Münster, the Ruhr University Bochum and the University of Leuven (Belgium) published a paper that questions the security of the PGP and S/MIME encryption standards and thus attracts worldwide attention.
However, the vulnerabilities discovered (CVE-2017-17688 and CVE-2017-17689) do not affect the protocols themselves, but use an already known vulnerability to decrypt encrypted emails by the mail client and send them to the attacker.
A prerequisite for the execution of the attacks is that the attacker already possesses emails in encrypted form. To do this, the emails need to be intercepted during transport. The attacker must have previously executed a man-in-the-middle attack (MitM) or compromised a mail server to gain access to the emails passing through him or the server. Only if these requirements are met, the attacker can execute one of the EFAIL attacks described in the paper.
The authors of the paper present two similar attacking methods to decrypt emails with existing PGP or S/MIME encryption.
The first method is quite simple, but limited to certain email clients (Apple Mail, iOS Mail, Mozilla Thunderbird) and any third-party plug-ins installed there:
To do this, the attacker creates an email with three body parts. The first part formats the email as HTML and inserts an image tag with a target website. The quotation marks and the image tag are not closed. This is followed in the second body part by the PGP- or S/MIME-encrypted text. The third part consists of HTML formatting again and closes the image tag from part one.

(Source: EFAIL attacks, 14/05/04 )

If the attacker sends this email to the sender of the encrypted message, it is possible that the message is decrypted and transmitted to the stored website. To do this, the email client must be configured so that it automatically downloads external images without asking the user.
The second way to read PGP or S/MIME encrypted emails is a well-known method of how to extract plain text in blocks of encrypted messages.
The attacking scenarios are called CBC attack (S/MIME) and CFB attack (PGP). They determine a known text portion in an encrypted message and overwrites subsequent blocks with their own content. The EFAIL attack inserts an image tag with a target website into the encrypted text, as described in the first part. If the message is then delivered to the actual recipient of the encrypted message, it is possible that the message is decrypted and transmitted to the attacker.
EFAIL: A vulnerability in the PGP and S/MIME encryption methods?

Stay in touch

Sign up to get the latest News about Cloud Security.

Oops! We could not locate your form.

The emails encrypted by Hornetsecurity are protected by design against attacks of this kind, since Hornetsecurity does not even allow the different content types (multipart/mixed) required for the attack.
The encryption methods themselves – S/MIME and PGP – were not broken; rather, vulnerabilities were found in email clients for HTML emails that bypass these encryption techniques. In addition, we object to the recommendation of various security researchers to generally deactivate content encryption: PGP and S/MIME are still not per se more insecure than a pure transport-encrypted transmission or no encryption at all, even after this publication. Since the attack requires a MitM attack, i.e. a breaking of the possible transport encryption, a general levering out of content encryption would be fatal: Possible attackers could even read the email traffic directly like a postcard!
Hornetsecurity Encryption Service, which is immune to EFAIL, does not require any client plug-ins: Encryption and decryption are fully automated by Hornetsecurity in the cloud – no installation, maintenance or user interaction is required – simply secure!

Further information: