We are pleased to announce the launch of our latest solution designed to detect 2-step phishing attacks. This type of attack requires users to click twice in order to reach the malicious payload. Typically, attackers use legitimate websites to host the initial link, and users are then directed to a fake login screen.

To combat this evasion technique, Perception Point has developed an innovative image recognition model that leverages object detection. Our model takes a screenshot of a webpage and identifies clickable elements within it. This enables us to dynamically scan fake login websites and prevent them from reaching users’ inboxes.

This enhanced phishing detection functionality is now automatically available to all users of Perception Point's Advanced Email Security, further improving your email protection.

Screenshots of it in action:

Perception Point’s incident response (IR) team provides 24/7 fast reaction to users' requests for scan investigations - and strives for quick remediation.
Tracking the discussion and the actions taken is very important, and can be done in the Scan History control [in the Scans page of X-Ray].

The Scan History control was enhanced to include all emails sent between your organization and the IR team - that relate to the original investigation request. This makes it easier to view the entire scan history discussion in one place.

In addition, we've enhanced the way that we show the scan history. The scan history is now displayed as a conversation between your organization and the Perception Point IR team. This makes it easier to follow the input from both participants involved in the investigation.

To improve visual clarity relating to verdicts in X-Ray, we have added color coding to the icons for each type of verdict - using the standard traffic light colors. Icons for malicious and restricted verdicts are displayed in red; for spam and suspicious verdicts in yellow, and for clean verdicts in green.

You can see the new color-coded icons in the Scans page and in the Insights dashboard in X-Ray. 

We have redesigned the X-Ray Insights dashboard so that it now focusses on the specific attack types to which your organization is subjected, such as Credential Phishing and Vendor Impersonation attacks. Understanding the attack types will help you to better protect your organization. 

To provide an ever better understanding of the most frequent attacks, we added three new metrics that you can display in the Insights dashboard: Top attacked people, Top compromised people, and Top impersonated identities.

To enhance Perception Point's ability to prevent risky files from reaching end users, Perception Point manages a list of restricted file types, for example, executable files. Files of a restricted type can be blocked by Perception Point - regardless of whether the files are clean or malicious. Perception Point can block these file types even if the files are inside an archive file or behind a URL.

To block restricted file types, you need to first specify that these file types should be blocked. This is done in the list of verdicts to be quarantined, under Settings -> Preferences -> Detection.

Perception Point X-Ray lets you view the default list of restricted file types. If required, you can now manage your own set of restricted file types.

To manage your set of restricted file types, hover over your name on the right of the X-Ray toolbar, and then click Settings. Click Preferences, and then scroll down to the Restricted File Types section.

At Perception Point, we are continually improving our ability to detect malicious content in the files that we scan. We improved our MSI file scanning by adding the ability to unpack the MSI files in order to be able to extract and detect malicious payloads inside these files - in addition to the scans that we previously performed. 

This enhanced MSI detection functionality is automatically made available to all users of Perception Point - thereby further improving your email protection. 

Scans performed by Perception Point’s AES [Advanced Email Security] and ABS [Advanced Browser Security] can now be linked inside X-Ray. This means that if a URL was included somewhere inside an email, and the same URL was also accessed independently using an ABS-protected browser, the two resulting independent scans are now linked. This improves your ability to analyze the information from both scans.

You can access the linked scans under Extracted Path in the details view of the Scans page.

Conversation hijacking attacks occurs when bad actors insert themselves into ongoing email conversations - creating misconceptions that make the legitimate participants of the conversation believe that the hijackers are also legitimate participants.

Perception Point’s scanning engines now include the ability to detect conversation hijacking attempts. When a conversation hijack attempt is detected by Perception Point, the associated email is assigned a malicious scan verdict.

The new conversation hijacking detection functionality is automatically made available to all users of Perception Point’s email security.

Perception Point's new Sender Profiler gives you real-time insight into the traffic and reputation associated with the sender of each scanned email. The sender of an email is broken down into multiple components, and each component is analyzed separately, and where beneficial, together with other associated components.

• Traffic insights: The Traffic insights chart lets you see details of the traffic associated with an email sender, broken down by component, and displayed per verdict.
• Reputation analysis: The Reputation analysis spider-graph displays a real-time graphical representation of the data from Perception Point's reputation algorithms. Hover your cursor over the graph to show additional information.

The Sender Profiler is available for all email scans that have a spam or malicious verdict.

In the Insights page inside X-Ray, you can now configure the Top-X component that defines which attack vectors are shown. You can specify the attack options that will appear in the Top-X component, and the order in which these selected options will appear.
To configure the Top-X component, click the Settings icon on the right of the Top-X attack component.