For years, password-protected attachments have been a sore spot for email security services. Until we can reliably break encryption, you can't scan the password-protected attachment for malicious material.
What email security solutions have done to get over this is try to guess the password of the attachment. Most use a list of commonly used passwords and look in the email body for any clues. If they guess it, great. But more often than not, security services can't. So for phishing attacks, this is an extremely effective method of getting around the scanner.
Security services have had to make a decision. Either quarantine every email with a password-protected attachment or quarantine every email with a password-protected attachment. It becomes a productivity versus security question. That's an unfair tradeoff.
There is a middle ground and that's what we're introducing with our handling of password-protected attachments. Here's how it works.
- If guessing the password fails, end users receive the email without the attachment, but with a banner containing a restore link
- Clicking the link prompts the end user to type in the password for the attachment
- The attachment is then inspected and if found benign, the original recipients of the email will get the original email with all its attachments restored
This workflow ensures:
- Maximum security for password-protected attachments
- No impact on end-user productivity
- No help desk involvement at all
Want to sese what it looks like in practice? Check out this short video.