Epsilon has strengthened its email marketing platform with a hosted security solution from Verizon Business that will identify and mitigate cyber attacks in real-time.
The solution will combine intelligence from Verizon's global internet protocol network to boost Epsilon's breach-detection systems. It used a baseline for normal network behaviour and generated alerts when unusual incidents occurred.
And it will deploy stronger security measures, including restrictive access to its email platform, as well as a secondfactor "grid pattern" system that complemented user names and passwords.
Epsilon was breached earlier this year, when at least 2 percent of its customers' information was exposed by an unauthorised entry into its email system, the biggest such hack to date. Epsilon was a bulk email marketing service, sending 40 billion emails a year on behalf of its more than 2500 corporate customers, many of them among the biggest companies in the world.
Reviews confirmed that only email addresses and names were compromised. It said at the time that investigations would determine if any additional security safeguards were needed. It later confirmed that no financial data was stolen.
Epsilon chief information officer Bryan Kennedy said it had partnered with Verizon to mitigate further breaches.
“Epsilon has already made significant progress in enhancing security measures and remains focused on creating a more secure environment using the most sophisticated resources available to protect our clients and their customers from cyber attacks."
"Unfortunately, data breaches are a very real, ongoing threat and that's why partnering with the best is so critical to us.”
Epsilon said it would also implement new access restrictions through its IP certification requirements, with all access to the email platform, both inbound and outbound, restricted to white-listed IP addresses.
It confirmed that it was working with internet service providers to build an anti-phishing solution to include an open, rapid-communication channel between marketers and ISPs, ways to differentiate legitimate communications from fraudulent and how to monitor brand abuse across email domains.
This was expected to be presented and released to clients before the end of the year.