Advanced Detection
Deep Discovery Email
Inspector advanced
detection technology discovers targeted threats in email messages, including spear-phishing
and
social engineering attacks.
-
Reputation and heuristic technologies catch unknown threats and document exploits
-
File hash analysis blocks unsafe files and applications
-
Detects threats hidden in password-protected files and shortened URLs
-
Predictive machine learning technology detects emerging unknown security risks
-
Blocks malicious URLs in email messages at the time of mouse clicks
Visibility, Analysis, and Action
Deep Discovery Email
Inspector provides real-time
threat visibility and analysis in an intuitive, multi-level format. This allows security
professionals to focus on the real risks, perform forensic analysis, and rapidly
implement containment and remediation procedures.
Flexible Deployment
Deep Discovery Email
Inspector integrates into
your existing anti-spam/antivirus network topology by acting as a Mail Transfer Agent
in the
mail traffic flow or as an out-of-band appliance monitoring your network for cyber
threats.
Policy Management
Policy
management allows administrators to enforce preventative actions on messages based
on scanning
conditions. You can create policies to perform the following tasks:
-
Delete suspicious email messages
-
Block and quarantine suspicious email messages
-
Allow certain email messages to pass through to the recipient
-
Strip suspicious attachments
-
Redirect suspicious links to blocking or warning pages
-
Tag the email subject with a customized string
-
Notify recipients when a policy rule is matched
-
Send copies of detected email messages to archive servers
Custom Threat Simulation Sandbox
The Virtual Analyzer sandbox environment opens files, including password-protected
archives and document files, and URLs to test for malicious behavior. Virtual Analyzer
is able to find exploit code, Command & Control (C&C) and botnet connections, and
other suspicious behaviors or characteristics.
Email Attachment Analysis
Deep Discovery Email
Inspector utilizes multiple detection engines and sandbox simulation to investigate file attachments.
Supported file types include a wide range of executable, Microsoft Office, web content,
and compressed files.
Embedded URL Analysis
Deep Discovery Email
Inspector utilizes
reputation technology, direct page analysis, and sandbox simulation to investigate
URLs
embedded in an email message.
Email Encryption
Email Encryption
allows Deep Discovery Email
Inspector to perform the following
tasks based on policy settings:
-
Decrypt messages encrypted using Trend Micro Identity-Based Encryption (IBE) for scanning
-
Encrypt messages for secure delivery in MTA mode
Deep Discovery Email
Inspector
can decrypt and encrypt messages regardless of the email client or platform from which
the
messages originated.
NoteWhen Deep Discovery Email
Inspector
operates in TAP/BCC mode and receives an encrypted message, Deep Discovery Email
Inspector only decrypts and scans the
message. Deep Discovery Email
Inspector does not encrypt
messages in TAP/BCC mode.
|
Spam Scanning
Spam messages are generally unsolicited messages containing mainly
advertising content. Deep Discovery Email
Inspector uses the
following components to filter email messages for spam:
-
Trend Micro Antispam Engine
-
Trend Micro spam pattern files
Trend Micro Antispam Engine uses spam signatures and heuristic rules to filter
email messages. The Antispam Engine scans email messages and assigns a spam score
to each one
based on how closely it matches the rules and patterns from the pattern file. Deep Discovery Email
Inspector compares the spam score to the
selected spam detection level or user-defined detection threshold. When the spam score
exceeds
the detection level or threshold, Deep Discovery Email
Inspector takes action against the spam message.
For example, spammers often use many exclamation marks or more than one consecutive
exclamation
mark (!!!!) in their email messages. When Deep Discovery Email
Inspector detects a message that uses exclamation marks this way, it increases the spam
score for that email message.
The Antispam Engine also includes the
Email Malware Threat Scan Engine that performs advanced threat scans on email
attachments (including script files and Microsoft Office macroware) to detect
malware.
Graymail Scanning
Graymail refers to solicited bulk email messages that are not spam. Deep Discovery Email
Inspector detects marketing messages and
newsletters, social network notifications, and forum notifications as graymail. Deep Discovery Email
Inspector identifies graymail messages in two
ways:
-
Email Reputation Services scoring the source IP address
-
Trend Micro Anti-Spam Engine identifying message content
Sender Filtering
You can configure the following sender filtering settings
in Deep Discovery Email
Inspector to effectively
block senders of spam messages at the IP address or sender email address
level:
-
Approved and blocked senders lists
-
Email Reputation Services (ERS)
-
Directory harvest attack (DHA) protection
-
Bounce attack protection
-
SMTP traffic throttling
Sender Authentication
Deep Discovery Email
Inspector supports the following sender authentication standards to
effectively detect and fight against techniques used in email phishing and
spoofing:
-
Sender Policy Framework (SPF)
-
DomainKeys Identified Mail (DKIM)
-
Domain-based Message Authentication, Reporting & Conformance (DMARC)
In addition, you can configure Deep Discovery Email
Inspector
to sign outgoing messages using DKIM signatures to prevent spoofing.
Content Filtering
You can create content filtering rules in Deep Discovery Email
Inspector to:
-
Block content that you specify as inappropriate from reaching recipients by analyzing message content and attachments
-
Detect and remove active content (such as macros) in Microsoft Office attachments
Data Loss Prevention
Data Loss Prevention safeguards an organization's digital assets against
accidental or deliberate leakage. Data Loss Prevention allows administrators to:
-
Identify the digital assets to protect
-
Create policies that limit or prevent the transmission of digital assets through email messages
-
Enforce compliance to established privacy standards
End-User Quarantine
Deep Discovery Email
Inspector
includes the End-User Quarantine (EUQ) feature to improve spam management. Messages
that are
determined to be spam are quarantined and are available for users to review, delete,
release, or
approve for delivery. You can configure Deep Discovery Email
Inspector to automatically send EUQ digest notifications with inline action links. With
the web-based EUQ console, users can manage the spam quarantine of their personal
accounts and of
distribution lists that they belong to and add senders to the Approved Senders list.
Social Engineering Attack Protection
Social Engineering Attack Protection detects suspicious behavior related to
social engineering attacks in email messages. When Social Engineering Attack Protection
is
enabled, Deep Discovery Email
Inspector scans for
suspicious behavior in several parts of each email transmission, including the email
header,
subject line, body, attachments, and the SMTP protocol information.
Password Derivation
Deep Discovery Email
Inspector decrypts
password-protected archives and document files using a variety of heuristics and
customer-supplied keywords.