IMSVA Main Features and Benefits

Cloud-based pre-filtering of messages

Cloud Pre-Filter integrates with IMSVA to scan all email traffic before it reaches your network.

Cloud Pre-Filter can stop significant amounts of spam and malicious messages (up to 90% of your total message traffic) from ever reaching your network.

Email encryption

Trend Micro Email Encryption integrates with IMSVA to encrypt or decrypt all email traffic entering and leaving your network.

Trend Micro Email Encryption provides IMSVA the ability to encrypt all email messages leaving your network. By encrypting all email messages leaving a network administrators can prevent sensitive data from being leaked.

Advanced anti-malware protection

The Advanced Threat Scan Engine (ATSE) uses a combination of pattern-based scanning and aggressive heuristic scanning to detect document exploits and other threats used in targeted attacks.

ATSE identifies both known and unknown advanced threats, protecting your system from new threats that have yet to be added to patterns.

Command & Control (C&C) Contact Alert Services

C&C Contact Alert Services allows IMSVA to inspect the sender, recipients and reply-to addresses in a message's header, as well as URLs in the message body, to see if any of them matches known C&C objects.

C&C Contact Alert Services provides IMSVA with enhanced detection and alert capabilities to mitigate the damage caused by advanced persistent threats and targeted attacks.

Graymail

Graymail refers to solicited bulk email messages that are not spam. IMSVA detects marketing messages and newsletters and social network notifications as graymail.

IMSVA manages graymail separately from common spam to allow administrators to identify graymail messages. IP addresses specified in the graymail exception list bypass scanning.

Regulatory compliance

Administrators can meet government regulatory requirements using the new default policy scanning conditions Compliance templates.

Compliance templates provide administrators with regulatory compliance. For a detailed list of available templates, see http://docs.trendmicro.com/en-us/enterprise/data-protection-reference-documents.aspx.

Smart Scan

Smart Scan facilitates a more efficient scanning process by off-loading a large number of threat signatures previously stored on the IMSVA server to the cloud.

Smart Scan leverages the Smart Protection Network to:

IntelliTrap

Virus writers often attempt to circumvent virus filtering by using different file compression schemes. IntelliTrap provides heuristic evaluation of these compressed files.

Because there is the possibility that IntelliTrap may identify a non-threat file as a security risk, Trend Micro recommends quarantining message attachments that fall into this category when IntelliTrap is enabled. In addition, if your users regularly exchange compressed files, you may want to disable this feature.

By default, IntelliTrap is turned on as one of the scanning conditions for an antivirus policy, and is configured to quarantine message attachments that may be classified as security risks.

IntelliTrap helps reduce the risk that a virus compressed using different file compression schemes will enter your network through email.

Content management

IMSVA analyzes email messages and their attachments, traveling to and from your network, for appropriate content.

Content that you deem inappropriate, such as personal communication, large attachments, and so on, can be blocked or deferred effectively using IMSVA.

Real-time Statistics and Monitor

Administrators can monitor the scan performance and Sender Filtering performance of all IMSVA devices (within a group) on the management console.

IMSVA provides administrators with an overview of the system that keeps administrators informed on the first sign of mail processing issues. Detailed logging helps administrators proactively manage issues before they become a problem.

DoS attacks

By flooding a mail server with large attachments, or sending messages that contain multiple viruses or recursively compressed files, individuals with malicious intent can disrupt mail processing.

IMSVA allows you to configure the characteristics of messages that you want to stop at the SMTP gateway, thus reducing the chances of a DoS attack.

Malicious email content

Many types of file attachments, such as executable programs and documents with embedded macros, can harbor viruses. Messages with HTML script files, HTML links, Java applets, or ActiveX controls can also perform harmful actions.

IMSVA allows you to configure the types of messages that are allowed to pass through the SMTP gateway.

Degradation of services

Non-business-related email traffic has become a problem in many organizations. Spam messages consume network bandwidth and affect employee productivity. Some employees use company messaging systems to send personal messages, transfer large multimedia files, or conduct personal business during working hours.

Most companies have acceptable usage policies for their messaging system—IMSVA provides tools to enforce and ensure compliance with existing policies.

Legal liability and business integrity

Improper use of email can also put a company at risk of legal liability. Employees may engage in sexual or racial harassment, or other illegal activity. Dishonest employees can use a company messaging system to leak confidential information. Inappropriate messages that originate from a company's mail server damage the company's reputation, even if the opinions expressed in the message are not those of the company.

IMSVA provides tools for monitoring and blocking content to help reduce the risk that messages containing inappropriate or confidential material will be allowed through your gateway.

Mass mailing virus containment

Email-borne viruses that may automatically spread bogus messages through a company’s messaging system can be expensive to clean up and cause panic among users.

When IMSVA detects a mass-mailing virus, the action performed against this virus can be different from the actions against other types of viruses.

For example, if IMSVA detects a macro virus in a Microsoft Office document with important information, you can configure the program to quarantine the message instead of deleting the entire message, to ensure that important information will not be lost. However, if IMSVA detects a mass-mailing virus, the program can automatically delete the entire message.

By auto-deleting messages that contain mass-mailing viruses, you avoid using server resources to scan, quarantine, or process messages and files that have no redeeming value.

The identities of known mass-mailing viruses are in the Mass Mailing Pattern that is updated using the TrendLabs℠ ActiveUpdate Servers. You can save resources, avoid help desk calls from concerned employees and eliminate post-outbreak cleanup work by choosing to automatically delete these types of viruses and their email containers.

Spyware and other types of grayware

Other than viruses, your clients are at risk from potential threats such as spyware, adware and dialers. For more information, see About Spyware/Grayware.

IMSVA’s ability to protect your environment against spyware and other types of grayware enables you to significantly reduce security, confidentiality, and legal risks to your organization.

Spam Prevention Solution (SPS)

Spam Prevention Solution (SPS) is a licensed product from Trend Micro that provides spam detection services to other Trend Micro products. To use SPS, obtain an SPS Activation Code. For more information, contact your sales representative.

SPS works by using a built-in spam filter that automatically becomes active when you register and activate the SPS license.

The detection technology used by Spam Prevention Solution (SPS) is based on sophisticated content processing and statistical analysis. Unlike other approaches to identifying spam, content analysis provides high-performance, real-time detection that is highly adaptable, even as spam senders change their techniques.

Spam Filtering with IP Profiler, Email Reputation and SMTP Traffic Throttling

IP Profiler is a self-learning, fully configurable feature that proactively blocks IP addresses of computers that send spam and other types of potential threats. Email reputation blocks IP addresses of known spam senders that Trend Micro maintains in a central database. SMTP Traffic Throttling blocks messages from a single IP address or sender for a certain time when the number of connections or messages reaches the specified maximum.

With the integration of Sender Filtering, which includes IP Profiler, Email Reputation and SMTP Traffic Throttling, IMSVA can block spammers at the IP level.

Social Engineering Attack Protection

Social Engineering Attack Protection detects suspicious behavior related to social engineering attacks in email messages.

When Social Engineering Attack Protection is enabled, the Trend Micro Antispam Engine scans for suspicious behavior in several parts of each email transmission, including the email header, subject line, body, attachments, and the SMTP protocol information. If the Antispam Engine detects behavior associated with social engineering attacks, the Antispam Engine returns details about the message to IMSVA for further action, policy enforcement, or reporting.

LDAP and domain-based policies

You can configure LDAP settings if you are using LDAP directory services such as Lotus Domino™ or Microsoft™ Active Directory™ for user-group definition and administrator privileges.

Using LDAP, you can define multiple rules to enforce your company’s email usage guidelines. You can define rules for individuals or groups, based on the sender and recipient addresses.

Web-based management console

The management console allows you to conveniently configure IMSVA policies and settings.

The management console is SSL-compatible. Being SSL-compatible means access to IMSVA is more secure.

End-User Quarantine (EUQ)

IMSVA provides web-based EUQ to improve spam management. The web-based EUQ service allows end-users to manage the spam quarantine of their personal accounts and of distribution lists that they belong to. IMSVA quarantines messages that it determines are spam. The EUQ indexes these messages into a database. The messages are then available for end-users to review, delete, or approve for delivery.

With the web-based EUQ management console, end-users can manage messages that IMSVA quarantines.

IMSVA also enables users to apply actions to quarantined messages and to add senders to the Approved Senders list through links in the EUQ digest.

Delegated administration

IMSVA offers the ability to create different access rights to the management console. You can choose which sections of the console are accessible for different administrator logon accounts.

By delegating administrative roles to different employees, you can promote the sharing of administrative duties.

Centralized reporting

Centralized reporting gives you the flexibility of generating one time (on demand) reports or scheduled reports.

Helps you analyze how IMSVA is performing.

One time (on demand) reports allow you to specify the type of report content as and when required. Alternatively, you can configure IMSVA to automatically generate reports daily, weekly, and monthly.

IMSVA allows you to send both one-time and scheduled reports through email.

System availability monitor

A built-in agent monitors the health of your IMSVA server and delivers notifications through email or SNMP trap when a fault condition threatens to disrupt the mail flow.

Email and SNMP notification on detection of system failure allows you to take immediate corrective actions and minimize downtime.

POP3 scanning

You can choose to enable or disable POP3 scanning from the management console.

In addition to SMTP traffic, IMSVA can also scan POP3 messages at the gateway as messaging clients in your network retrieve them.

Clustered architecture

The current version of IMSVA has been designed to make distributed deployment possible.

You can install the various IMSVA components on different computers, and some components can exist in multiples. For example, if your messaging volume demands, you can install additional IMSVA scanner components on additional servers, all using the same policy services.

Integration with Virtual Analyzer

IMSVA integrates with Virtual Analyzer, which is an isolated virtual environment used to manage and analyze samples in Deep Discovery Advisor and Deep Discovery Analyzer.

IMSVA sends suspicious files and URLs to the Virtual Analyzer sandbox environment for simulation. Virtual Analyzer opens files, including password-protected archives and document files, and accesses URLs to test for exploit code, C&C and botnet connections, and other suspicious behaviors or characteristics.

Integration with Trend Micro Control Manager™

Trend Micro Control Manager™ (TMCM) is a software management solution that gives you the ability to control antivirus and content security programs from a central location regardless of the program’s physical location or platform. This application can simplify the administration of a corporate virus and content security policy.

Outbreak Prevention Services delivered through Trend Micro Control Manager™ reduces the risk of outbreaks. When a Trend Micro product detects a new email-borne virus, TrendLabs issues a policy that uses the advanced content filters in IMSVA to block messages by identifying suspicious characteristics in these messages. These rules help minimize the window of opportunity for an infection before the updated pattern file is available.

Integration with syslog servers

IMSVA integrates with syslog servers that use the syslog protocol to receive log messages. Syslog protocol is a network logging standard supported by a wide range of network devices and contains information on network events and errors.

Syslog server integration implements centralized log collection and management for multiple IMSVA servers and consolidates log data from all over the network into a single central repository. Collecting and analyzing syslog messages is essential for maintaining network stability and auditing network security.

Time-of-Click Protection

IMSVA provides time-of-click protection against malicious URLs in email messages.

If you enable Time-of-Click Protection, IMSVA rewrites URLs in email messages for further analysis. Trend Micro analyzes those URLs at the time of click and will block them if they are malicious.