Detect security risks and identify anomalies by correlating signals across different sources.
Designed to empower you with enhanced detection capabilities against sophisticated
attacks, Correlated Intelligence correlates suspicious signals from various sources
to detect phishing security risks and anomalies.
NoteCorrelated Intelligence is available for Inbound Protection only.
Correlated Intelligence collects signals from Virus Scan and Spam Filtering.
|
One key advantage of Correlated Intelligence is its capability to see and analyze
signals from multiple sources to identify phishing security risks that may go unnoticed
by a single security filter. This multi-source approach adds an extra layer of protection
to detect potential threats.
Another highlight of Correlated Intelligence is its ability to alert you of anomalies,
which shows one or multiple signals that deviate from normal behaviors. Anomalies
may not necessarily indicate a security risk, but are unusual enough to warrant attention.
With this feature, you can have a more comprehensive view of your security landscape.
Correlated Intelligence operates by first gathering detection signals from various
security criteria and then matching the signals against the predefined correlation
rules. The aim of this process is to identify any matches that could indicate a phishing
security risk or anomaly, providing a more thorough and nuanced analysis of potential
security threats.
Trend Micro Email
Security comes with a set of predefined correlation rules and detection signals to detect
Trend Micro specified security risks and anomalies. To view details about the predefined
correlation rules, detection signals, and their targeted threat types of anomalies,
go to the screen.
Procedure
- Click Scanning Criteria.
- Under the Specify security risk settings area, select the Security risks check box to enable phishing detection by Correlated Intelligence.
- Under the Specify anomaly settings area, select the Anomalies check box to enable anomaly detection by Correlated Intelligence.
- Determine to enforce all or partial predefined correlation rules to detect anomalies
of different threat types.Trend Micro classifies its predefined correlation rules for anomaly detection into three aggressive levels: Moderate, Aggressive, and Extra Aggressive. For details about these rules and what scenarios that rules of each aggressive level are suitable for, see Managing correlation rules.
- Select the threat type of anomalies that you want to detect using each aggressive level of rules.
- Click the digit next to each aggressive level to view the associated predefined rules.
- To view, enable, or disable the predefined rules, click Correlation Rules to open the Correlation Rules screen under Administration.