Features and benefits

Trend Micro Email Security provides the following features and benefits:

Trend Micro Email Security allows you to filter senders of incoming email messages. You can specify the senders to allow or block using specific email addresses or entire domains and specify the type of sender addresses collected to match the approved and blocked sender lists.

For details, see Managing sender filter.

Trend Micro Email Security makes use of Trend Micro Email Reputation Services (ERS) Standard Service and Advanced Service. Email Reputation Services use a standard IP reputation database and an advanced and dynamic IP reputation database (a database updated in real time). These databases have distinct entries, allowing Trend Micro to maintain a very efficient and effective system that can quickly respond to new sources of spam.

For details, see Understanding IP reputation.

As an email validation system to detect and prevent email spoofing, Domain-based Message Authentication, Reporting and Conformance (DMARC) is intended to fight against certain techniques used in phishing and spam, such as email messages with forged sender addresses that appear to originate from legitimate organizations. DMARC fits into the inbound email authentication process of Trend Micro Email Security, allowing you to define DMARC policies, including the actions to take on messages that fail DMARC authentication.

For details, see Domain-based message authentication, reporting & conformance (DMARC).

Trend Micro Email Security leverages the Trend Micro Virus Scan Engine to compare the files with the patterns of known viruses and integrates Predictive Machine Learning to detect new, previously unidentified, or unknown malware through advanced file feature analysis. Trend Micro Email Security also supports integration with Virtual Analyzer, a cloud-based virtual environment designed for manage and analyze objects submitted by Trend Micro products.

To combat sophisticated attacks for enhanced inbound protection, Trend Micro Email Security leverages the Correlated Intelligence feature to correlate suspicious signals from various sources to detect phishing security risks and anomalies.

Furthermore, Trend Micro Email Security detects phishing, spam, Business Email Compromise (BEC) scams, graymail and social engineering attacks and examines the message contents to determine whether the message contains inappropriate content.

You can configure domain-level and organization-level policies to detect various security risks and anomalies by scanning email messages and then performing a specific action for each security risk detected.

For details, see Configuring policies.

Virtual Analyzer is a cloud sandbox designed for analyzing suspicious files and URLs. Sandbox images allow observation of files and URLs in an environment that simulates endpoints on your network without any risk of compromising the network.

Trend Micro Email Security sends suspicious files or URLs to Virtual Analyzer when a file or URL exhibits suspicious characteristics and signature-based scanning technologies cannot find a known threat. Virtual Analyzer performs static analysis and behavior simulation in various runtime environments to identify potentially malicious characteristics. During analysis, Virtual Analyzer rates the characteristics in context and then assigns a risk level to the sample based on the accumulated ratings.

For details on Virtual Analyzer settings, see Configuring virus scan criteria and Configuring Web Reputation criteria.

Data Loss Prevention (DLP) safeguards an organization's digital assets against accidental or deliberate leakage. DLP evaluates data against a set of rules defined in policies to determine the data that must be protected from unauthorized transmission and the action that DLP performs when it detects transmission. With DLP, Trend Micro Email Security allows you to manage your incoming email messages containing sensitive data and protects your organization against data loss by monitoring your outbound email messages.

For details, see Data Loss Prevention.

Based on user-defined passwords, Trend Micro Email Security can extract password-protected archive files and open password-protected document files in email messages to investigate any malicious or suspicious content in those messages.

For details, see File password analysis.

Suspicious objects are objects with the potential to expose systems to danger or loss. After Trend Micro Email Security is registered to Trend Micro Apex Central, Apex Central synchronizes the suspicious object lists consolidated from its managed Trend Micro products with Trend Micro Email Security at a scheduled time interval.

For details, see Apex Central.

Trend Micro Email Security provides protection against email loss if your email server goes down. If your server becomes unavailable due to a crash or network connectivity problem, Trend Micro Email Security automatically transfers inbound traffic to a backup server until your server is back online. This enables end users to read, forward, download and reply to email messages on the End User Console.

For details, see Email Continuity.

Trend Micro Email Security provides detailed logs to help you analyze system security and improve protection solutions. You can view and search logs to track messages for inbound and outbound traffic, and to track all messages for a specific sender, recipient, rule or detection. Trend Micro Email Security allows you to forward syslog messages to an external syslog server in a structured format, which allows third-party application integration.

For details, see Logs in Trend Micro Email Security.

Trend Micro Email Security provides reports to assist in mitigating threats and optimizing system settings. You can generate reports based on a daily, weekly, monthly or quarterly schedule.

For details, see Reports.

Quarantined messages are blocked as detected spam or other inappropriate content before delivery to an email account. Messages held in quarantine can be reviewed and manually deleted or delivered on the administrator console. Furthermore, end users can view and manage their own quarantined messages on the End User Console.

For details, see Understanding quarantine.