A New Solution Parent topic

TippingPoint Advanced Threat Protection for Email prevents spear-phishing attacks and cyber threats by investigating suspicious links, file attachments, and social engineering attack patterns in email messages before they can threaten your network. Designed to integrate into your existing anti-spam/antivirus network topology, TippingPoint Advanced Threat Protection for Email can act as a mail transfer agent in the mail traffic flow (MTA mode) or as an out-of-band appliance monitoring your network for cyber threats (BCC mode or SPAN/TAP mode).
Whichever deployment method is chosen, TippingPoint Advanced Threat Protection for Email investigates email messages for suspicious file attachments, embedded links (URLs), and characteristics. If an email message exhibits malicious behavior, TippingPoint Advanced Threat Protection for Email can block the threat and notify security administrators about the malicious activity.
After TippingPoint Advanced Threat Protection for Email scans an email message for known threats in the Trend Micro Smart Protection Network, it passes suspicious files and URLs to the Virtual Analyzer sandbox environment for simulation. Virtual Analyzer opens files, including password-protected archives and document files, and accesses URLs to test for exploit code, Command & Control (C&C) and botnet connections, and other suspicious behaviors or characteristics.
After investigating email messages, TippingPoint Advanced Threat Protection for Email assesses the risk using multi-layered threat analysis. TippingPoint Advanced Threat Protection for Email calculates the risk level based on the highest risk assigned between the TippingPoint Advanced Threat Protection for Email email scanners and Virtual Analyzer.
TippingPoint Advanced Threat Protection for Email acts upon email messages according to the assigned risk level and policy settings. Configure TippingPoint Advanced Threat Protection for Email to block and quarantine the email message, allow the email message to pass to the recipient, strip suspicious file attachments, redirect suspicious links to blocking or warning pages, or tag the email message with a string to notify the recipient. While TippingPoint Advanced Threat Protection for Email monitors your network for threats, you can access dashboard widgets and reports for further investigation.
Related information

Virtual Analyzer Parent topic

Virtual Analyzer is a secure virtual environment that manages and analyzes objects submitted by integrated products, and administrators and investigators (through SSH). Custom sandbox images enable observation of files, URLs, registry entries, API calls, and other objects in environments that match your system configuration.
Virtual Analyzer performs static and dynamic analysis to identify an object's notable characteristics in the following categories:
  • Anti-security and self-preservation
  • Autostart or other system configuration
  • Deception and social engineering
  • File drop, download, sharing, or replication
  • Hijack, redirection, or data theft
  • Malformed, defective, or with known malware traits
  • Process, service, or memory object change
  • Rootkit, cloaking
  • Suspicious network or messaging activity
During analysis, Virtual Analyzer rates the characteristics in context and then assigns a risk level to the object based on the accumulated ratings. Virtual Analyzer also generates analysis reports, suspicious object lists, PCAP files, and OpenIOC files that can be used in investigations.

Advanced Threat Scan Engine Parent topic

The Advanced Threat Scan Engine (ATSE) uses a combination of pattern-based scanning and heuristic scanning to detect document exploits and other threats used in targeted attacks.
Major features include:
  • Detection of zero-day threats
  • Detection of embedded exploit code
  • Detection rules for known vulnerabilities
  • Enhanced parsers for handling file deformities

Web Reputation Services Parent topic

With one of the largest domain-reputation databases in the world, Trend Micro web reputation technology tracks the credibility of web domains by assigning a reputation score based on factors such as a website's age, historical location changes and indications of suspicious activities discovered through malware behavior analysis, such as phishing scams that are designed to trick users into providing personal information. To increase accuracy and reduce false positives, Trend Micro Web Reputation Services assigns reputation scores to specific pages or links within sites instead of classifying or blocking entire sites, since often, only portions of legitimate sites are hacked and reputations can change dynamically over time.

Social Engineering Attack Protection Parent topic

Social Engineering Attack Protection detects suspicious behavior related to social engineering attacks in email messages. When Social Engineering Attack Protection is enabled, TippingPoint Advanced Threat Protection for Email scans for suspicious behavior in several parts of each email transmission, including the email header, subject line, body, attachments, and the SMTP protocol information.

Trend Micro Control Manager Parent topic

Trend Micro Control Managerâ„¢ is a central management console that manages Trend Micro products and services at the gateway, mail server, file server, and corporate desktop levels. The Control Manager web-based management console provides a single monitoring point for managed products and services throughout the network.
Control Manager allows system administrators to monitor and report on activities such as infections, security violations, or virus entry points. System administrators can download and deploy components throughout the network, helping ensure that protection is consistent and up-to-date. Control Manager allows both manual and pre-scheduled updates, and the configuration and administration of products as groups or as individuals for added flexibility.