Advanced Detection Parent topic

Deep Discovery Email Inspector advanced detection technology discovers targeted threats in email messages, including spear-phishing and social engineering attacks.
  • Reputation and heuristic technologies catch unknown threats and document exploits
  • File hash analysis blocks unsafe files and applications
  • Detects threats hidden in password-protected files and shortened URLs
  • Predictive machine learning technology detects emerging unknown security risks
  • Blocks malicious URLs in email messages at the time of mouse clicks

Visibility, Analysis, and Action Parent topic

Deep Discovery Email Inspector provides real-time threat visibility and analysis in an intuitive, multi-level format. This allows security professionals to focus on the real risks, perform forensic analysis, and rapidly implement containment and remediation procedures.

Flexible Deployment Parent topic

Deep Discovery Email Inspector integrates into your existing anti-spam/antivirus network topology by acting as a Mail Transfer Agent in the mail traffic flow or as an out-of-band appliance monitoring your network for cyber threats.

Policy Management Parent topic

Policy management allows administrators to enforce preventative actions on messages based on scanning conditions. You can create policies to perform the following tasks:
  • Delete suspicious email messages
  • Block and quarantine suspicious email messages
  • Allow certain email messages to pass through to the recipient
  • Strip suspicious attachments
  • Redirect suspicious links to blocking or warning pages
  • Tag the email subject with a customized string
  • Notify recipients when a policy rule is matched
  • Send copies of detected email messages to archive servers

Custom Threat Simulation Sandbox Parent topic

The Virtual Analyzer sandbox environment opens files, including password-protected archives and document files, and URLs to test for malicious behavior. Virtual Analyzer is able to find exploit code, Command & Control (C&C) and botnet connections, and other suspicious behaviors or characteristics.

Email Attachment Analysis Parent topic

Deep Discovery Email Inspector utilizes multiple detection engines and sandbox simulation to investigate file attachments. Supported file types include a wide range of executable, Microsoft Office, PDF, web content, and compressed files.

Embedded URL Analysis Parent topic

Deep Discovery Email Inspector utilizes reputation technology, direct page analysis, and sandbox simulation to investigate URLs embedded in an email message.

Spam Scanning Parent topic

Spam messages are generally unsolicited messages containing mainly advertising content. Deep Discovery Email Inspector uses the following components to filter email messages for spam:
  • Trend Micro Antispam Engine
  • Trend Micro spam pattern files
Trend Micro Antispam Engine uses spam signatures and heuristic rules to filter email messages. The Antispam Engine scans email messages and assigns a spam score to each one based on how closely it matches the rules and patterns from the pattern file. Deep Discovery Email Inspector compares the spam score to the selected spam detection level or user-defined detection threshold. When the spam score exceeds the detection level or threshold, Deep Discovery Email Inspector takes action against the spam message.
For example, spammers often use many exclamation marks or more than one consecutive exclamation mark (!!!!) in their email messages. When Deep Discovery Email Inspector detects a message that uses exclamation marks this way, it increases the spam score for that email message.
The Antispam Engine also includes the Email Malware Threat Scan Engine that performs advanced threat scans on email attachments (including script files and Microsoft Office macroware) to detect malware.

Graymail Scanning Parent topic

Graymail refers to solicited bulk email messages that are not spam. Deep Discovery Email Inspector detects marketing messages and newsletters, social network notifications, and forum notifications as graymail. Deep Discovery Email Inspector identifies graymail messages in two ways:
  • Email Reputation Services scoring the source IP address
  • Trend Micro Anti-Spam Engine identifying message content

Sender Filtering Parent topic

You can configure the following sender filtering settings in Deep Discovery Email Inspector to effectively block senders of spam messages at the IP address or sender email address level:
  • Approved and blocked senders lists
  • Email Reputation Services (ERS)
  • Directory harvest attack (DHA) protection
  • Bounce attack protection
  • SMTP traffic throttling

Sender Authentication Parent topic

Deep Discovery Email Inspector supports the following sender authentication standards to effectively detect and fight against techniques used in email phishing and spoofing:
  • Sender Policy Framework (SPF)
  • DomainKeys Identified Mail (DKIM)
  • Domain-based Message Authentication, Reporting & Conformance (DMARC)
In addition, you can configure Deep Discovery Email Inspector to sign outgoing messages using DKIM signatures to prevent spoofing.

Content Filtering Parent topic

Deep Discovery Email Inspector can effectively block content that you specify as inappropriate from reaching recipients by analyzing message content and attachments.

End-User Quarantine Parent topic

Deep Discovery Email Inspector includes the End-User Quarantine (EUQ) feature to improve spam management. Messages that are determined to be spam are quarantined and are available for users to review, delete, or approve for delivery. You can configure Deep Discovery Email Inspector to automatically send EUQ digest notifications with inline action links. With the web-based EUQ console, users can manage the spam quarantine of their personal accounts and of distribution lists that they belong to and add senders to the Approved Senders list.

Social Engineering Attack Protection Parent topic

Social Engineering Attack Protection detects suspicious behavior related to social engineering attacks in email messages. When Social Engineering Attack Protection is enabled, Deep Discovery Email Inspector scans for suspicious behavior in several parts of each email transmission, including the email header, subject line, body, attachments, and the SMTP protocol information.

Password Derivation Parent topic

Deep Discovery Email Inspector decrypts password-protected archives and document files using a variety of heuristics and customer-supplied keywords.