Data and system protection
|
Antivirus protection |
IMSS performs virus detection using Trend Micro
scan engine and a technology called pattern matching. The scan
engine compares code in files traveling through your gateway with
binary patterns of known viruses that reside in the pattern file. If
the scan engine detects a match, it performs the actions as
configured in the policy rules.
|
Enhanced virus/content scanner keeps your messaging system
working at top efficiency.
|
Smart Scan
|
Smart Scan facilitates a more efficient scanning process by off-loading a large number
of threat
signatures previously stored on the IMSS server to the
cloud.
|
Smart Scan leverages the Smart Protection
Network to:
-
Enable fast, real-time security status
lookup capabilities in the cloud
-
Reduce the time necessary to deliver protection against emerging
threats
-
Lower memory consumption on the server
|
IntelliTrap
|
Virus writers often attempt to circumvent
virus filtering by using different file compression schemes. IntelliTrap
provides heuristic evaluation of these compressed files.
Because
there is the possibility that IntelliTrap may identify a non-threat file
as a security risk, Trend Micro recommends quarantining
message attachments that fall into this category when IntelliTrap
is enabled. In addition, if your users regularly exchange compressed
files, you may want to disable this feature.
By default, IntelliTrap
is turned on as one of the scanning conditions for an antivirus
policy, and is configured to quarantine message attachments that
may be classified as security risks.
|
IntelliTrap helps reduce the risk that a
virus compressed using different file compression schemes will enter
your network through email.
|
Content management
|
IMSS analyzes
email messages and their attachments, traveling to and from your
network, for appropriate content.
|
Content that you deem inappropriate, such
as personal communication, large attachments, and so on, can be blocked
or deferred effectively using IMSS.
|
Protection against other
email threats
|
DoS attacks
|
By flooding a mail server with large attachments,
or sending messages that contain multiple viruses or recursively
compressed files, individuals with malicious intent can disrupt
mail processing.
|
IMSS allows
you to configure the characteristics of messages that you want to
stop at the SMTP gateway, thus reducing the chances of a DoS attack.
|
Malicious email content
|
Many types of file attachments, such as
executable programs and documents with embedded macros, can harbor
viruses. Messages with HTML script files, HTML links, Java applets,
or ActiveX controls can also perform harmful actions.
|
IMSS allows
you to configure the types of messages that are allowed to pass
through the SMTP gateway.
|
Degradation of services
|
Non-business-related
email traffic has become a problem in many organizations. Spam messages consume
network bandwidth and affect employee productivity. Some employees
use company messaging systems to send personal messages, transfer
large multimedia files, or conduct personal business during working
hours.
|
Most companies have acceptable usage policies
for their messaging system—IMSS provides
tools to enforce and ensure compliance with existing policies.
|
Legal liability and business integrity
|
Improper use of email can also put a company at risk of legal
liability. Employees may engage in sexual or racial harassment,
or other illegal activity. Dishonest employees can use a company
messaging system to leak confidential information. Inappropriate
messages that originate from a company’s mail server damage the
company’s reputation, even if the opinions expressed in the
message are not those of the company.
|
IMSS
provides tools for monitoring and blocking content to help
reduce the risk that messages containing inappropriate or
confidential material will be allowed through your gateway.
|
Mass mailing virus containment
|
Email-borne viruses that may automatically
spread bogus messages through a company’s messaging system can be
expensive to clean up and cause panic among users.
When IMSS detects
a mass-mailing virus, the action performed against this virus can
be different from the actions against other types of viruses.
For
example, if IMSS detects
a macro virus in a Microsoft Office document with important information,
you can configure the program to quarantine the message instead
of deleting the entire message, to ensure that important information
will not be lost. However, if IMSS detects
a mass-mailing virus, the program can automatically delete the entire
message.
|
By auto-deleting messages that contain mass-mailing
viruses, you avoid using server resources to scan, quarantine, or
process messages and files that have no redeeming value.
The identities
of known mass-mailing viruses are in the Mass Mailing Pattern that
is updated using the TrendLabs℠ ActiveUpdate
Servers. You can save resources, avoid help desk calls from concerned
employees and eliminate post-outbreak cleanup work by choosing to automatically
delete these types of viruses and their email containers.
|
Protection from spyware
and other types of grayware
|
Spyware and other types of grayware
|
Other than viruses, your clients are at
risk from potential threats such as spyware, adware and dialers.
|
IMSS’s
ability to protect your environment against spyware and other types
of grayware enables you to significantly reduce security, confidentiality,
and legal risks to your organization.
|
Integrated anti-spam
features
|
Spam Prevention Solution (SPS)
|
Spam Prevention Solution (SPS) is a licensed
product from Trend Micro that
provides spam detection services to other Trend Micro products.
To use SPS, obtain an SPS Activation Code. For more information,
contact your sales representative.
SPS works by using a built-in
spam filter that automatically becomes active when you register
and activate the SPS license.
|
The
detection technology used by Spam Prevention Solution (SPS) is based
on sophisticated content processing and statistical analysis. Unlike
other approaches to identifying spam, content analysis provides
high-performance, real-time detection that is highly adaptable,
even as spam senders change their techniques.
|
Spam Filtering with IP Profiler and Email reputation
|
IP Profiler is a self-learning, fully configurable
feature that proactively blocks IP addresses of computers that send
spam and other types of potential threats. Email reputation blocks
IP addresses of known spam senders that Trend Micro maintains
in a central database.
|
Note
Activate SPS before you configure
IP Profiler and Email reputation.
|
|
With the integration of IP Filtering, which
includes IP Profiler and Email reputation, IMSS can
block spammers at the IP level.
|
Administration and integration
|
LDAP and domain-based policies
|
You can configure LDAP settings if you are
using LDAP directory services such as Lotus Domino™ or Microsoft™ Active Directory™ for user-group
definition and administrator privileges.
|
Using LDAP, you can define multiple rules
to enforce your company’s email usage guidelines. You can define
rules for individuals or groups, based on the sender and recipient addresses.
|
Web-based management console
|
The management console allows you to conveniently
configure IMSS policies
and settings.
|
The management console is SSL-compatible.
Being SSL-compatible means access to IMSS is
more secure.
|
End-User Quarantine (EUQ)
|
IMSS provides Web-based EUQ to improve spam
management. The Web-based EUQ service allows end-users to manage
their own spam quarantine. Spam Prevention Solution (SPS)
quarantines messages that it determines are spam. The EUQ
indexes these messages into a database. The messages are then
available for end-users to review, delete, or approve for
delivery.
|
With the web-based EUQ management console,
end-users can manage messages that IMSS quarantines.
|
Delegated administration
|
IMSS offers
the ability to create different access rights to the management
console. You can choose which sections of the console are accessible
for different administrator logon accounts.
|
By delegating administrative roles to different
employees, you can promote the sharing of administrative duties.
|
Centralized reporting
|
Centralized reporting gives you the flexibility
of generating one time (on demand) reports or scheduled reports.
|
Helps you analyze how IMSS is
performing.
One time (on demand) reports allow you to specify
the type of report content as and when required. Alternatively,
you can configure IMSS to automatically
generate reports daily, weekly, and monthly.
|
System availability monitor
|
A built-in agent monitors the health of
your IMSS server
and delivers notifications through email or SNMP trap when a fault
condition threatens to disrupt the mail flow.
|
Email and SNMP notification on detection
of system failure allows you to take immediate corrective actions
and minimize downtime.
|
POP3 scanning
|
You can choose to enable or disable POP3
scanning from the management console.
|
In addition to SMTP traffic, IMSS can
also scan POP3 messages at the gateway as messaging clients in your
network retrieve them.
|
Clustered architecture
|
The current version of IMSS has been designed to make distributed
deployment possible.
|
You can install the various IMSS
components on different computers, and some components can exist
in multiples. For example, if your messaging volume demands, you
can install additional IMSS scanner components on additional
servers, all using the same policy services.
|
Integration with Trend Micro Control Manager™
|
Trend Micro Control Manager™ (TMCM)
is a software management solution that gives you the ability to control
antivirus and content security programs from a central location
regardless of the program’s physical location or platform. This application
can simplify the administration of a corporate virus and content
security policy.
|
Outbreak Prevention Services delivered through Trend Micro Control Manager™ reduces
the risk of outbreaks. When a Trend Micro product detects
a new email-borne virus, TrendLabs issues a policy that uses the
advanced content filters in IMSS to
block messages by identifying suspicious characteristics in these messages.
These rules help minimize the window of opportunity for an infection before
the updated pattern file is available.
|