Feature
|
Descriptions
|
Benefits
|
||
---|---|---|---|---|
Data and system protection
|
||||
Cloud-based pre-filtering of messages
|
Cloud Pre-Filter integrates with IMSVA to scan all email
traffic before it reaches your network.
|
Cloud Pre-Filter can stop significant amounts of
spam and malicious messages (up to 90% of your total message
traffic) from ever reaching your network.
|
||
Email encryption
|
Trend Micro
Email Encryption integrates with IMSVA to encrypt or decrypt
all email traffic entering and leaving your network.
|
Trend Micro Email Encryption
provides IMSVA the ability
to encrypt all email messages leaving your network. By
encrypting all email messages leaving a network administrators
can prevent sensitive data from being leaked.
|
||
Advanced anti-malware protection
|
The Advanced Threat
Scan Engine (ATSE) uses a
combination of pattern-based scanning and aggressive heuristic
scanning to detect document exploits and other threats used in
targeted attacks.
|
ATSE identifies both
known and unknown advanced threats, protecting your system from
new threats that have yet to be added to patterns.
|
||
Command & Control (C&C) Contact Alert
Services
|
C&C Contact Alert Services allows IMSVA to inspect the
sender, recipients and reply-to addresses in a message's header,
as well as URLs in the message body, to see if any of them
matches known C&C objects.
|
C&C Contact Alert Services provides IMSVA with enhanced
detection and alert capabilities to mitigate the damage caused
by advanced persistent threats and targeted attacks.
|
||
Graymail
|
Graymail refers to solicited bulk email messages that are not
spam. IMSVA detects
marketing messages and newsletters and social network
notifications as graymail.
|
IMSVA manages graymail
separately from common spam to allow administrators to identify
graymail messages. IP addresses specified in the graymail
exception list bypass scanning.
|
||
Regulatory compliance
|
Administrators can meet government
regulatory requirements using the new default policy scanning
conditions Compliance templates.
|
Compliance templates provide administrators
with regulatory compliance. For a detailed list of available
templates, see http://docs.trendmicro.com/en-us/enterprise/data-protection-reference-documents.aspx.
|
||
Smart Scan
|
Smart Scan facilitates a more efficient
scanning process by off-loading a large number of threat
signatures previously stored on the IMSVA server to the
cloud.
|
Smart Scan leverages the Smart Protection
Network to:
|
||
IntelliTrap
|
Virus writers often attempt to circumvent
virus filtering by using different file compression schemes.
IntelliTrap provides heuristic evaluation of these compressed
files.
Because there is the possibility that
IntelliTrap may identify a non-threat file as a security risk,
Trend Micro recommends
quarantining message attachments that fall into this category
when IntelliTrap is enabled. In addition, if your users
regularly exchange compressed files, you may want to disable
this feature.
By default, IntelliTrap is turned on as
one of the scanning conditions for an antivirus policy, and is
configured to quarantine message attachments that may be
classified as security risks.
|
IntelliTrap helps reduce the risk that a
virus compressed using different file compression schemes will
enter your network through email.
|
||
Content management
|
IMSVA
analyzes email messages and their attachments, traveling to and
from your network, for appropriate content.
|
Content that you deem inappropriate, such as
personal communication, large attachments, and so on, can be
blocked or deferred effectively using IMSVA.
|
||
Real-time Statistics and Monitor
|
Administrators can monitor the scan
performance and Sender Filtering performance of all IMSVA devices (within a
group) on the management console.
|
IMSVA
provides administrators with an overview of the system that
keeps administrators informed on the first sign of mail
processing issues. Detailed logging helps administrators
proactively manage issues before they become a problem.
|
||
Protection against other email
threats
|
||||
DoS attacks
|
By flooding a mail server with large attachments,
or sending messages that contain multiple viruses or recursively
compressed files, individuals with malicious intent can disrupt
mail processing.
|
IMSVA allows
you to configure the characteristics of messages that you want
to stop at the SMTP gateway, thus reducing the chances of a DoS
attack.
|
||
Malicious email content
|
Many types of file attachments, such as
executable programs and documents with embedded macros, can
harbor viruses. Messages with HTML script files, HTML links,
Java applets, or ActiveX controls can also perform harmful
actions.
|
IMSVA
allows you to configure the types of messages that are allowed
to pass through the SMTP gateway.
|
||
Degradation of services
|
Non-business-related
email traffic has become a problem in many organizations. Spam
messages consume network bandwidth and affect employee
productivity. Some employees use company messaging systems to
send personal messages, transfer large multimedia files, or
conduct personal business during working hours.
|
Most companies have acceptable usage
policies for their messaging system—IMSVA provides tools to
enforce and ensure compliance with existing policies.
|
||
Legal liability and business integrity
|
Improper use of email can also put a company at
risk of legal liability. Employees may engage in sexual or
racial harassment, or other illegal activity. Dishonest
employees can use a company messaging system to leak
confidential information. Inappropriate messages that originate
from a company's mail server damage the company's reputation,
even if the opinions expressed in the message are not those of
the company.
|
IMSVA
provides tools for monitoring and blocking content to help
reduce the risk that messages containing inappropriate or
confidential material will be allowed through your gateway.
|
||
Mass mailing virus containment
|
Email-borne viruses that may
automatically spread bogus messages through a company’s
messaging system can be expensive to clean up and cause panic
among users.
When IMSVA detects a
mass-mailing virus, the action performed against this virus can
be different from the actions against other types of
viruses.
For example, if IMSVA detects a macro virus
in a Microsoft Office document with important information, you
can configure the program to quarantine the message instead of
deleting the entire message, to ensure that important
information will not be lost. However, if IMSVA detects a
mass-mailing virus, the program can automatically delete the
entire message.
|
By auto-deleting messages that contain
mass-mailing viruses, you avoid using server resources to scan,
quarantine, or process messages and files that have no redeeming
value.
The
identities of known mass-mailing viruses are in the Mass Mailing
Pattern that is updated using the TrendLabs℠ ActiveUpdate Servers. You can save
resources, avoid help desk calls from concerned employees and
eliminate post-outbreak cleanup work by choosing to
automatically delete these types of viruses and their email
containers.
|
||
Protection from spyware and other
types of grayware
|
||||
Spyware and other types of grayware
|
Other than viruses, your clients are at risk
from potential threats such as spyware, adware and dialers.
For
more information, see About Spyware/Grayware.
|
IMSVA’s
ability to protect your environment against spyware and other
types of grayware enables you to significantly reduce security,
confidentiality, and legal risks to your organization.
|
||
Integrated antispam features
|
||||
Spam Prevention Solution (SPS)
|
Spam Prevention Solution (SPS) is a licensed
product from Trend Micro that
provides spam detection services to other Trend Micro products. To use SPS,
obtain an SPS Activation Code. For more information, contact
your sales representative.
SPS works by using a built-in spam filter that
automatically becomes active when you register and activate the
SPS license.
|
The
detection technology used by Spam Prevention Solution (SPS) is
based on sophisticated content processing and statistical
analysis. Unlike other approaches to identifying spam, content
analysis provides high-performance, real-time detection that is
highly adaptable, even as spam senders change their
techniques.
|
||
Spam Filtering with IP Profiler, Email
Reputation and SMTP Traffic Throttling
|
IP Profiler is a self-learning, fully
configurable feature that proactively blocks IP addresses of
computers that send spam and other types of potential threats.
Email reputation blocks IP addresses of known spam senders that
Trend Micro maintains in a
central database. SMTP Traffic Throttling blocks messages from a
single IP address or sender for a certain time when the number
of connections or messages reaches the specified maximum.
|
With the integration of Sender Filtering,
which includes IP Profiler, Email Reputation and SMTP Traffic
Throttling, IMSVA can block
spammers at the IP level.
|
||
Social Engineering Attack Protection
|
Social Engineering Attack Protection detects
suspicious behavior related to social engineering attacks in
email messages.
|
When Social Engineering Attack Protection is
enabled, the Trend Micro Antispam
Engine scans for suspicious behavior in several parts of each
email transmission, including the email header, subject line,
body, attachments, and the SMTP protocol information. If the
Antispam Engine detects behavior associated with social
engineering attacks, the Antispam Engine returns details about
the message to IMSVA for
further action, policy enforcement, or reporting.
|
||
Administration and
integration
|
||||
LDAP and domain-based policies
|
You can configure LDAP settings if you are using
LDAP directory services such as Lotus
Domino™ or Microsoft™
Active Directory™ for user-group definition
and administrator privileges.
|
Using LDAP, you can define multiple rules to
enforce your company’s email usage guidelines. You can define
rules for individuals or groups, based on the sender and
recipient addresses.
|
||
Web-based management console
|
The management console allows you to
conveniently configure IMSVA policies and settings.
|
The management console is SSL-compatible. Being
SSL-compatible means access to IMSVA is more secure.
|
||
End-User Quarantine (EUQ)
|
IMSVA
provides web-based EUQ to improve spam management. The
web-based EUQ service allows end-users to manage the spam
quarantine of their personal accounts and of distribution
lists that they belong to. IMSVA quarantines
messages that it determines are spam. The EUQ indexes
these messages into a database. The messages are then available
for end-users to review, delete, or approve for delivery.
|
With the web-based EUQ management console,
end-users can manage messages that IMSVA quarantines.
IMSVA also
enables users to apply actions to quarantined messages and to
add senders to the Approved Senders list through links in the
EUQ digest.
|
||
Delegated administration
|
IMSVA offers the ability to create different access rights to the
management console. You can choose which sections of the console
are accessible for different administrator logon accounts.
|
By delegating administrative roles to
different employees, you can promote the sharing of
administrative duties.
|
||
Centralized reporting
|
Centralized reporting gives you the
flexibility of generating one time (on demand) reports or
scheduled reports.
|
Helps you analyze how IMSVA is performing.
One time (on demand) reports allow you to
specify the type of report content as and when required.
Alternatively, you can configure IMSVA to automatically
generate reports daily, weekly, and monthly.
IMSVA allows you to send
both one-time and scheduled reports through email.
|
||
System availability monitor
|
A built-in agent monitors the health of
your IMSVA server and
delivers notifications through email or SNMP trap when a fault
condition threatens to disrupt the mail flow.
|
Email and SNMP notification on detection of
system failure allows you to take immediate corrective actions
and minimize downtime.
|
||
POP3 scanning
|
You can choose to enable or disable POP3 scanning
from the management console.
|
In addition to SMTP traffic, IMSVA can also scan POP3
messages at the gateway as messaging clients in your network
retrieve them.
|
||
Clustered architecture
|
The current version of IMSVA has been designed to
make distributed deployment possible.
|
You can install the various IMSVA components on
different computers, and some components can exist in multiples.
For example, if your messaging volume demands, you can install
additional IMSVA scanner
components on additional servers, all using the same policy
services.
|
||
Integration with Virtual
Analyzer
|
IMSVA
integrates with Virtual Analyzer, which is an isolated virtual
environment used to manage and analyze samples in Deep Discovery
Advisor and Deep Discovery Analyzer.
|
IMSVA sends suspicious files
and URLs to the Virtual Analyzer sandbox environment for
simulation. Virtual Analyzer opens files, including
password-protected archives and document files, and accesses
URLs to test for exploit code, C&C and botnet connections,
and other suspicious behaviors or characteristics.
|
||
Integration with Trend Micro
Control Manager™
|
Trend Micro
Control Manager™ (TMCM) is a software
management solution that gives you the ability to control
antivirus and content security programs from a central location
regardless of the program’s physical location or platform. This
application can simplify the administration of a corporate virus
and content security policy.
|
Outbreak Prevention Services delivered through Trend Micro
Control Manager™ reduces the risk of
outbreaks. When a Trend Micro
product detects a new email-borne virus, TrendLabs issues a
policy that uses the advanced content filters in IMSVA to block messages by
identifying suspicious characteristics in these messages. These
rules help minimize the window of opportunity for an infection
before the updated pattern file is available.
|
||
Integration with syslog servers
|
IMSVA integrates with
syslog servers that use the syslog protocol to receive log
messages. Syslog protocol is a network logging standard
supported by a wide range of network devices and contains
information on network events and errors.
|
Syslog server integration implements centralized log collection
and management for multiple IMSVA servers and
consolidates log data from all over the network into a single
central repository. Collecting and analyzing syslog messages is
essential for maintaining network stability and auditing network
security.
|
||
Time-of-Click Protection
|
IMSVA provides time-of-click
protection against malicious URLs in email messages.
|
If you enable Time-of-Click Protection, IMSVA rewrites URLs in
email messages for further analysis. Trend Micro analyzes those URLs at
the time of click and will block them if they are malicious.
|