Advanced threats
|
Advanced threats use less conventional means
to attack or infect a system. Heuristic scanning can detect advanced threats
to mitigate the damage to company systems. Some types of advanced
threats that ATSE detects include:
-
Advanced Persistent
Threats (APT):
Advanced persistent threats are attacks against
targeted companies and resources. Typically, a social engineering attack
on an employee triggers a series of activities that open up the
company to serious risks.
-
Targeted attacks:
Targeted attacks refer to computer
intrusions staged by threat actors that aggressively pursue and
compromise specific targets. These attacks seek to maintain a persistent
presence within the target's network so that the attackers can move
laterally and extract sensitive information.
-
Exploits:
Exploits are code purposely created by attackers
to abuse or target a software vulnerability. This code is typically incorporated
into malware.
-
Zero-day attacks:
Zero-day attacks exploit previously
unknown vulnerabilities in software.
|
Denial-of-Service
(DoS) attack
|
A DoS attack happens when a mail server’s
resources are overwhelmed by unnecessary tasks. Preventing ScanMail from scanning
files that decompress into very large files helps prevent this problem
from happening.
|
|
Unsolicited email requesting user verification
of private information, such as credit card or bank account numbers, with
the intent to commit fraud.
|
|
Technology that aids in gathering information
about a person or organization without their knowledge.
|
|
Malware that performs unexpected or unauthorized,
often malicious, actions. Trojans cause damage, unexpected system
behavior, and compromise system security, but unlike viruses/malware,
they do not replicate.
|
|
A program that carries a destructive payload,
and replicates - spreading quickly to infect other systems. By far, viruses/malware
remain the most prevalent threat to computing.
|
Worm
|
A self-contained program or set of programs
that is able to spread functional copies of itself or its segments
to other computer systems, typically through network connections
or email attachments.
|
|
ScanMail detects
some malicious code that is difficult to categorize, but pose a
significant threat to Exchange. This category is useful when you
want ScanMail to perform
an action against a previously unknown threat type.
|
|
Potentially malicious code in real-time
compressed executable files that arrive as email attachments. IntelliTrap scans
for packing algorithms to detected packed files. Enabling IntelliTrap
allows ScanMail to
take user-defined actions on infected attachments, and to send notifications
to senders, recipients, or administrators.
|