IMSS Main Features and Benefits

Antivirus protection

IMSS performs virus detection using Trend Micro scan engine and a technology called pattern matching. The scan engine compares code in files traveling through your gateway with binary patterns of known viruses that reside in the pattern file. If the scan engine detects a match, it performs the actions as configured in the policy rules.

Enhanced virus/content scanner keeps your messaging system working at top efficiency.

Cloud-based pre-filtering of messages

Cloud Pre-Filter integrates with IMSS to scan all email traffic before it reaches your network.

Cloud Pre-Filter can stop significant amounts of spam and malicious messages (up to 90% of your total message traffic) from ever reaching your network.

Advanced anti-malware protection

The Advanced Threat Scan Engine (ATSE) uses a combination of pattern-based scanning and aggressive heuristic scanning to detect document exploits and other threats used in targeted attacks.

ATSE identifies both known and unknown advanced threats, protecting your system from new threats that have yet to be added to patterns.

Command & Control (C&C) Contact Alert Services

C&C Contact Alert Services allows IMSS to inspect the sender, recipients and reply-to addresses in a message's header, as well as URLs in the message body, to see if any of them matches known C&C objects.

C&C Contact Alert Services provides IMSS with enhanced detection and alert capabilities to mitigate the damage caused by advanced persistent threats and targeted attacks.

Graymail

Graymail refers to solicited bulk email messages that are not spam. IMSS detects marketing messages and newsletters and social network notifications as graymail.

IMSS manages graymail separately from common spam to allow administrators to identify graymail messages. IP addresses specified in the graymail exception list bypass scanning.

Regulatory compliance

Administrators can meet government regulatory requirements using the new default policy scanning conditions Compliance templates.

Compliance templates provide administrators with regulatory compliance. For a detailed list of available templates, see http://docs.trendmicro.com/en-us/enterprise/data-protection-reference-documents.aspx.

Smart Scan

Smart Scan facilitates a more efficient scanning process by off-loading a large number of threat signatures previously stored on the IMSS server to the cloud.

Smart Scan leverages the Smart Protection Network to:

IntelliTrap

Virus writers often attempt to circumvent virus filtering by using different file compression schemes. IntelliTrap provides heuristic evaluation of these compressed files.

Because there is the possibility that IntelliTrap may identify a non-threat file as a security risk, Trend Micro recommends quarantining message attachments that fall into this category when IntelliTrap is enabled. In addition, if your users regularly exchange compressed files, you may want to disable this feature.

By default, IntelliTrap is turned on as one of the scanning conditions for an antivirus policy, and is configured to quarantine message attachments that may be classified as security risks.

IntelliTrap helps reduce the risk that a virus compressed using different file compression schemes will enter your network through email.

Content management

IMSS analyzes email messages and their attachments, traveling to and from your network, for appropriate content.

Content that you deem inappropriate, such as personal communication, large attachments, and so on, can be blocked or deferred effectively using IMSS.

Real-time Statistics and Monitor

Administrators can monitor the scan performance and Sender Filtering performance of all IMSS devices (within a group) on the management console.

IMSS provides administrators with an overview of the system that keeps administrators informed on the first sign of mail processing issues. Detailed logging helps administrators proactively manage issues before they become a problem.

DoS attacks

By flooding a mail server with large attachments, or sending messages that contain multiple viruses or recursively compressed files, individuals with malicious intent can disrupt mail processing.

IMSS allows you to configure the characteristics of messages that you want to stop at the SMTP gateway, thus reducing the chances of a DoS attack.

Malicious email content

Many types of file attachments, such as executable programs and documents with embedded macros, can harbor viruses. Messages with HTML script files, HTML links, Java applets, or ActiveX controls can also perform harmful actions.

IMSS allows you to configure the types of messages that are allowed to pass through the SMTP gateway.

Degradation of services

Non-business-related email traffic has become a problem in many organizations. Spam messages consume network bandwidth and affect employee productivity. Some employees use company messaging systems to send personal messages, transfer large multimedia files, or conduct personal business during working hours.

Most companies have acceptable usage policies for their messaging system—IMSS provides tools to enforce and ensure compliance with existing policies.

Legal liability and business integrity

Improper use of email can also put a company at risk of legal liability. Employees may engage in sexual or racial harassment, or other illegal activity. Dishonest employees can use a company messaging system to leak confidential information. Inappropriate messages that originate from a company's mail server damage the company's reputation, even if the opinions expressed in the message are not those of the company.

IMSS provides tools for monitoring and blocking content to help reduce the risk that messages containing inappropriate or confidential material will be allowed through your gateway.

Mass mailing virus containment

Email-borne viruses that may automatically spread bogus messages through a company’s messaging system can be expensive to clean up and cause panic among users.

When IMSS detects a mass-mailing virus, the action performed against this virus can be different from the actions against other types of viruses.

For example, if IMSS detects a macro virus in a Microsoft Office document with important information, you can configure the program to quarantine the message instead of deleting the entire message, to ensure that important information will not be lost. However, if IMSS detects a mass-mailing virus, the program can automatically delete the entire message.

By auto-deleting messages that contain mass-mailing viruses, you avoid using server resources to scan, quarantine, or process messages and files that have no redeeming value.

The identities of known mass-mailing viruses are in the Mass Mailing Pattern that is updated using the TrendLabs℠ ActiveUpdate Servers. You can save resources, avoid help desk calls from concerned employees and eliminate post-outbreak cleanup work by choosing to automatically delete these types of viruses and their email containers.

Spyware and other types of grayware

Other than viruses, your clients are at risk from potential threats such as spyware, adware and dialers. For more information, see About Spyware/Grayware.

IMSS’s ability to protect your environment against spyware and other types of grayware enables you to significantly reduce security, confidentiality, and legal risks to your organization.

Spam Prevention Solution (SPS)

Spam Prevention Solution (SPS) is a licensed product from Trend Micro that provides spam detection services to other Trend Micro products. To use SPS, obtain an SPS Activation Code. For more information, contact your sales representative.

SPS works by using a built-in spam filter that automatically becomes active when you register and activate the SPS license.

The detection technology used by Spam Prevention Solution (SPS) is based on sophisticated content processing and statistical analysis. Unlike other approaches to identifying spam, content analysis provides high-performance, real-time detection that is highly adaptable, even as spam senders change their techniques.

Spam Filtering with IP Profiler and Email reputation

IP Profiler is a self-learning, fully configurable feature that proactively blocks IP addresses of computers that send spam and other types of potential threats. Email reputation blocks IP addresses of known spam senders that Trend Micro maintains in a central database.

With the integration of Sender Filtering, which includes IP Profiler and Email Reputation, IMSS can block spammers at the IP level.

Social Engineering Attack Protection

Social Engineering Attack Protection detects suspicious behavior related to social engineering attacks in email messages.

When Social Engineering Attack Protection is enabled, the Trend Micro Antispam Engine scans for suspicious behavior in several parts of each email transmission, including the email header, subject line, body, attachments, and the SMTP protocol information. If the Antispam Engine detects behavior associated with social engineering attacks, the Antispam Engine returns details about the message to IMSS for further action, policy enforcement, or reporting.

LDAP and domain-based policies

You can configure LDAP settings if you are using LDAP directory services such as Lotus Domino™ or Microsoft™ Active Directory™ for user-group definition and administrator privileges.

Using LDAP, you can define multiple rules to enforce your company’s email usage guidelines. You can define rules for individuals or groups, based on the sender and recipient addresses.

Web-based management console

The management console allows you to conveniently configure IMSS policies and settings.

The management console is SSL-compatible. Being SSL-compatible means access to IMSS is more secure.

End-User Quarantine (EUQ)

IMSS provides web-based EUQ to improve spam management. The web-based EUQ service allows end-users to manage the spam quarantine of their personal accounts and of distribution lists that they belong to. IMSS quarantines messages that it determines are spam. The EUQ indexes these messages into a database. The messages are then available for end-users to review, delete, or approve for delivery.

With the web-based EUQ management console, end-users can manage messages that IMSS quarantines.

IMSS also enables users to apply actions to quarantined messages and to add senders to the Approved Senders list through links in the EUQ digest.

Delegated administration

IMSS offers the ability to create different access rights to the management console. You can choose which sections of the console are accessible for different administrator logon accounts.

By delegating administrative roles to different employees, you can promote the sharing of administrative duties.

Centralized reporting

Centralized reporting gives you the flexibility of generating one time (on demand) reports or scheduled reports.

Helps you analyze how IMSS is performing.

One time (on demand) reports allow you to specify the type of report content as and when required. Alternatively, you can configure IMSS to automatically generate reports daily, weekly, and monthly.

IMSS allows you to send both one-time and scheduled reports through email.

System availability monitor

A built-in agent monitors the health of your IMSS server and delivers notifications through email or SNMP trap when a fault condition threatens to disrupt the mail flow.

Email and SNMP notification on detection of system failure allows you to take immediate corrective actions and minimize downtime.

POP3 scanning

You can choose to enable or disable POP3 scanning from the management console.

In addition to SMTP traffic, IMSS can also scan POP3 messages at the gateway as messaging clients in your network retrieve them.

Clustered architecture

The current version of IMSS has been designed to make distributed deployment possible.

You can install the various IMSS components on different computers, and some components can exist in multiples. For example, if your messaging volume demands, you can install additional IMSS scanner components on additional servers, all using the same policy services.

Integration with Trend Micro Control Manager™

Trend Micro Control Manager™ (TMCM) is a software management solution that gives you the ability to control antivirus and content security programs from a central location regardless of the program’s physical location or platform. This application can simplify the administration of a corporate virus and content security policy.

Outbreak Prevention Services delivered through Trend Micro Control Manager™ reduces the risk of outbreaks. When a Trend Micro product detects a new email-borne virus, TrendLabs issues a policy that uses the advanced content filters in IMSS to block messages by identifying suspicious characteristics in these messages. These rules help minimize the window of opportunity for an infection before the updated pattern file is available.

Integration with Virtual Analyzer

IMSS integrates with Virtual Analyzer, which is an isolated virtual environment used to manage and analyze samples in Deep Discovery Analyzer.

IMSS sends suspicious files and URLs to the Virtual Analyzer sandbox environment for simulation. Virtual Analyzer opens files, including password-protected archives and document files, and accesses URLs to test for exploit code, C&C and botnet connections, and other suspicious behaviors or characteristics.

Time-of-Click Protection

IMSS provides time-of-click protection against malicious URLs in email messages.

If you enable Time-of-Click Protection, IMSS rewrites URLs in email messages for further analysis. Trend Micro analyzes those URLs at the time of click and will block them if they are malicious.