Features and benefits

TrendAI™ Email Security provides the following features and benefits:

TrendAI™ Email Security allows you to filter senders of incoming email messages. You can specify the senders to allow or block using specific email addresses or entire domains and specify the type of sender addresses collected to match the approved and blocked sender lists.

For details, see Manage sender filter.

TrendAI™ Email Security makes use ofTrendAI™ Email Reputation Services (ERS) Standard Service and Advanced Service. Email Reputation Services use a standard IP reputation database and an advanced and dynamic IP reputation database (a database updated in real time). These databases have distinct entries, allowing TrendAI™ to maintain a very efficient and effective system that can quickly respond to new sources of spam.

For details, see Understand IP reputation.

As an email validation system to detect and prevent email spoofing, Domain-based Message Authentication, Reporting and Conformance (DMARC) is intended to fight against certain techniques used in phishing and spam, such as email messages with forged sender addresses that appear to originate from legitimate organizations. DMARC fits into the inbound email authentication process of TrendAI™ Email Security, allowing you to define DMARC policies, including the actions to take on messages that fail DMARC authentication.

For details, see Domain-based message authentication, reporting & conformance (DMARC).

TrendAI™ Email Security leverages the TrendAI™ Virus Scan Engine to compare the files with the patterns of known viruses and integrates Predictive Machine Learning to detect new, previously unidentified, or unknown malware through advanced file feature analysis. TrendAI™ Email Security also supports integration with Virtual Analyzer, a cloud-based virtual environment designed for manage and analyze objects submitted byTrendAI™ products.

To combat sophisticated attacks for enhanced inbound protection, TrendAI™ Email Security leverages the Correlated Intelligence feature to correlate suspicious signals from various sources to detect phishing security risks and anomalies.

Furthermore, TrendAI™ Email Security detects phishing, spam, Business Email Compromise (BEC) scams, graymail and social engineering attacks and examines the message contents to determine whether the message contains inappropriate content.

You can configure domain-level and organization-level policies to detect various security risks and anomalies by scanning email messages and then performing a specific action for each security risk detected.

For details, see Configure policies.

Virtual Analyzer is a cloud sandbox designed for analyzing suspicious files and URLs. Sandbox images allow observation of files and URLs in an environment that simulates endpoints on your network without any risk of compromising the network.

TrendAI™ Email Security sends suspicious files or URLs to Virtual Analyzer when a file or URL exhibits suspicious characteristics and signature-based scanning technologies cannot find a known threat. Virtual Analyzer performs static analysis and behavior simulation in various runtime environments to identify potentially malicious characteristics. During analysis, Virtual Analyzer rates the characteristics in context and then assigns a risk level to the sample based on the accumulated ratings.

For details on Virtual Analyzer settings, see Configure virus scan criteria and Configure Web Reputation criteria.

Data Loss Prevention (DLP) safeguards an organization's digital assets against accidental or deliberate leakage. DLP evaluates data against a set of rules defined in policies to determine the data that must be protected from unauthorized transmission and the action that DLP performs when it detects transmission. With DLP, TrendAI™ Email Security allows you to manage your incoming email messages containing sensitive data and protects your organization against data loss by monitoring your outbound email messages.

For details, see Data Loss Prevention.

Based on user-defined passwords, TrendAI™ Email Security can extract password-protected archive files and open password-protected document files in email messages to investigate any malicious or suspicious content in those messages.

For details, see File password analysis.

Suspicious objects are objects with the potential to expose systems to danger or loss. After TrendAI™ Email Security is registered to TrendAI™ Apex Central, Apex Central synchronizes the suspicious object lists consolidated from its managed TrendAI™ products with TrendAI™ Email Security at a scheduled time interval.

For details, see Apex Central.

TrendAI™ Email Security provides protection against email loss if your email server goes down. If your server becomes unavailable due to a crash or network connectivity problem, TrendAI™ Email Security automatically transfers inbound traffic to a backup server until your server is back online. This enables end users to read, forward, download and reply to email messages on the End User Console.

For details, see Email Continuity.

TrendAI™ Email Security provides detailed logs to help you analyze system security and improve protection solutions. You can view and search logs to track messages for inbound and outbound traffic, and to track all messages for a specific sender, recipient, policy rule or detection. TrendAI™ Email Security allows you to forward syslog messages to an external syslog server in a structured format, which allows third-party application integration.

For details, see Logs in TrendAI™ Email Security.

TrendAI™ Email Security provides reports to assist in mitigating threats and optimizing system settings. You can generate reports based on a daily, weekly, monthly or quarterly schedule.

For details, see Reports.

Quarantined messages are blocked as detected spam or other inappropriate content before delivery to an email account. Messages held in quarantine can be reviewed and manually deleted or delivered on the administrator console. Furthermore, end users can view and manage their own quarantined messages on the End User Console.

For details, see Understand quarantine.