The following sections describe the Deep Discovery Email Inspector features and benefits.
Deep Discovery Email Inspector advanced detection technology discovers targeted threats in email messages, including spear-phishing and social engineering attacks.
Reputation and heuristic technologies catch unknown threats and document exploits
File hash analysis blocks unsafe files and applications
Detects threats hidden in password-protected files and shortened URLs
Predictive machine learning technology detects emerging unknown security risks
Blocks malicious URLs in email messages at the time of mouse clicks
Deep Discovery Email Inspector integrates into your existing anti-spam/antivirus network topology by acting as a Mail Transfer Agent in the mail traffic flow or as an out-of-band appliance monitoring your network for cyber threats.
Policy management allows administrators to enforce preventative actions on messages based on scanning conditions. You can create policies to perform the following tasks:
Delete suspicious email messages
Block and quarantine suspicious email messages
Allow certain email messages to pass through to the recipient
Strip suspicious attachments
Redirect suspicious links to blocking or warning pages
Tag the email subject with a customized string
Notify recipients when a policy rule is matched
Send copies of detected email messages to archive servers
The Virtual Analyzer sandbox environment opens files, including password-protected archives and document files, and URLs to test for malicious behavior. Virtual Analyzer is able to find exploit code, Command & Control (C&C) and botnet connections, and other suspicious behaviors or characteristics.
Deep Discovery Email Inspector utilizes multiple detection engines and sandbox simulation to investigate file attachments. Supported file types include a wide range of executable, Microsoft Office, PDF, web content, and compressed files.
Deep Discovery Email Inspector utilizes reputation technology, direct page analysis, and sandbox simulation to investigate URLs embedded in an email message.
Email Encryption allows Deep Discovery Email Inspector to perform the following tasks based on policy settings:
Decrypt messages encrypted using Trend Micro Identity-Based Encryption (IBE) for scanning
Encrypt messages for secure delivery in MTA mode
Deep Discovery Email Inspector can decrypt and encrypt messages regardless of the email client or platform from which the messages originated.
When Deep Discovery Email Inspector operates in TAP/BCC mode and receives an encrypted message, Deep Discovery Email Inspector only decrypts and scans the message. Deep Discovery Email Inspector does not encrypt messages in TAP/BCC mode.
Spam messages are generally unsolicited messages containing mainly advertising content. Deep Discovery Email Inspector uses the following components to filter email messages for spam:
Trend Micro Antispam Engine
Trend Micro spam pattern files
Trend Micro Antispam Engine uses spam signatures and heuristic rules to filter email messages. The Antispam Engine scans email messages and assigns a spam score to each one based on how closely it matches the rules and patterns from the pattern file. Deep Discovery Email Inspector compares the spam score to the selected spam detection level or user-defined detection threshold. When the spam score exceeds the detection level or threshold, Deep Discovery Email Inspector takes action against the spam message.
For example, spammers often use many exclamation marks or more than one consecutive exclamation mark (!!!!) in their email messages. When Deep Discovery Email Inspector detects a message that uses exclamation marks this way, it increases the spam score for that email message.
The Antispam Engine also includes the Email Malware Threat Scan Engine that performs advanced threat scans on email attachments (including script files and Microsoft Office macroware) to detect malware.
Graymail refers to solicited bulk email messages that are not spam. Deep Discovery Email Inspector detects marketing messages and newsletters, social network notifications, and forum notifications as graymail. Deep Discovery Email Inspector identifies graymail messages in two ways:
Email Reputation Services scoring the source IP address
Trend Micro Anti-Spam Engine identifying message content
You can configure the following sender filtering settings in Deep Discovery Email Inspector to effectively block senders of spam messages at the IP address or sender email address level:
Approved and blocked senders lists
Email Reputation Services (ERS)
Directory harvest attack (DHA) protection
Bounce attack protection
SMTP traffic throttling
Deep Discovery Email Inspector supports the following sender authentication standards to effectively detect and fight against techniques used in email phishing and spoofing:
Sender Policy Framework (SPF)
DomainKeys Identified Mail (DKIM)
Domain-based Message Authentication, Reporting & Conformance (DMARC)
In addition, you can configure Deep Discovery Email Inspector to sign outgoing messages using DKIM signatures to prevent spoofing.
You can create content filtering rules in Deep Discovery Email Inspector to:
Block content that you specify as inappropriate from reaching recipients by analyzing message content and attachments
Detect and remove active content (such as macros) in Microsoft Office and PDF file attachments
Data Loss Prevention safeguards an organization's digital assets against accidental or deliberate leakage. Data Loss Prevention allows administrators to:
Identify the digital assets to protect
Create policies that limit or prevent the transmission of digital assets through email messages
Enforce compliance to established privacy standards
Deep Discovery Email Inspector includes the End-User Quarantine (EUQ) feature to improve spam management. Messages that are determined to be spam are quarantined and are available for users to review, delete, release, or approve for delivery. You can configure Deep Discovery Email Inspector to automatically send EUQ digest notifications with inline action links. With the web-based EUQ console, users can manage the spam quarantine of their personal accounts and of distribution lists that they belong to and add senders to the Approved Senders list.
Social Engineering Attack Protection detects suspicious behavior related to social engineering attacks in email messages. When Social Engineering Attack Protection is enabled, Deep Discovery Email Inspector scans for suspicious behavior in several parts of each email transmission, including the email header, subject line, body, attachments, and the SMTP protocol information.
Deep Discovery Email Inspector decrypts password-protected archives and document files using a variety of heuristics and customer-supplied keywords.