Overview
Targeted attacks and advanced threats have proven their ability to evade conventional security defenses and exfiltrate sensitive data, or encrypt critical data until ransom demands are met. Trend Micro Research shows that more than 90% of these attacks begin with a spear phishing email containing a malicious URL or attachment that is undetectable by standard email or endpoint security.
By working in tandem with your existing secure email gateway or by replacing it completely, Trend Micro Deep Discovery Email Inspector uses advanced detection techniques to identify and block purpose-built spear phishing emails often used to deliver advanced malware and ransomware to unsuspecting employees. Deep Discovery Email Inspector can be deployed in MTA (blocking), BCC mode (monitor only), or SPAN/TAP mode.
Key Benefits
Better Protection
- Stops spear phishing emails, which are responsible for most targeted attacks
- Detects ransomware before systems are compromised
- Finds threats invisible to standard email security by using custom sandboxing
Tangible ROI
- Stops targeted spear phishing and ransomware, avoiding costly damage clean-up
- Works seamlessly with existing email security solutions
- Shares indicators of compromise (IoCs) with network and endpoint security layers
Features
Ransomware detection and blocking
In seconds, advanced ransomware encrypts a system, and since email is the tactic of choice to deliver ransomware, it must be blocked before it’s delivered. Trend Micro™ Deep Discovery™ Email Inspector detects and blocks ransomware spear phishing emails through advanced analysis techniques for known and unknown attacks. Custom sandboxing detects mass file modifications, encryption behavior, and modification to backup processes.
Extensive detection techniques
Deep Discovery Email Inspector deploys a blend of cross-generational techniques to ensure the highest detection rate with the lowest false positives:
- Web filtering and URL time-of-click analysis
- Predictive machine learning quickly identifies unknown malware
- Custom sandbox analysis features extensive anti-evasion technologies, behavioral analysis, and machine learning- based command-and-control (C&C) detection
- Optional Gateway Module adds spam and content filtering, Trend Micro Data Loss Prevention, and more
- Support Mitre ATT&CK framework to help you detect and respond threats more effectively
Custom sandboxing
Custom sandboxes use virtual images to match operating system configurations, drivers, installed applications, and language versions. Difficult for hackers to evade, they include a “safe live mode” to analyze multi-stage downloads, URLs, C&C, and more. They identify ransomware activity, like mass encryption, backup modification, and encryption behavior. Deep Discovery Email Inspector uses runtime machine learning inside the sandbox to enhance detection capabilities.
Optimized and connected
- Centralized visibility and control is delivered through Trend Micro Control Manager with prioritized alerting by severity or host
- Threat sharing with Trend Micro and other in-place security investments
- Integration with SIEMs, like HP Arcsight, IBM QRadar, and Splunk
Virtual appliance deployment
For additional flexibility, Deep Discovery Email Inspector can be deployed as a virtual server on your own virtual environment when connected to Trend Micro Deep Discovery Analyzer hardware appliances. In this deployment scenario, the virtual appliance will provide all functions except for sandbox analysis, which is done on Analyzer appliances.
Requirements
- Supports VMware ESXi 6.0 or 6.5 and Microsoft Hyper-V on Windows Server 2016 or 2019
- Deep Discovery Analyzer hardware appliance(s) are required for sandbox analysis
Detect and block targeted ransomware
Over 90% of targeted ransomware attacks start with a spear phishing attack. As a hardware or virtual appliance, Deep Discovery Email Inspector is deployed in-line of message delivery and blocks these messages. It analyzes known and unknown patterns and reputation analysis to detect the latest ransomware variants and targeted attacks.
Prevent data breaches
Deep Discovery Email Inspector is designed to quickly detect advanced malware that usually bypasses traditional security defenses and exfiltrates sensitive data and intellectual property. Machine learning, specialized detection engines, password extraction, and custom sandbox analysis detect and prevent breaches.
Gain visibility
Take advantage of 360-degree visibility into targeted attacks on your email. Centralized visibility and control allow you to share threat information with your existing security investments.
Optional spam gateway filtering
The optional gateway module enables Deep Discovery Email Inspector to filter inbound messages based on senders, spam and phishing filters, and content, while providing outbound Trend Micro™ Data Loss Prevention™ and email encryption to fulfill compliance requirements. Also includes end user quarantine for spam messages, and content disarm and reconstruction (CDR) to remove executable objects from Microsoft files for file sanitation.
Reduce costs
Dramatically reduce the time required to remediate and prevent targeted ransomware attacks. A single appliance that blocks suspicious email and shares threat information, it also provides sandboxing to optimize incident response.
