1 / 0

IMHS InterScan Messaging Hosted Security

IMHS InterScan Messaging Hosted Security. Web Threats. Every website or email carries a risk Threats landscape driven by cyber criminals Threats are more sophisticated and dangerous Attacks have become multi-dimensional Coordinated attacks becoming more common

reina
Download Presentation

IMHS InterScan Messaging Hosted Security

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. IMHSInterScan Messaging Hosted Security

  2. Web Threats Every website or email carries a risk Threats landscape driven by cyber criminals Threats are more sophisticated and dangerous Attacks have become multi-dimensional Coordinated attacks becoming more common Your sensitive information, personal and business reputation are all at stake Malicious attacks have grown exponentially, now averaging over 500,000 new types each month
  3. Web Threats are Increasing Dramatically 1731% increase since 2005 Total Growth of Newly-created Web Threats since 2005
  4. Trend Micro Smart Protection Network
  5. IMHS Genealogy
  6. IMHS Versions
  7. IMHS Features Email Reputation Services (ERS) for connection-level blocking Dynamic Reputation Services for transient threat protection Image spam detection for embedded spam detection Bulk mail attack prevention to stop DoS attacks Award-winning antivirus, anti-phishing and anti-spyware protection Low infrastructure and maintenance requirements Robust content filtering for both inbound and outbound messages
  8. What’s New in IMHS Inline Action – approve senders and messages from spam digest email Email Encryption – add-on module that encrypts outgoing messages Web Service – automates directory upload Deliver Now Action – stops message processing and immediately delivers message to recipient Enhanced Co-Branding – place your company logo at the top of the IMHS interface Quarantine timeframe – messages quarantined will stay in quarantine for up to 15 days
  9. Benefits of Using a Hosted Solution Hardware and software burden removed Updates and tuning handled by Trend Micro experts Disaster recovery included as part of solution Service Level Agreement (SLA) guarantees minimum standards for: Availability Latency Unblocked Spam False Positives Antivirus Support Response Time
  10. Basic External Architecture
  11. Basic Internal Architecture
  12. IMHS Components
  13. Inbound MTA
  14. Approved Senders
  15. Email Reputation Services (ERS)
  16. Trend Micro Anti-Spam Engine (TMASE)
  17. Virus Scanning API (VSAPI) 17
  18. eManager 18
  19. Policy Database
  20. Quarantine
  21. Encryption Server 21
  22. Outbound MTA
  23. Processing Order Lists: Approved Senders List (bypass remaining list checks) ERS RBL (persistent spam sources) DUL (unauthorized netblocks) RSS (open mail relays) OPS (open proxies) QIL (transient spam sources) Filters TMASE (spam) VSAPI (malware) eManager (content filter)
  24. Licensing Options
  25. Planning and Prerequisites General Information: Email domain name(s) – up to four (4) Email domain IP address(es) Whether your email is hosted by an ISP If your company provides services as an ISP DNS MX Record: Must modify your MX record to point to IMHS If you manage your own DNS records, you can modify the MX record directly If your DNS is managed by someone else, you must pass the IMHS information on to the proper DNS technician Do not modify your DNS record until Trend Micro provides you with redirection information
  26. Web Console Requirements Other web browsers may work with IMHS, but are not officially supported 6.0 or Later 2.0 or Later
  27. IMHS Registration 30-day free trial is most common Sign up at https://trial.securecloud.com/imhs Modify your DNS MX record only AFTER receiving notification from Trend Micro
  28. Migrating from the Trial Version Migrate to IMHS Standard Version or IMHS Advanced Version Advanced Version includes same functionality Standard Version functionality differs No outbound scanning Streamlined, rather than granular management Content filtering handled automatically No high-risk attachment filtering Some filter setting maximum or minimum settings changed
  29. Outbound Scanning Registration Only available with IMHS Advanced Version Primary function is to interface with encryption module Request activation by emailing imhs_support@trendmicro.com Support team will notify you when outbound scanning is available Must re-direct (forward) outbound mail from your MTA to IMHS After outbound scanning is enabled, you can register encryption module
  30. New Installation Troubleshooting DO NOT re-direct MX record until you receive confirmation email from Trend Micro Check network and proxy configuration Check gateway filter, if you use one Request password reset if you forget login information
  31. Connecting to the Console
  32. Dashboard Reports IMHS Standard Version Shows: Traffic Threats Summary Traffic Threats Detail IMHS Advanced Version Also Includes: Total Traffic Accepted Traffic Size Top Spam Recipients Tops Virus Recipients
  33. Administration Options Five Menu Options for IMHS Standard Version: Admin Password – allows you to change console logon password End-User Password – allows you to reset EUQ logon password Directory Management – allows you to import directory entries into IMHS Co-Branding – places your logo at the top of the console screen Web Services – provides tools to automate repetitive tasks Additional Option for IMHS Advanced Version: Licenses – allows you to activate encryption module
  34. End-User Account Creation
  35. License Update https://olr.trendmicro.com/registration/us/en-us/login.aspx
  36. IMHS Protection Layers Two Lists Five Protection Layers within IMHS Three Filters
  37. Approved Senders List Checks sender’s address on every incoming email If address is listed on your Approved Senders List, the message bypasses all other list checks Approved Senders List check is performed before any other list checks
  38. Email Reputation Services (ERS) Provides connection-level reputation checking Measures reputation of a sender’s IP address Comprised of different reputation databases If sender’s IP address is listed, connection is refused and email is returned to sender
  39. Email Reputation Services (ERS) Database is divided into five different DNS block lists (DNSBLs) RealtimeBlackhole List (RBL) – lists persistent spam sources Dynamic User List (DUL) – lists dynamically assigned netblocks Relay Spam Stopper (RSS) – lists open mail relays Open Proxy Stopper (OPS) – lists open Internet proxies Quick IP List (QIL) – lists dynamic spam sources Each DNSBL has its own procedure for removing addresses
  40. Trend Micro Anti-Spyware Engine (TMASE) First filter to check messages passed from IMHS lists Performs heuristic and pattern-based spam checks Five separate spam filters Phish DB – checks for known phishing scams Phish exceptions – lists legitimate messages that look like phish Spam hash – compares message to known spam hash sums Heuristics scan – checks for common spam attributes Spam signatures – compares message against known spam samples
  41. Virus Scanning API (VSAPI) Stops viruses and other malware attached to messages Same back-end technology as other Trend Micro products Uses four separate filters: Virus Pattern Check – checks for known virus and malware patterns IntelliTrap – full heuristics scan for compressed or modified variants IntelliTrap exceptions – checks database for valid files that have the appearance of malware variants Additional threats – checks for other threats, like mass-mailers
  42. eManager Provides intelligent content control Helps to enforce regulatory compliance Filter for keywords that indicate objectionable content Uses two filters Content filter – keyword search in message header or body Attachment filter – checks attachment name, extension, or type
  43. Policy Manager Responsible for processing messages through IMHS filters Comprised of two components: Policy server – receives incoming scan requests Policy agent – monitors policy server for new scan requests and applies IMHS policy against message Policy agent also handles any necessary action handling
  44. Default Rules
  45. Additional Rules No additional rules available Can request changes to spam sensitivity (Spam or Spam or Phish rules) Can request changes to maximum size limit (Exceeding Message Size or Maximum Number of Recipients rule) Full access to IMHS rules wizard Can add, modify, or delete rules IMHS Standard Version IMHS Advanced Version
  46. Approved Sender Management Approved Senders List allows you to identify “safe” senders and domains Approved senders will still have to pass IMHS filter checks Approved senders will automatically skip IMHS list (ERS) checks Monitor Approved Senders List closely—included addresses bypass a critical spam check Email addresses or domains added to your Approved Senders List are immediately excluded from ERS checks
  47. Quarantine Quarantine Message action sends message to web-based End-User Quarantine (EUQ) IMHS only retains quarantined messages for seven (7) days before messages are automatically deleted Search for quarantined messages using the Quarantine Query Every user in your domain has their own EUQ space, so you must perform quarantine searches by user If you release a message from quarantine, the message will be re-processed by IMHS, and may not be delivered if the message triggers another IMHS rule
  48. EUQ Digest Notification Users not notified when messages are sent to quarantine Configure digest notification to alert users they need to check EUQ If you manage more than one email domain, you can customize digest notifications for each domain Tokens (with hover help) available for ease of configuration Configure frequent notification delivery, because messages only held in quarantine for seven (7) days
  49. Inline Approval Action HTML version of digest notification includes inline approval option Users can approve messages or senders directly from digest notification Do not forward digest notification messages—anyone who receives the message can add approved senders
  50. EUQ Digest Notification Message Digest shows up to 100 messages stored in EUQ Click on subject line to view message Approve senders or messages directly from digest if Inline Approval Action is enabled Approve Sender (Not Spam) releases message from EUQ and adds sender to Approved Senders List
  51. IMHS Logs IMHS logs every action taken on scanned messages Mail Tracking helps you locate processed messages Console includes separate Mail Tracking screens for incoming and outgoing messages
  52. Mail Tracking Blocked Traffic Accepted Traffic Unresolved Mail Tracking system optimized for locating lost messages Track messages for each user in your email domain Locates any message processed by IMHS Results include message status and action taken Tracking status groups include:
  53. Mail Tracking Tabs Accepted by IMHS, not necessarily delivered to recipient Accepted messages may have been: Accepted, but deleted with a virus Accepted and quarantined Accepted and re-addressed Accepted and delivered Messages blocked or delayed by ERS DNSBLs Blocked messages are not recoverable Delayed messages may eventually be delivered Messages that do not fit either Blocked or Accepted categories Blocked Traffic Accepted Traffic Unresolved
  54. Reports IMHS includes summary and detail reports Data from previous two hours may not be available, based on bandwidth availability Reports grouped by domain, select different domain from Managed Domain box to view its reports Click tab to view report detail
  55. Q & A
More Related