WIXLIB

DATA SHEETTrellix EmailSecurity – CloudAdaptive protection thatidentifies, analyzes, andblocks email attacksOverviewHighlights Offers comprehensive inboundand outbound email security Consolidates your email securitystack with a comprehensivesingle vendor solution Supports custom YARArules to enhance threatdetection efficacy Enables Microsoft 365 AutoRemediate to remove emails thatbecome malicious after delivery Integrates with any third-partyemail provider Provides in-depth knowledgeabout attacks and attackersfrom frontline investigations andobservations of adversaries Meets the FedRAMPsecurity requirements Natively integrates with Microsoft365 and Google Workspace toprovide seamless scanning ofemails and instant protectionagainst missed threatsTo thrive, your organization needs a free flow of information. Email isa prime channel for most companies to connect with customers,suppliers, partners, and coworkers. Today there’s a proactive way tokeep email communications secure, so your company can focus ongrowing the business.Most advanced threats arrive by email in the form of URLs linkedto credential-phishing sites, fraudulent wire transfer requests, andweaponized file attachments. Email’s highly targeted and customizablenature allows cybercriminals to successfully exploit it, making it theprimary channel for cybercrime.Trellix Email Security – Cloud reduces costs and increases employeeproductivity while minimizing the risk of costly breaches caused byadvanced email attacks. This adaptive security tool continually learnsabout the threat landscape, absorbing an array of intelligence inputs tofeed artificial intelligence/machine learning analytics that detect andcounteract email threats before they can take hold.Deployed in the cloud, Email Security – Cloud is a fully-featured secureemail gateway that leads the industry in identifying, isolating, andimmediately stopping URL, impersonation, and attachment-basedattacks before they enter your environment. With features like autoremediation in Microsoft 365, emails that become retroactively maliciousafter delivery to a user’s inbox can be extracted. Email Security – Cloudalso scans outgoing email traffic for advanced threats, spam, and viruses.Trellix Email Security – Cloud1

DATA SHEETUsing a combination of intelligence-led context and detectionplug-ins, Trellix unearths malicious URLs on a big data, scalable platform.Sender names and email addresses are checked for authenticity andcontent is examined for impersonation tactics to stop CEO fraud andother malwareless attacks. The signatureless Trellix Multi-Vector VirtualExecution (MVX) engine analyzes email attachments and URLs against acomprehensive cross-matrix of operating systems, applications, and webbrowsers. Threats are identified with minimal noise, and false positivesare nearly nonexistent.Trellix collects extensive threat intelligence on adversariesthrough firsthand breach investigations and millions of sensors.Email Security – Cloud draws on this real evidence and contextualintelligence about attacks and bad actors to prioritize alerts andblock threats in real time.By integrating with additional Trellix extended detection and response(XDR) products, you can get broad visibility into multivector blendedattacks and coordinate real-time protection.Trellix Email Security – Cloud featuresWith personal information readily available online, a cybercriminal can usesocial engineering to trick almost any user into taking an action, clickinga URL, or opening an attachment.Figure 1. Trellix Email Security – Cloudas a secure email gatewayEmail Security – Cloud provides real-time detection and protectionagainst credential harvesting, impersonation, and spear-phishing attacksthat typically evade traditional email security services. Emails areanalyzed and quarantined (blocked) if unknown and advanced threatsare found hidden in: All attachment types, includingEXE, DLL, PDF, SWF, DOC/DOCX, XLS/XLSX, PPT/PPTX,JPG, PNG, MP3, MP4, and ZIP/RAR/TNEF archives Password-protected andencrypted attachments Credential-phishing andtyposquatting URLs URLs embedded in emails,PDFs, and Microsoft Officedocuments OS, browser, and applicationvulnerabilities Malicious code embedded inspear-phishing emailsWhile ransomware attacks start with an email, a callback toa command-and-control server is required to encrypt the data.Email Security – Cloud identifies and stops these hard-to-detectmultistage malware campaigns.Trellix Email Security – Cloud2

DATA SHEETSuperior threat detectionTrellix Email Security – Cloud helps mitigate the risk of breaches byidentifying and isolating advanced, targeted, and other evasive attackscamouflaged as normal traffic, and analyzing and fingerprinting them forfaster identification of future threats.Advanced URL Defense and theMVX engine use cutting-edgemachine learning and analyticsto identify attacks that evadetraditional signature andpolicy-based defenses.An integral part of Advanced URLDefense, PhishVision is an imageclassification engine that usesdeep learning to compile andcompare screenshots of trustedand commonly targeted brandsagainst web and login pagesreferenced by URLs in an email.Working in tandem with PhishVision,Kraken is a phishing detectionplug-in that applies domain andpage content analytics to augmentmachine learning.Another advance in URL detectionis Skyfeed, a purpose-built, fullyautomated malware intelligencegathering system incorporatedinto Email Security – Cloud.Skyfeed collects social mediaaccounts, blogs, forums, and threatfeeds for false negative discovery.The multifaceted nature ofAdvanced URL Defense helpsyour organization stay safefrom credential harvesting andspear-phishing attacks.An email may start out as benignto get past security defensesand only become malicious afterit’s been delivered to a recipient’sinbox. Email Security – Cloudretroactively analyzes and alertsyou when an email becomesmalicious post-delivery.Via the Microsoft 365 andGoogle Workspace APIs, EmailSecurity – Cloud automaticallyextracts these emails fromusers’ inboxes by creating anauto remediate policy.The MVX engine detectszero-day, multiflow, and otherevasive attacks by using dynamic,signatureless analysis in safevirtual environments. It stops theinfection and compromise phasesof an attack chain by identifyingnever-before-seen exploitsand malware.Trellix Email Security – Cloud3

DATA SHEETEnhanced AVAS protectionEmail Security – Cloud is available with anti-spam and antivirus (AVAS)protection to detect both common attacks that use conventionalsignature matching and impersonation techniques.Email Security – Cloud also relies on dedicated detection engines to helpguard against impersonation attacks, such as CEO fraud (often calledbusiness email compromise), which continue to significantly impactbusinesses financially. This is due in part to the lack of traditional threatindicators, such as malicious attachments or links, because the attacksare malware-free and rely on social engineering techniques. To combatthese attacks and protect customers, Trellix has developed innovativealgorithms, systems, and tools specializing in impersonation detectionand defense.A common indicator of an email attack is the age of the sender’s domain.When creating an impersonation campaign, adversaries send attackemails from a domain similar to that of the person or company they areimpersonating, usually within a few hours of that domain’s creation.Email is fundamental to all collaborativeenvironments, so deploying [Trellix] EmailSecurity – Cloud gives us the ability tomitigate the risks of compromise from thishighly exploited channel using a single solution.”— Nils Göldner, Managing Partner and Cloud Advisor Blackboat GmbHEmail Security – Cloud canaccurately determine the ageand maturity of a domain usingin-house developed Newly ExistingDomain (NED) and Newly ObservedDomain (NOD) tools. It treatsNEDs as suspicious andextensively inspects them forother attack indicators, such astyposquatting and senderdisplay or username spoofing.Instead of going through the process of buying and registering a domain,adversaries often change the display name or sender’s username, sothe email appears to come from a trusted source. Email Security – Clouddefends against this sender spoofing by determining each display nameand username’s authenticity using friendly name identification.Outbound scanningEmail Security – Cloud detects unknown advanced threats, includingmalicious attachments and phishing URLs delivered via outbound emailmessages. It also scans outgoing email traffic for malware and spam toprotect your organization’s domains from being blacklisted.Trellix Email Security – Cloud4

DATA SHEETIntegration to improve alerthandling efficienciesTrellix Email Security – Cloud analyzes every email attachment and URLto accurately identify today’s advanced attacks. Real-time updates fromthe entire Trellix security ecosystem combined with attribution of alertsto known threat actors provide context for prioritizing and acting oncritical alerts and blocking advanced email attacks. Known, unknown,and non-malware-based threats are identified with minimal noise andfalse positives, so you can focus on real attacks. This helps reduce youroperational expenses.Rapid adaptation to the evolvingthreat landscapeYour organization can rely on Email Security – Cloud to continuallyadapt, providing a proactive defense against email-borne threats. EmailSecurity – Cloud creates its own threat intelligence rather than relying onthird-party feeds. In-house, email-specific threat intelligence (or SmartDNS), data collection capabilities, email security experts, and threatanalysts provide the underlying infrastructure for enhanced antispamtechnologies and impersonation detection. Trellix uses deep intelligenceabout threats and attackers with adversarial, machine, and victimintelligence to: Deliver timely andbroad threat visibility Identify specificcapabilities and featuresof detected malware andmalicious attachments Provide contextualinsights to prioritizeand accelerate response Determine the probableidentity and motives ofan attacker and tracktheir activities withinyour organization Retroactively identifyspear-phishing attacksand prevent accessto phishing sites byrewriting malicious URLsUse the Trellix portal to view real-time alerts, create Smart Custom Rules,and generate reports. With Smart Custom Rules, you can make policiesand rules based on multiple granular conditions.Trellix Email Security – Cloud5