Trellix Email Security Server

Solution Overview

Email connects customers, suppliers, partners, and coworkers—and continues to be the most successful attack vector. Over 90 % of cyberattacks begin with phishing. Cybercriminals use targeted social engineering to trick users into clicking malicious URLs and opening compromised attachments. And as companies extend collaborative platforms and enterprise applications to transform partner relationships, threat actors are already exploiting this largely unprotected attack vector.

Trellix provides the industry’s most comprehensive enterprise communication and collaboration security solution. Deployed on premise behind the primary secure email gateway as in-line or bcc mode, Trellix Email Security-Server also supports AWS bare metal form factor and minimizing the risk of costly breaches.

Trellix Email Security – Server offers superior detection that leads the industry in identifying, isolating, and immediately stopping ransomware, business email compromise, spear phishing, credential harvesting, and attachment-based attacks before they enter your environment. Trellix Email Security-Server solution identifies, isolates and blocks the latest URL attacks and provides contextual insights to prioritize and accelerate response.

Integrated investigation and response ensure alignment with your overall security operations program.

By integrating with additional Trellix extended detection and response (XDR) products Trellix Email Security-Server provides broader visibility into multi-vector blended attacks for coordinated real-time protection. Use the Trellix Central Management System to view real-time alerts, create smart custom rules and generate reports.

Trellix Email Security, paired with Trellix Intelligent Virtual Execution (IVX) provides a comprehensive enterprise communication and collaboration security solution, spanning email infrastructure, enterprise applications, and collaboration platforms, ensuring people can work together securely across the extended enterprise.

Providing a critical second layer of protection to secure email infrastructure, Email Security –Server is an integral part of the Trellix learning and adaptive ecosystem. Trellix continuously monitors the threat landscape, correlating threat data gathered from more than 40k enterprise customers, technology partners, and service provider networks around the world, ensuring you stay ahead of known and emerging threats.

EX 3600

• Max IPS performance: Up to 50 Mbps
• Max concurrent connections: 15K
• New connections per second: 750/Sec

EX 5600

• Max IPS performance: Up to 100 / 250 Mbps
• Max concurrent connections: 80K
• New connections per second: 4K/Sec

EX 8600

• Max IPS performance: Up to 500 Mbps
• Max concurrent connections: 160K
• New connections per second: 8K/Sec

VX 5500

• Performance: 600 unique attachments per hour

VX 12550

• Performance: 5100 unique attachments per hour

VX 12600

• Performance: 5100 unique attachments per hour

EX 5500V

---

• Performance: Up to 1,250 unique attachments per hour

Highlights

• Supports analysis against Microsoft Windows and Apple macOS x operating system images
• Examines email for threats hidden in password-protected files, encrypted attachments, and URLs.
• Deploys on premises with integrated or distributed IVX service
• Metadata streaming to third party SIEM solutions
• Supports custom YARA rules to enhance threat detection efficacy

Key Capabilities

Superior threat detection

Attakers use multi-stage campaigns, designed to evade email infrastructure providers. For example, in multi-staged phishing campaigns, attackers first steal credentials then use the stolen credentials login to the mail server and distribute phishing emails throughout the organization. Phishing is popular among attackers because cybercriminals can use targeted social engineering to trick almost any user into clicking a URL. While ransomware attacks start with an email, a callback to a command-and-control server is required to encrypt the data.

Advanced URL Defense

Email Security – Server offers multiple advanced URL defense techniques to identify malicious URLs, protecting your organization from credential harvesting and spear-phishing attacks.

Advanced URL Defense, MalwareGuard, and the IVX engine in the solution analyzes and quarantines blocked emails if it finds unknown or advanced threats found hidden in:

• Attachment types including EXE, DLL, PDF, SWF, DOC/DOCX, XLS/XLSX, PPT/PPTX, JPG, PNG, MP3, MP4, and ZIP/RAR/ TNEF archives
• Password-protected and encrypted attachments
• Password-protected attachments with password sent via image
• URLs embedded in emails, Microsoft 365 documents, PDFs, archive files (ZIP, ALZip, JAR), and other file types (unencoded, HTML)
• Files downloaded through URLs including FTP links
• Obfuscated, spoofed, shortened, and dynamically redirected URLs
• Credential-phishing and typo-squatting URLs
• Unknown Microsoft Windows and Apple mac OS X operating system images, browser, and application vulnerabilities
• Malicious code embedded in spear-phishing emails

The many features of Advanced URL Defense can help your organization achieve unparalleled defense against credential harvesting and spearphishing attacks. Advanced URL Defense continually evolves and enhances evasion mitigations for phishing sites to keep your organization safe from attackers trying to evade technology that detects suspicious URLs.

Malware protection

MalwareGuard is a machine learning utility that takes binary files as input and outputs a suspiciousness score. It examines every Portable Executable (PE) file on the wire, makes a decision based on the score, and assigns a name to detections.

Trellix Intelligent Virtual Execution (IVX) helps further defend your organization from phishing and ransomware by detonating all email attachments and URLs to determine if previously legitimate files have been weaponized.

IVX is a signature-less, dynamic intelligence-driven analysis engine that inspects suspicious objects using real-time multi-flow, multivector analysis to identify and block targeted, evasive and emerging threats.

Guest Image, another evasion mitigation, can be customized to mimic a “used” endpoint when a potentially malicious object is executed. By ensuring Guest Image reproduces an endpoint domain, domain user, Outlook data, and browser history, you can prevent many evasion techniques.

Rapid adaptation to the evolving threat landscape

Trellix Email Security – Server helps your organization continually adapt your proactive protection from email threats via real-time threat intelligence from the Trellix Dynamic Threat Intelligence (DTI) Cloud. It combines deep adversarial, machine, and victim intelligence to:

• Deliver timely and broad threat visibility
• Identify specific capabilities and features of detected malware and malicious attachments
• Provide contextual insights to help you prioritize and accelerate response an attacker and track their activities within your organization
• Determine the probable identity and motives of
• Rewrite all URLs embedded within an email to protect your users from malicious links
• Retroactively identify spearphishing attacks and prevent access to phishing sites by highlighting malicious URLs

Integrated Detection, Investigation, and Response

Security threats are more dynamic and sophisticated than ever. Static, siloed solutions are simply not enough to protect your businesses. Email Security – Server is an integral part of the Trellix learning and adaptive ecosystem. The Trellix ecosystem continuously monitors the threat landscape, correlating threat data gathered from customer, technology partner, and service provider networks around the world.

Our artificial intelligence algorithms, machine learning models, and security analytics use this threat intelligence to strengthen threat prevention and detection at the speed of the adversary, so you stay ahead of known and emerging email-borne threats.

Trellix Email Security – Server enables integrated investigation and response to align with your larger security operations program. Analyst can perform retrospective analysis by searching for newly identified IOCs in previously received emails to quickly identify the source of a compromise. Analysts can also claw back emails weaponized post-delivery, simplify and accelerating incident response.

Elite intel analysts from Trellix’s Advanced Research Center actively track vulnerabilities and malware campaigns—and the nation-states and malicious actors behind them—providing rich contextual intelligence to inform and accelerate response.

Gain real-time protection from multi-vector, multi-staged attack using Trellix XDR, or other third party SIEM/XDR providers, to correlate email alerts with rich metadata with signals from endpoint, network and other security controls.

Comprehensive and resilient, protection from email threats

Email Security – Server analyzes every email attachment and URL to accurately identify today’s advanced attacks. Real-time updates from the entire Trellix security ecosystem, combined with alert attribution to known threat actors, provide context for prioritizing and acting on critical alerts and blocking advanced email attacks.

The tool identifies known, unknown, and non-malware-based threats with minimal noise and false positives so you can focus resources on real attacks, helping reduce operational expenses. And riskware categorization separates genuine breach attempts from undesirable, but less malicious activity (such as adware and spyware) to prioritize alert response. Trellix Email Security- Server integrates with other security solutions to detect threats across different technologies and products.