Email Security ServicesTechnical specifications
The comprehensive solution for virus- and spam-free email communication: offering gateway-based encryption, data processing in Retarus data centers according to local data protection regulations, innovative email management, and tamper-proof archiving.
Features
Retarus Email Security blocks malware such as viruses, spam, phishing mails, ransomware and other digital threats. Patient Zero Detection® identifies malware that is unknown at the time it is spread and can therefore penetrate defense mechanisms to reach customer inboxes. This solution allows you to respond quickly to these threats and prevent harmful activity. Retarus’ innovative queueless design analyzes cacheless incoming emails. Emails arrive without delay thanks to minimal throughput time. For maximum security, Retarus continuously updates and optimizes virus scanners and filter methods.
Essential Protection
Directory Filter
InboundOutbound
The Directory Filter rejects incorrectly addressed emails in accordance with RFC. As a result, the processing time of incoming and outgoing emails is significantly faster. Valid addresses are automatically and regularly reconciled with customer systems.
More info
Furthermore, senders, who appear conspicuous because of attack attempts due to denial of service and directory harvesting attacks, are assigned to a special classification and thus accepted in delay (traffic throttling mechanisms).
- Protection from denial-of-service and directory harvesting attacks
- Inbound reputation management – traffic shaping and traffic throttling mechanisms
- A service that learns dynamically with scoring/penalty system for spam relays
- Queueless design with checks on the SMTP session level
- Automatic address book reconciliation from Microsoft Exchange, Lotus Notes/Domino, LDAP
- Address book reconciliation in time intervals defined by the user
- Provisions for alias names and other domains
- Bounce management according to RFC 3461, 3463 and 3464
- Configuration and manual address entry through the Retarus EAS Portal
- View in Retarus Email Live Search Monitoring (Tracking Point)
Directory Filter
Inbound reputation management
InboundOutbound
Along with using Directory Filter functions, the reputation of the senders of incoming emails are checked. An evaluation for sender authorization by validating the SPF (Sender Policy Framework) and DKIM (DomainKeys Identified Mail) is carried out. Classified emails that do not pass validation are isolated in a quarantine.
More info
- Inbound reputation management – SPF and DKIM validation
- Notification of deleted infected emails via an email security report (Email Digest)
- Configuration through the Retarus EAS Portal
AntiVirus MultiScan
InboundOutbound
AntiVirus MultiScan automatically scans incoming and outgoing emails and file attachments for viruses with up to four virus scanners and uses heuristic analysis to protect from unknown malware.
More info
- Higher identification rate with up to four virus scanners
- Protection from unknown viruses using heuristic analysis (Zero-Hour Protection)
- Elimination of threats before they reach the customer’s infrastructure
- Continuous updating of virus definitions
- Notification of deleted infected emails via an email security report (Email Digest)
AntiVirus MultiScan
External Sender
Visibility Enhancement
InboundOutbound
External Sender Visibility Enhancement flags incoming emails sent by an external sender pretending to have the same sender domain as that of the recipient’s company network (spoofing). This feature makes it easier to detect spoofed sender addresses.
More info
- Validation of incoming emails (external relay) that use a customer domain in the sender address (MIME-FROM)
- Flagging of suspicious emails with visual indicators such as pre-defined Unicode characters or text at the beginning of the sender field (friendly name)
External Sender Visibility Enhancement
Phishing Filter
InboundOutbound
The Phishing Filter scans incoming emails in real time for phishing scams. Those in question are either moved to quarantine and flagged as “phishing” or deleted.
More info
- Also detects phishing emails that are not intercepted by virus scanners or spam filters
- Query of several databases of renowned specialist providers
- Optional quarantine or immediate deletion (configuration via EAS Portal)
Phishing Filter
AntiSpam Management
InboundOutbound
Spam check of incoming emails using rules and tools that are continuously updated. Depending on the service setting, emails classified as spam are flagged or placed in quarantine.
More info
- Spam protection with an identification rate of over 99.95%
- False positive rate of less than 0.0001%
- Protection from mass non-delivery notifications (backscatter protection)
- Blacklists and exception lists at the user, profile, domain, and global level
- Multi-lingual content analysis
- Content and structure analyses using heuristic methods
- Upstream bad word filter to meet compliance policies
- Fingerprint analysis, Bayes algorithms, sender check
- Continuous updating of intelligent filter, pattern, and identification rules
Phishing Filter / AntiSpam
Attachment Blocker
InboundOutbound
The Attachment Blocker prevents the receipt of files attached to incoming emails that match criteria defined by the customer. These are files that should be prevented from reaching the company infrastructure, for example .exe, .zip, or Office files with macros.
More info
- Blocks undesired email attachments
- Defines files to be blocked using the file extension
- Defines files to be blocked using the MIME type
- Automatic blocks of nested or password-protected archives and unknown MIME types
- Configurable message options for recipients regarding deleted attachments
- Option to deliver copies of original mails to administrators
Attachment Blocker
Large Email Handling
InboundOutbound
Retarus Large Email Handling allows recipients to receive large emails despite size limitations defined for the mail server. This means even multi-megabyte messages, such as job applications, balance sheets, patent documents, design drawings, and loan applications will reach their destinations.
More info
- Receive large emails regardless of size limitations
- Flexible configuration of size limitations at the company and profile level
- User access for downloading emails with simplified user authentication (OneClick token login)
- Lighter load for email infrastructure and backup systems
- Quicker restore times, reduction in storage costs
- Consistent implementation of email policies
Large Email Handling
Administration & Analysis
Directory Synchronization
InboundOutbound
In addition to manually maintaining addresses in the Retarus EAS Portal, Automated Directory Synchronization can reconcile addresses automatically with the customer’s address book and directory services.
More info
- Reconciliation of address books and directory services from Microsoft (Exchange, Active Directory, Azure Active Directory (AAD) for Office 365), IBM Lotus Domino/Notes and LDAP (Directory Synchronization)
- Reduction of manual administration and maintenance
- Immediate update of data pool in the Directory Filter
- Increased protection from directory harvesting attacks
- Local management of export address data by the customer
Access Management
InboundOutbound
With Access Management in the Retarus Enterprise Administration Services Portal (Retarus EAS Portal), access rights for administrators can be assigned flexibly and according to requirements for e.g. countries, subsidiaries, domains, or departments.
- Granular, hierarchical rights concept for administrators
- Flexible assignment of access rights to e.g. configurations and evaluations
Email Live Search
InboundOutbound
Email Live Search provides detailed results on the status of individual emails in real time. This search function makes it easier to find emails, simplifies the analysis of delivery delays, and supports IT forensics. For example, the help desk can release emails marked as graymail to users from within user guidance.
More info
- Targeted search in real time for inbound and outbound emails
- Immediate display of the results list
- All information available for up to 45 days
- Direct access to emails placed in quarantine
- Clear information about throughput time
- Targeted search for message ID and source IP
- Detailed information about each Retarus Email Security step
- Information about malicious emails detected by Advanced Threat Protection (Deferred Delivery Scan, Sandboxing, Time-of-Click Protection, CxO Fraud Detection)
- Information about emails detected by Patient Zero Detection®
Forensic SIEM Integration
InboundOutbound
Forensic SIEM Integration offers events you can subscribe to that enrich your data stream with details about email security.
More info
- Provisioning of real-time forensic data in the form of events
- Access via protected interface
- Subscription to security-relevant events from all SIEM tools customary in the market
- Currently available events:
- AntiVirus MultiScan Inbound and Outbound
- Sandboxing
- CxO Fraud Detection
- Patient Zero Detection®
- Outbound emails in general
Forensic SIEM Integration
Monitoring & Reporting
InboundOutbound
In addition to easy management of service instances and user profiles 24/7, the web-based Retarus Enterprise Administration Services Portal (Retarus EAS Portal) offers information about the effectiveness of Retarus Email Security Services. All reporting and monitoring information can be downloaded in a prepared format, offering process transparency that is unique to the market.
More info
- Transparent display of all service features
- Management of service and all additional services
- Detailed reports and powerful analysis functions
- Performance monitoring
- Email Live Search – tracking of all incoming and outgoing emails in real time
- Setup and management of user profiles
- Individual management rights for administrators via Access Management
- Support ticket creation and tracking
- Documentation
- Secure access via web browser
Additional Options
Quiet Time
InboundOutbound
Quiet Time allows you to define periods during which employees do not receive external emails, for example, during free time and on weekends. It allows you to define periods during which emails are not delivered to inboxes so that email servers can undergo maintenance.
More info
- Configure email-free periods (external emails)
- Individual settings for different user profiles
- Secure temporary storage of emails in Retarus data centers
- Automatic delivery of emails after defined periods expire
- Bypass function for high-priority emails
- Emergency button for immediate delivery of emails during email-free periods
Quiet Time
Inbox Assist
InboundOutbound
Retarus Inbox Assist gives executives, managing directors, department heads, and assistant-supported teams the ability to forward incoming emails automatically to assistants, either exclusively or in copy. This means business correspondence can be presorted and processed immediately. The inbox remains organized and confidential emails remain confidential.
More info
- Exclusion of defined senders from forwarding for more privacy
- Immediate delivery of emails from important contacts overrides assistant forwarding
- Convenient maintenance of personal contacts
- Reconciliation of any address book via vCard (Microsoft Outlook, IBM Notes, iCloud, etc.)
- Automated synchronization of Google contacts
- Control of assistant forwarding
- No additional configuration of email server required
Inbox Assist
Email Signature
InboundOutbound
According to statutory requirements, business emails must contain signatures, just as they are required for customary business letters in commercial correspondence. Required information includes data that is often changed, such as telephone numbers. Retarus Email Signature helps create and centrally manage signatures and disclaimers quickly and efficiently.
More info
- Centralized management of personalized email signatures and disclaimers
- Easy maintenance using the WYSIWYG editor in the EAS Portal
- Personalization directly via Active Directory or Lotus Domino/Notes
- Signature and disclaimer assignment at the profile level
- Ability to combine any signature with any disclaimer
- Use of signatures in external emails only
Email Signature
Advanced Threat Protection (ATP)
Deferred Delivery Scan
InboundOutbound
As part of Deferred Delivery Scan (DDS), defined file attachments undergo further analysis using additional re-scan procedures. The delay means that signatures for the engines, which were not there at the time of the initial scan, could exist in the new malware at the time of the quadruple Retarus AntiVirus MultiScan rescan. DDS performs multiple re-scans within a short amount of time. If a virus is detected, Retarus deletes the affected files and informs the intended recipient.
More info
Higher identification rate due to additional re-scan procedures
- Effective re-scanning with quadruple Retarus AntiVirus MultiScan
- Protects from viruses that are unknown at the time
- Select view of advanced security checks in Retarus Email Live Search Monitoring (Tracking Point)
- Notification of infected emails via an email security report (Email Digest)
Deferred Delivery Scan
Sandboxing
InboundOutbound
Sandboxing subjects specific file attachments to an in-depth analysis. Attachments that contain potentially malicious code (e.g. files and active elements) are exported to a virtual machine and checked for unusual behavior. Retarus uses a sandboxing solution from the specialized and highly respected third-party provider Palo Alto Networks for this advanced threat assessment. Emails identified as infected are either deleted or quarantined, and the intended recipient is notified.
More info
- In-depth checks of email attachments through export to virtual machines
- Integration of a leading third-party sandboxing solution (Palo Alto) in Retarus Email Security
- Operated at Retarus (German processing)
- Notification of infected attachments via Email Security Report
- Select view of advanced security checks in Retarus Email Live Search Monitoring (Tracking Point)
Sandboxing
Time-of-Click Protection
InboundOutbound
Time-of-Click Protection automatically re-writes links (URLs) in emails. When recipients click on these links, the links are checked for suspected phishing target addresses. If the target site is not identified as a phishing site, the user is sent directly to it. If the target site is a phishing site, a security warning is issued.
More info
- Real-time checks of web links in emails
- Expanded protection from phishing attacks
- Effective blocking of phishing websites and warnings for affected users
- Customer security warnings can be saved (customer design)
- Select view of advanced security checks in Retarus Email Live Search Monitoring (Tracking Point)
Time-of-Click Protection
CxO Fraud Detection
InboundOutbound
CxO Fraud Detection uses algorithms that identify from-spoofing and domain-spoofing, to detect falsified sender addresses (e.g. from high level executives). Emails identified as CxO fraud are not delivered immediately, but rather quarantined.
More info
- Protection against emails with fake sender („spoofing“ or „impersonation attacks“)
- Combination of different detection methods and algorithms:
- Analysis of header information
- Recognition of similar looking domains or character sets (domain similarity)
- Recognition of fake sender names, e.g. the customer’s own CEO
- Delivery of legitimate external email secured via email authentication (SPF) and whitelisting
CxO Fraud
Postdelivery Protection
Patient Zero Detection®
InboundOutbound
A malware’s signature is still unknown the first time it appears, even to the best virus scanners. In combination with quadruple AntiVirus MultiScan, Patient Zero Detection® uses a digital fingerprint to identify emails containing malware that have already been delivered. Relevant alerts are sent according to customer settings. This way, appropriate defensive actions can be taken as quickly as possible.
More info
- Identification of the recipient (patient zero) of malicious emails already delivered using a digital fingerprint.
- Identification using content analysis together with quadruple AntiVirus MultiScan
- Additional, automated learning from the results of Retarus Advanced Threat Protection (ATP)
- Alerts sent to administrators (to ensure a quick response)
- Optional alerts sent to users
- Cumulative reports for any given period of time
- Simplified IT forensics
- Supports the optimization of security settings (e.g., blacklisting)
- Seamless integration with other services such as Retarus Enterprise Email Archive or Retarus Email Encryption
®” width=”1890″ height=”432″>Patient Zero Detection®PZD Real-Time Response
InboundOutbound
With Patient Zero Detection® Real-Time Response, Patient Zero Detection® findings can be rule-based processed to identify and automatically move or delete potentially dangerous emails in a user’s mailbox.
More info
- Detailed, standardized information via administrator notification to support automatic processes used to remove emails from the server
- Configurable text for alerts (enables the distribution of behavior recommendations that are easy to understand and can be quickly implemented)
- Reduces the administrative work for IT forensics, support, and the help desk
- Increases protection through swift response to identified emails
PZD Real-Time Response
Information Protection & Compliance
Email Encryption/Decryption
InboundOutbound
Outbound emails are transferred from the customer’s email server to Retarus. Emails are identified in Retarus data centers, fully encrypted using customer-specific rules, signed as needed and sent securely to the recipient. This means that the email and all of its file attachments are encrypted.
More info
- Compatible with any SMTP-based email system (e.g. Office 365, G Suite, Microsoft Exchange, Lotus Domino/Notes)
- Complete key management by Retarus: create, distribute, and manage all keys
- Easy adoption of existing PKIs (public key infrastructures)
- Gateway-based S/MIME and PGP encryption
- Full support of the X.509 v3 standard including own certificates
- Full support of the OpenPGP standard
- Automatic or user-initiated signature of outgoing emails
- Ability to include internal company encryption policies
- Centralized and flexible set of rules for emails that need to be signed
- Filters for viruses and spam despite encryption
- TLS connection to the Retarus Global Delivery Network
- Optional VPN connection for secure and confidential communication over the “last mile”
- Web email portal or password-protected PDF for encrypted communication with recipients without their own encryption solution
- Company-wide standardized solution that can be expanded as needed
- No software and hardware installation required
Email Encryption
Data Loss Prevention
InboundOutbound
Data Loss Prevention checks emails addressed to external recipients sent by the customer’s users (as part of configuration) for defined patterns, e.g. credit card numbers or bank account numbers (IBAN). If an email contains this type of pattern, it is not sent to external recipients and the sender is notified.
More info
Furthermore, certain employees, e.g. an administrator or compliance officer, can be informed of the delivery attempt. The affected email is quarantined. In addition, a monitoring entity for all outbound emails is created, for example, a role-based inbox. Senders must be added to the distribution list to be able to send emails.
- Support for observance of compliance regulations through an expanded monitoring entity for sending emails
- Transparency through immediate notification of affected senders
- Optional notification of an administrator or compliance officer
- Select view of advanced security checks in Retarus Email Live Search Monitoring (Tracking Point)
Data Loss Prevention
Enterprise Email Archive
InboundOutbound
Enterprise Email Archive offers tamper-proof archiving of business email correspondence. Archived emails cannot be changed, are protected from unauthorized access, and can be found in milliseconds even when the email volume is large.
More info
- Automatic archiving of internal and external email correspondence including attachments
- Encrypted storage of each individual email in original format (MIME) including attachments (used of own certificates possible)
- Reliable spam and virus checks prior to archiving
- Tamper-proof storage and data processing according to applicable data protection regulations in Retarus data centers in Europe
- Storage period may be selected (for example, ten years)
- Emails cannot be deleted or changed during legally binding retention periods
- Emails and attachments are received even during system failure or if mailboxes are accidentally deleted
- Targeted indexing of relevant key data for fast searches
- Powerful search functions, e.g. search for sender and recipient, as well as file names and types of attachments, or full text
- Ability to access archived emails and attachments in milliseconds
- Administrative access for authorized persons according to the double-check principle
- Easy and secure user access via single sign-on
- Access irrespective of inbox quota
- Ability to deliver archived emails and attachments to own business inbox
- Complete logging of all access attempts and actions
- Saved emails with attachments (data carriers, other archiving systems) can be migrated
Enterprise Email Archive
Dynamic Mail Routing
User-based Routing / Address Rewriting
InboundOutbound
Within the scope of User-Based Routing, Retarus delivers emails for specified recipients (user-based) within a domain to specific target servers.
Address Rewriting provides the ability to automatically rewrite email addresses of recipients for the customer domain. The so-called “Envelope-To”-recipient will be changed according to the customer’s specifications (e.g. from …@customerdomain.de to …@customerdomain.com).
Address Rewriting provides the ability to automatically rewrite email addresses of recipients for the customer domain. The so-called “Envelope-To”-recipient will be changed according to the customer’s specifications (e.g. from …@customerdomain.de to …@customerdomain.com).
More info
- Practical support in the use of different addresses
- Uniform domain for external communication with different internal target addresses
- Facilitation in transition phases, e.g. the integration of company acquisitions
- Customizing as required
System Basics
Quarantine Management
InboundOutbound
Simplified email handling for employees and administrators. At customizable points in time, reports sent by email (Email Digests) offer a quick view of the emails flagged for deletion or quarantine by Retarus Email Security Components (AntiVirus MultiScan, AntiSpam, Inbound Reputation Management, Attachment Blocker, Large Email Handling, Deferred Delivery Scan, Sandboxing, CxO-Fraud Detection).
More info
- Better structured reports on undeliverable emails (spam, viruses, phishing, graymail, etc.) are sent by email
- Combined overview of spam, viruses, and graymail via email
- Online access with simplified user authentication (OneClick token login)
- Direct access to quarantined emails classified as spam
- Additional virus scan after retrieval from quarantine
- Targeted search for emails in quarantine
- Mobile device support (e.g. iPhone, Android, etc.)
- User-based quarantine and report settings
- System-wide configuration via the EAS Portal for administrators
Encrypted Connection to Retarus
InboundOutbound
Maximum protection of customer data: customer systems are connected via TLS (Transport Layer Security) or optional VPN (Virtual Private Network) to the Retarus Global Delivery Network. This makes it impossible to read data exchanged between customers and the Retarus infrastructure even with today’s level of technology.
More info
- Connection of customer systems via opportunistic TLS possible
- Connection of customer systems via enforced TLS possible
- Connection of customer systems via VPN possible
Email Check
InboundOutbound
Retarus Email Check continuously checks to see if connected customer systems are available and distributes warnings to define contacts in the event of errors.
More info
- Continuous check of email server availability
- Warning sent to defined contacts in the event of errors, e.g. per text message
- Queuing of incoming emails during system downtime
- Faster response to system errors