Email Security ServicesTechnical specifications

• Protection from denial-of-service and directory harvesting attacks
• Inbound reputation management – traffic shaping and traffic throttling mechanisms
• A service that learns dynamically with scoring/penalty system for spam relays
• Queueless design with checks on the SMTP session level
• Automatic address book reconciliation from Microsoft Exchange, Lotus Notes/Domino, LDAP
• Address book reconciliation in time intervals defined by the user
• Provisions for alias names and other domains
• Bounce management according to RFC 3461, 3463 and 3464
• Configuration and manual address entry through the Retarus EAS Portal
• View in Retarus Email Live Search Monitoring (Tracking Point)

Directory Filter

• Inbound reputation management – SPF and DKIM validation
• Notification of deleted infected emails via an email security report (Email Digest)
• Configuration through the Retarus EAS Portal

• Higher identification rate with up to four virus scanners
• Protection from unknown viruses using heuristic analysis (Zero-Hour Protection)
• Elimination of threats before they reach the customer’s infrastructure
• Continuous updating of virus definitions
• Notification of deleted infected emails via an email security report (Email Digest)

AntiVirus MultiScan

• Validation of incoming emails (external relay) that use a customer domain in the sender address (MIME-FROM)
• Flagging of suspicious emails with visual indicators such as pre-defined Unicode characters or text at the beginning of the sender field (friendly name)

External Sender Visibility Enhancement

• Also detects phishing emails that are not intercepted by virus scanners or spam filters
• Query of several databases of renowned specialist providers
• Optional quarantine or immediate deletion (configuration via EAS Portal)

Phishing Filter

• Spam protection with an identification rate of over 99.95%
• False positive rate of less than 0.0001%
• Protection from mass non-delivery notifications (backscatter protection)
• Blacklists and exception lists at the user, profile, domain, and global level
• Multi-lingual content analysis
• Content and structure analyses using heuristic methods
• Upstream bad word filter to meet compliance policies
• Fingerprint analysis, Bayes algorithms, sender check
• Continuous updating of intelligent filter, pattern, and identification rules

Phishing Filter / AntiSpam

• Receive large emails regardless of size limitations
• Flexible configuration of size limitations at the company and profile level
• User access for downloading emails with simplified user authentication (OneClick token login)
• Lighter load for email infrastructure and backup systems
• Quicker restore times, reduction in storage costs
• Consistent implementation of email policies

Large Email Handling

• Reconciliation of address books and directory services from Microsoft (Exchange, Active Directory, Azure Active Directory (AAD) for Microsoft 365), HCL Notes Domino and LDAP (Directory Synchronization)
• Reduction of manual administration and maintenance
• Immediate update of data pool in the Directory Filter
• Increased protection from directory harvesting attacks
• Local management of export address data by the customer

• Targeted search in real time for inbound and outbound emails
• Immediate display of the results list
• All information available for up to 45 days
• Direct access to emails placed in quarantine
• Clear information about throughput time
• Targeted search for message ID and source IP
• Detailed information about each Retarus Email Security step
• Information about malicious emails detected by Advanced Threat Protection (Deferred Delivery Scan, Sandboxing, Time-of-Click Protection, CxO Fraud Detection)
• Information about emails detected by Patient Zero Detection^®

Email Live Search

Email Live Search – Details

• Provisioning of real-time forensic data in the form of events
• Access via protected interface
• Subscription to security-relevant events from all SIEM tools customary in the market
• Currently available events:
  • AntiVirus MultiScan Inbound and Outbound
  • Sandboxing
  • CxO Fraud Detection
  • Patient Zero Detection^®
  • Outbound emails in general

Forensic SIEM Integration

• Transparent display of all service features
• Management of service and all additional services
• Detailed reports and powerful analysis functions
• Performance monitoring
• Email Live Search – tracking of all incoming and outgoing emails in real time
• Setup and management of user profiles
• Individual management rights for administrators via Access Management
• Support ticket creation and tracking
• Documentation
• Secure access via web browser

EAS Email – Dashboard

EAS Email – Administration

EAS Email – Service Configuration

• Configure email-free periods (external emails)
• Individual settings for different user profiles
• Secure temporary storage of emails in Retarus data centers
• Automatic delivery of emails after defined periods expire
• Bypass function for high-priority emails
• Emergency button for immediate delivery of emails during email-free periods

Quiet Time

• Centralized management of personalized email signatures and disclaimers
• Easy maintenance using the WYSIWYG editor in the EAS Portal
• Personalization directly via Active Directory or HCL Lotus Domino
• Signature and disclaimer assignment at the profile level
• Ability to combine any signature with any disclaimer
• Use of signatures in external emails only

Email Signature

• Practical support in the use of different addresses
• Uniform domain for external communication with different internal target addresses
• Facilitation in transition phases, e.g. the integration of company acquisitions
• Customizing as required

• Effective re-scanning with quadruple Retarus AntiVirus MultiScan
• Protects from viruses that are unknown at the time
• Select view of advanced security checks in Retarus Email Live Search Monitoring (Tracking Point)
• Notification of infected emails via an email security report (Email Digest)

Deferred Delivery Scan

• In-depth checks of email attachments through export to virtual machines
• Integration of a leading third-party sandboxing solution (Palo Alto) in Retarus Email Security
• Operated at Retarus (German processing)
• Notification of infected attachments via Email Security Report
• Select view of advanced security checks in Retarus Email Live Search Monitoring (Tracking Point)

Sandboxing

• Real-time checks of web links in emails
• Expanded protection from phishing attacks
• Effective blocking of phishing websites and warnings for affected users
• Customer security warnings can be saved (customer design)
• Select view of advanced security checks in Retarus Email Live Search Monitoring (Tracking Point)

Time-of-Click Protection

• Protection against emails with fake sender („spoofing“ or „impersonation attacks“)
• Combination of different detection methods and algorithms:
  • Analysis of header information
  • Recognition of similar looking domains or character sets (domain similarity)
  • Recognition of fake sender names, e.g. the customer’s own CEO
• Delivery of legitimate external email secured via email authentication (SPF) and whitelisting

CxO Fraud

• Identification of the recipient (patient zero) of malicious emails already delivered using a digital fingerprint.
• Identification using content analysis together with quadruple AntiVirus MultiScan
• Additional, automated learning from the results of Retarus Advanced Threat Protection (ATP)
• Alerts sent to administrators (to ensure a quick response)
• Optional alerts sent to users
• Cumulative reports for any given period of time
• Simplified IT forensics
• Supports the optimization of security settings (e.g., blacklisting)
• Seamless integration with other services such as Retarus Enterprise Email Archive or Retarus Email Encryption

<img class="size-full wp-image-31231" src="https://www.retarus.com/de/wp-content/uploads/sites/2/2018/01/retarus-email-security-patient-zero-detection.png" alt="Patient Zero Detection^®” width=”1890″ height=”432″>Patient Zero Detection^®

• Detailed, standardized information via administrator notification to support automatic processes used to remove emails from the server
• Configurable text for alerts (enables the distribution of behavior recommendations that are easy to understand and can be quickly implemented)
• Reduces the administrative work for IT forensics, support, and the help desk
• Increases protection through swift response to identified emails

PZD Real-Time Response – Rules

PZD Real-Time Response – Settings

• Compatible with any SMTP-based email system (e.g. Microsoft 365, G Suite, Microsoft Exchange, HCL Notes Domino)
• Complete key management by Retarus: create, distribute, and manage all keys
• Easy adoption of existing PKIs (public key infrastructures)
• Gateway-based S/MIME and PGP encryption
• Full support of the X.509 v3 standard including own certificates
• Full support of the OpenPGP standard
• Automatic or user-initiated signature of outgoing emails
• Ability to include internal company encryption policies
• Centralized and flexible set of rules for emails that need to be signed
• Filters for viruses and spam despite encryption
• TLS connection to the Retarus Global Delivery Network
• Optional VPN connection for secure and confidential communication over the “last mile”
• Web email portal or password-protected PDF for encrypted communication with recipients without their own encryption solution
• Company-wide standardized solution that can be expanded as needed
• No software and hardware installation required

Email Encryption

• Check, organize and route your company’s entire email traffic
• Diverse application options with rules that can be configured as needed
• Create, edit and prioritize individual rules with an easy-to-use editor in the Retarus EAS Portal
• Offers individual security optimizations, traffic handling and workflow automation
• Meets the highest performance and compliance requirements specific to complex corporate environments
• Fully cloud based; integral part of the Retarus Secure Email Platform

Predelivery Logic

The functional range of Predelivery Logic goes beyond the features of a purely traditional policy engine. In addition to targeted email routing and customer-specific security rules, the service is also designed to significantly support the automation of business processes.

Example application scenarios in specific domains:

IT infrastructure: Many emails found in an inbox are not intended for the employee, but rather sent there for further processing by a business application. Predelivery Logic makes it possible to route these emails to the right recipient using one or multiple defined attributes (e.g., sender, recipient, source IP, X header). This means emails are delivered directly to the correct application(s) and automatically processed there. Rules can be used to reroute the emails to someone other than the original target recipient as needed.

IT security: Along with comprehensive protection offered by Retarus Email Security, Predelivery Logic can help create company-specific rules. If emails deemed intrusive or potentially dangerous are received primarily from a specific region or country, automatic measures can be introduced for these messages, based on their origin (i.e. Geo IP), for example, to isolate the email in user quarantine.

Workflow automation: Predelivery Logic makes it possible to individually further process emails using rules based on specific attributes (e.g., email language). This means emails can be automatically routed to the correct department or country subsidiary before they are delivered to the recipient’s email system. It is also possible to automatically add key words to the subject line to simplify processing and recipient assignment.

Predelivery Logic – Rules

• Better structured reports on undeliverable emails (spam, viruses, phishing, graymail, etc.) are sent by email
• Combined overview of spam, viruses, and graymail via email
• Online access with simplified user authentication (OneClick token login)
• Direct access to quarantined emails classified as spam
• Additional virus scan after retrieval from quarantine
• Extended search capabilities, e.g. for attachments and quarantine reason
• Distinct color bar visualization based on actual threat level (i.e. from yellow to red)
• New detailed view with further information about each email
• Mobile device support (e.g. iPhone, Android, etc.)
• User-based quarantine and report settings
• System-wide configuration via the EAS Portal for administrators

Quarantäne Management – Mobile

Quarantäne Management – Mobile

Quarantäne Management – Desktop

Quarantäne Management – Desktop

• Connection of customer systems via opportunistic TLS possible
• Connection of customer systems via enforced TLS possible
• Connection of customer systems via VPN possible

• Continuous check of email server availability
• Warning sent to defined contacts in the event of errors, e.g. per text message
• Queuing of incoming emails during system downtime
• Faster response to system errors