ExchangeDefender tagline is “We kill SPAM for a living” and our antispam engine is the crown jewel of our proprietary IP portfolio. To add to hundreds of different technologies we have developed ourselves, we use commercial feeds, license antispam plugins and technology to keep junk senders from reaching your employees. We use:
Commercial blacklist feeds
Sender reputation networks
Commercial SPAM signature feeds
Open source detection tools
Our biggest value-add in this equation is the presence of people in the process: Every day we add hundreds of new SPAM detection patterns, we evaluate millions of messages and build statistical models, we track real-time outbreaks and new SPAM sources, we contribute and manage antispam networks.
What makes ExchangeDefender unique is that it understands the context of your organization. For example, if you are a medical research facility it wouldn’t be unusual to get a ton of mail about drug research and benefits. The same messages, if sent to a school, would be interpreted with far more scrutiny. ExchangeDefender considers the target, as well as the source, as it processes mail and that leads to a much higher accuracy in SPAM detection.
ExchangeDefender relies on a multithreaded virus detection system to get the fastest response to new in-the-wild viruses. With the rise of ransomware and cryptolocker-variants, antivirus alone is not enough to certify clean attachments. ExchangeDefender uses a mix of:
Commercial virus databases
Open source threat detection
Proprietary threat mapping systems
Virtualized testing environments
ExchangeDefender first checks attachments using commercial and open source threat detection tools. If the attachment is suspect (based on the source, origin, contents) it can be held for scanning giving antivirus providers a chance to catch a 0-day virus in the wild.
Certain attachments that contain rootkit and CryptoLocker variants that cannot be detected using an antivirus engine, we employ a virtualized (chroot) environment and see what the attachment actually does when it’s executed.
Ultimately, we also allow businesses to restrict certain attachment types entirely – functioning as an external firewall – to eliminate even the remotest possibility that a dangerous attachment could slip through.
ExchangeDefender protection goes beyond virus and ransomware detection because most threats are not destructive. Hackers are constantly attempting to compromise systems and use them for numerous nefarious purposes. ExchangeDefender also uses:
Attachment extension policies
Attachment filetype policies
Multilevel compression detection
Content disarming mechanism
ExchangeDefender enables organizations to fine tune what kinds and types of attachments it wants to permit users to receive. Hackers tend to get creative in order to circumvent basic security measures – sometimes zip files have zip files inside of them because most antivirus will not check further than one level. Sometimes the message itself isn’t infected at all, but the external content it attempts to load is. ExchangeDefender is constantly analyzing and sanitizing content going through our network and tracking evolving threats as they pop up.
ExchangeDefender Phishing Protection has evolved over the years into a full-fledged product to track and neutralize identity theft and forged sites. ExchangeDefender protects clients from:
Domain phishing (address book)
Numerical phishing (IP address)
Domain mismatch / forgery
Phishing has in fact become the most dangerous form of attack because their success rate is not immediate. Businesses that become targets and victims of phishing attacks can have their entire networks, passwords and social networks exposed that can be abused for months by hackers. This is why ExchangeDefender layered protection is so important, we keep threats away from getting in through the email but we also stop data leakage and confidential information from going out of your network if it’s compromised in another way.
ExchangeDefender supports and utilizes all popular means of authenticating legitimate senders. Beyond Sender Policy Framework (SPF) and Domain-based Message Authentication Reporting & Conformance (DMARC) we also rely on the following popular technologies to limit dangerous network access:
Bulk Mailer Mapping
Email is our entire business so we know where legitimate and forged newsletters are coming from. We rely heavily on the Domain Name System (DNS) to isolate new domains, IP addresses without valid DNS, shared web hosting systems, large unmanaged and poorly policed networks. While mapping out the known universe of spammers and hackers is relatively simple thanks to prior sender reputation data, tracking and processing mail from servers (and domains) that just registered and started sending mail is far more complex and requires a lot of human supervision.
ExchangeDefender supports a rich framework for applying corporate signatures and signature policies. Every domain can specify both HTML and plain text signatures that are automatically applied to every outbound message no matter which mail client or device is used to send a message. Many industries and countries have regulatory requirements to provide disclaimers in every email sent from their network so ExchangeDefender can enforce it as a matter of policy.
ExchangeDefender is a massively redundant network with various network services, infrastructure, and data feeds all over the world. As one of the largest email systems in the world we are often the target of hack attacks, distributed denial of service (DDoS) attacks, packet floods as well as a steady stream of evolving threats that target our clients.
Because of the nature of our system (as a network proxy service) we have the capability to scale on demand and utilize a mix of private and public cloud systems along with our proprietary network deployment to build redundancy into every service we provide.
With servers and clients all over the world, we have the capability to quickly shift resources anywhere they are needed, to intelligently load balance our traffic across multiple networks and scale on demand in the event of a widespread attack.
Our occupational hazard is your advantage: Because we have so many systems to protect and manage, we are often on the receiving end of the first proof of concept attacks and generally see threatening content in our NOC (network operations center) before it becomes a widespread 0-day epidemic.
ExchangeDefender is extremely accurate in determining what is SPAM, but nothing is perfect. Even one miscategorized email can be a disaster to a client waiting for it. To help businesses better police their own mail flow, ExchangeDefender has a rich and extensive list functionality that helps you build your own rules.
Whitelists – Whitelists permit users to designate Safe Senders. Messages from these addresses, no matter where they are from or what they contain, will always be delivered directly to the user (so long as they don’t contain a virus of course).
Blacklists – Blacklists permit users to block mail from certain domains or users, regardless of whether the mail is legitimate or not. This is particularly helpful when dealing with abuse or repetitive notification systems that are abusing your clients productivity.
Automated Trust – ExchangeDefender proprietary systems help sign and track messages that are likely trustworthy. For example, if you send an email to someone it’s likely that you’d want to get a response from them without antispam system catching it. This functionality, along with hundreds of other hooks, play a vital part of ExchangeDefender being able to predict mail flow without forcing your IT department to create rules or babysit a junk mail folder.