TRUSTWAVE SEG BLENDED THREAT MODULE FAQ

Similar documents
CAA NEWS 15,000 VISUAL ART PROFESSIONALS REACH EVERY WEEK MEDIA KIT

DMA MARKETING BRIEF B2C DIRECT MARKETING PROFESSIONALS EVERY WEEK MEDIA KIT

Concept. Texting Service

C I S C O E M A I L S E C U R I T Y A P P L I A N C E

MARSHAL REPORTING CONSOLE VERSION 2.5 INSTALLATION GUIDE

How to Extend your Identity Management Systems to use OAuth

Trustwave SEG Cloud Customer Guide

Law Firm Website On-Page SEO Best Practices Guide

TRUSTWAVE VULNERABILITY MANAGEMENT USER GUIDE

BDD DPC 2014 Tutorial

Bill Pay Marketing Program Campaign Guide

K7 Mail Security FOR MICROSOFT EXCHANGE SERVERS. v.109

TRUSTWAVE SEG SPAMCENSOR EXPLAINED

European developer & provider ensuring data protection User console: Simile Fingerprint Filter Policies and content filtering rules

Behave! - Behavior Driven Development IPC 2013 SE. Tobias Schlitt (@tobysen) June 5th 2013

Deploying Layered Security. What is Layered Security?

UX report. University of the Arts London

GFI Product Manual. Administration and Configuration Manual

Cincinnati State Admissions UX Design

Website Style Guide 2014

WHAT S NEW IN WEBSENSE TRITON RELEASE 7.8

Secure Web Gateway 11.5 Release Notes

McAfee. Firewall Enterprise. Application Note TrustedSource in McAfee. Firewall Enterprise. version and earlier

Managing Junk Mail. About the Junk Mail Filter

How To Integrate Hosted Security With Office 365 And Microsoft Mail Flow Security With Microsoft Security (Hes)

EVENT PLANNING MYTHBUSTER. Building Pre-event Engagement: How to Make an Invite

Elastic Detector on Amazon Web Services (AWS) User Guide v5

8 Ways Marketing Automation Can Expand Your Search Marketing Practice. 8 Ways Marketing Automation Can Expand Your Search Marketing Practice 1

Owner of the content within this article is Written by Marc Grote

Microsoft Exchange 2003

Policy Based Encryption Essentials. Administrator Guide

Threat Advisory: Accellion File Transfer Appliance Vulnerability

Setting up Microsoft Office 365

anomaly, thus reported to our central servers.

Using Security to Protect Against Phishing, Spam, and Targeted Attacks: Combining Features for Higher Education

Black-Red XML Template

Setting up Microsoft Office 365

How To Install & Use Metascan With Policy Patrol

WordPress Security Scan Configuration

Thesis Format Guidelines. Department of Curriculum and Instruction Purdue University

Cyberoam Perspective BFSI Security Guidelines. Overview

Configuration Information

Bottom line you must be compliant. It s the law. If you aren t compliant, you are leaving yourself open to fines, lawsuits and potentially closure.

Zscaler Internet Security Frequently Asked Questions

Trend Micro Hosted Security. Best Practice Guide

Why You Need to Test All Your Cloud, Mobile and Web Applications

Creator Coding Guidelines Toolbox

Secure Web Service - Hybrid. Policy Server Setup. Release Manual Version 1.01

IBM Security QRadar Vulnerability Manager Version User Guide

Features and Benefits Guide For Partners and their Customers

Desktop Publishing (DTP)

CONTENTS. 03 BRAND IDENTITY 04 Logo 06 Wordmark 07 Graphic Element 08 Logo Usage 13 Logo Elements

Overview. The following section serves as a guide in applying advertising to market the country at a national or international level.

Policy Based Encryption Z. Administrator Guide

INTRUSION DECEPTION CZYLI BAW SIĘ W CIUCIUBABKĘ Z NAMI

5/12/2011. Promoting Your Web Site and Search Engine Optimization. Roger Lipera. Interactive Media Center.

Unified Security Management and Open Threat Exchange

WINGS WEB SERVICE MODULE

.trustwave.com Updated October 9, 2007 TECHNICAL ASSISTANCE CENTER (TAC) SUPPORT GUIDE

ModusMail Software Instructions.

Introduction to Google Apps for Business Integration

Malicious Mitigation Strategy Guide

2.2.1 Malware Protection (Inbound)... 14

Secure Web Gateway 11.7 Upgrade Release Notes

Continuous Performance Testing

Acunetix Web Vulnerability Scanner. Getting Started. By Acunetix Ltd.

T E C H N I C A L S A L E S S O L U T I O N

Jive Connects for Openfire

SonicWALL Security Quick Start Guide. Version 4.6

Core Protection Suite

Comprehensive Malware Detection with SecurityCenter Continuous View and Nessus. February 3, 2015 (Revision 4)

TRADING PLAN. Lorem ipsum dolor

Best Practices Guide

Best Practice Settings

FAQ S: TRUSTWAVE TRUSTKEEPER PCI MANAGER

Windows Policies That Policy Check Verifies

Advanced Endpoint Protection Overview

Symantec Protection Suite Add-On for Hosted and Web Security

Tough Times. Tough Choices.

Managing Qualys Scanners

ENABLING FAST RESPONSES THREAT MONITORING

McAfee Endpoint Protection for SMB. You grow your business. We keep it secure.

Securing Outlook Web Access (OWA) 2013 with NetScaler AppFirewall

Services Deployment. Administrator Guide

Configuration Information

Retargeting Technology.

How To Allow and Block s using White or Black List

Secure and Effective IT Infrastructure

The Future of Ticketing: Solutions for Museums of All Sizes

Policy Based Encryption E. Administrator Guide

Policy Based Encryption E. Administrator Guide

Next Generation IPS and Reputation Services

Copyright 2011 Sophos Ltd. Copyright strictly reserved. These materials are not to be reproduced, either in whole or in part, without permissions.


Delegated Administration Quick Start

The purpose of this report is to educate our prospective clients about capabilities of Hackers Locked.

Symantec Hosted Mail Security Getting Started Guide

Internal Security Concepts Users Guide

Firewall Firewall August, 2003

Software Vulnerability Assessment

Transcription:

.trust TRUSTWAVE SEG BLENDED THREAT MODULE FAQ Table of Contents 1 What is a Blended Threat? 2 2 What is the Blended Threat Module? 2 3 How Does the BTM Work? 2 4 How Do I Enable the BTM? 3 4.1 SEG Cloud... 3 4.2 SEG Premises... 3 5 What URLs Does the BTM Rewrite and Check? 4 6 What Do End Users See? 5 7 Can I Bypass the BTM for Some Users or URLs? 7 7.1 SEG Cloud... 7 7.2 SEG Premises... 8 8 What Reporting on BTM is Available? 10 About Trustwave 11 Trustwave SEG Blended Threat Module FAQ - February 23, 2016 1

1 What is a Blended Threat? A Blended Threat is an attempt to compromise information security that uses multiple vectors. Blended Threat email messages are typically crafted so that they appear to be from a trusted sender. They contain links to a website hosting malicious code, or attempting to entice the user into providing personal information. Blended Threat emails are sometimes targeted to a specific individual or individuals. 2 What is the Blended Threat Module? The Trustwave SEG Blended Threat Module uses a number of validation methods, including real-time behavioral analysis and content inspection as well as information from a number of industry standard sources, to identify and block sites that serve suspicious or malicious code. Because validation is performed in real time by a cloud service when a link is clicked, it provides superior effectiveness in catching and neutralizing new exploits for all users on any device from any location. 3 How Does the BTM Work? The BTM functions as follows: 1. SEG scans email messages and rewrites URL links before delivering the email. 2. Clicking a link invokes the Trustwave Link Validator cloud service. 3. The Link Validator passes the URL to one or more validation services. 4. Depending on the results of validation, the Link Validator redirects the request to the original site, or blocks the request, as described below. 1 Lorem ipsum dolor sit amet, adipiscing elit, sed do eiusmod HTTP://www.example.com incididunt ut labore et dolore magna aliqua HTTP://www.example.com Lorem ipsum dolor sit amet, adipiscing elit, sed do eiusmod HTTP://scanmail.trustwave.com/?www.example.com incididunt ut labore et dolore HTTP://scanmail.trustwave.com/? www.example.com 2 3 4 HTTP:// scanmail.trustwave.com/?www.example.com Trustwave SEG Blended Threat Module FAQ - February 23, 2016 2

4 How Do I Enable the BTM? The BTM is implemented as a Rule Action in SEG. 4.1 SEG Cloud Customers who have purchased the Advanced Protection package see this Package in the Customer Console. The Package contains a single rule, which is enabled by default. The customer can choose to bypass scanning for some users, as described later in this document. 4.2 SEG Premises SEG Premises requires Web access from the Array Manager server. The required URLs are: https://mailmarshal.licensing.marshal.com (used to validate licensing for this feature) https://stats.scanmail.trustwave.com (used to retrieve information about URL rewriting activity from the cloud service) Trustwave SEG Blended Threat Module FAQ - February 23, 2016 3

SEG includes a default Policy Group (Blended Threats), and a Rule to enable the BTM. This rule is disabled by default because the BTM is separately licensed. To use the rule, simply enable it and then commit configuration. Customers who have not licensed this feature will not be able to enable this rule. Note: SEG Premises installations that were upgraded from version 6.9 or below do not include this default rule. The customer must create a rule using the action Rewrite URLs in the message for Blended Threat Scanning. This rule should be placed after anti-virus and spam blocking rules. 5 What URLs Does the BTM Rewrite and Check? The BTM attempts to rewrite any link or text in the body of an email message that might be clickable when the user reads the message. In HTML message bodies, the link location (href) is rewritten. In both HTML and plain text message bodies, text URLs are rewritten. The BTM does not rewrite links in attached files such as PDF or Office documents. The BTM does rewrite links in attached email messages. Links that may be rewritten include text that looks like a URL either with or without the protocol part like http:// as well as IPv4 and IPv6 addresses and obfuscated links. In SEG Premises only, the BTM also rewrites text links in the message subject. The BTM does not rewrite URLs of the customer s local domains (domains used for inbound email delivery), or private network IP addresses. Trustwave SEG Blended Threat Module FAQ - February 23, 2016 4

For full technical details of the types of links that are rewritten and excluded from rewriting, see Trustwave Knowledge Base article Q14548. 6 What Do End Users See? When a user opens a message, if the message is displayed in plain text all links will be visibly altered. HTML messages will not be visibly altered, but hovering over a link shows the rewritten URL. The URL of the Link Validator cloud service accessed by the email clients is: http://scanmail.trustwave.com/ When the user clicks a link, the URL is passed to the Trustwave Link Validator for evaluation. An information page displays briefly. Trustwave SEG Blended Threat Module FAQ - February 23, 2016 5

When a result is available it is reported. If the result is safe, the user is automatically redirected to the original URL. If the result is unsafe, a block page displays. In some cases a link with more specific information about the block source is included. If the validator cannot check the URL, the user will be informed and will be offered the opportunity to click through to the site without validation. This could occur if the BTM license of the customer company that originally rewrote the URL is expired the validator encounters an error accessing the site Trustwave SEG Blended Threat Module FAQ - February 23, 2016 6

7 Can I Bypass the BTM for Some Users or URLs? You can configure BTM to not rewrite some URLs, or not rewrite content for some users. Caution: Trustwave strongly recommends you do not bypass rewriting if at all possible. Trusted sites and busy executive users are among the highest risks for Blended Threats. 7.1 SEG Cloud To bypass BTM rewriting, configure User Matching on the Blended Threats Scanner Rule. You can choose to bypass rewriting for messages that are addressed to certain internal users, or from certain external addresses. For testing purposes only, you can choose only to rewrite messages addressed to, or from, specific addresses. For more information about User Matching, see Help for this page of the Customer Console. Trustwave SEG Blended Threat Module FAQ - February 23, 2016 7

7.2 SEG Premises To bypass BTM rewriting, you can add User Matching conditions to the Rewrite URLs for Blended Threat Scanning Rule. Trustwave SEG Blended Threat Module FAQ - February 23, 2016 8

You can also exclude specific domains from rewriting. In the SEG Configurator, navigate to Trustwave SEG Properties > Blended Threats. Trustwave SEG Blended Threat Module FAQ - February 23, 2016 9

8 What Reporting on BTM is Available? Statistics of URLS rewritten, safe clicks, and unsafe clicks display on the SEG Premises Console Dashboard and the SEG Cloud Customer Console Dashboard. Trustwave SEG Blended Threat Module FAQ - February 23, 2016 10

About Trustwave Trustwave helps businesses fight cybercrime, protect data and reduce security risk. With cloud and managed security services, integrated technologies and a team of security experts, ethical hackers and researchers, Trustwave enables businesses to transform the way they manage their information security and compliance programs. More than 2.7 million businesses are enrolled in the Trustwave TrustKeeper cloud platform, through which Trustwave delivers automated, efficient and cost-effective threat, vulnerability and compliance management. Trustwave is a privately held company, headquartered in Chicago, with customers in 96 countries. For more information about Trustwave, visit https://www.trustwave.com.

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information