Trustwave and Cybereason Merge to Form Global MDR Powerhouse for Unparalleled Cybersecurity Value. Learn More

Request a Demo
Trustwave and Cybereason Merge to Form Global MDR Powerhouse for Unparalleled Cybersecurity Value. Learn More

Request a Demo
Services
Managed Detection & Response

Eliminate active threats with 24/7 threat detection, investigation, and response.

Co-Managed SOC (SIEM)

Maximize your SIEM investment, stop alert fatigue, and enhance your team with hybrid security operations support.

Advisory & Diagnostics

Advance your cybersecurity program and get expert guidance where you need it most.

Penetration Testing

Test your physical locations and IT infrastructure to shore up weaknesses before exploitation.

Database Security

Prevent unauthorized access and exceed compliance requirements.

Email Security

Stop email threats others miss and secure your organization against the #1 ransomware attack vector.

Digital Forensics & Incident Response

Prepare for the inevitable with 24/7 global breach response in-region and available on-site.

Firewall & Technology Management

Mitigate risk of a cyberattack with 24/7 incident and health monitoring and the latest threat intelligence.

View All Trustwave Services
Solutions
BY INDUSTRY
BY REGULATION
BY TOPIC
Microsoft Security
Unlock the full power of Microsoft Security
Offensive Security
Solutions to maximize your security ROI
Rapidly Secure New Environments
Security for rapid response situations
Securing the Cloud
Safely navigate and stay protected
Securing the IoT Landscape
Test, monitor and secure network objects
Why Trustwave
About Us
We reduce cyber risk and fortify organizations
Awards and Accolades
Recognition by analysts and media outlets
Trustwave SpiderLabs Team
Global researchers, ethical hackers, and responders
Trustwave Fusion Security Operations Platform
Unprecedented security visibility and control
Trustwave Security Colony
Access to cybersecurity threat protection resources
Partners
Technology Alliance Partners
Key alliances who align and support our ecosystem of security offerings
Trustwave PartnerOne Program
Join forces with Trustwave to protect against the most advance cybersecurity threats
Register
Login
Resources
BLOGS
UPCOMING
MEDIA & ASSETS
NOTICES
HELP
Loading...
Loading...

Trustwave Knowledge Base

Home » Knowledgebase » Trustwave MailMarshal (SEG) » FAQ: Known Threats or Zero Day Protection

FAQ: Known Threats or Zero Day Protection

Expand / Collapse
Show/Hide Article Tools


This article applies to:

  • Trustwave MailMarshal (SEG)
  • Trustwave ECM/MailMarshal Exchange 7.X

Questions:

  • What is Known Threat/Zero Day Protection and how does it work?
  • How often does Trustwave publish Known Threat Updates?
  • What kinds of threats does Known Threat secure me against?
  • How do I activate Known Threat Protection?

FAQ:

What is Known Threats Protection and how does it work?

  • Note: The display name of this functionality changed for new installations of SEG at version 7.5. It is now known as "Known Threats" to more accurately reflect the current functionality. Upgraded installations and previous versions use the name "Zero Day Threats".

The Known Threats Framework is a system that allows Trustwave to reinforce your SEG/MailMarshal SMTP or MailMarshal Exchange server against potential security threats.

With SEG/MailMarshal SMTP, this function supplements SpamCensor updates to help prevent spam and malware attacks from external sources

With MailMarshal Exchange 7.X, Zero Day updates are provided to help prevent the spread of malware through internal email.

The Known Threats Protection Framework is a safety net that allows Trustwave to quickly update your MailMarshal server for you against the latest security concerns. It provides you with peace of mind so that when you are at home asleep, or away from the office, we can secure your MailMarshal server for you until you are back in the office.

To take advantage of the Known Threats Protection Framework, ensure that automatic updates are enabled. Then, in most cases you can simply enable the Known Threats rule on your MailMarshal SMTP server. Also see later in this article.

How often does Trustwave publish Known Threats Updates?

Updates are published as required. There is a perception that updates need to be issued every day or even every hour to protect your organization from malicious content. This is not the case with MailMarshal. MailMarshal is an intelligent, policy-based solution that can assess messages and threats on-the-fly. Unlike other products on the market that require constant updates to detect the latest threats, MailMarshal detects many emerging threats automatically.

What kinds of threats does Known Threats secure me against?

Known Threats functionality is focused on significant email threats and issues including viruses, malware, large spam outbreaks, phishing, and known exploits.

How do I activate Known Threats Protection?

By default in MailMarshal Exchange 7.X and SEG/MailMarshal SMTP versions 6.1 and later, there are Known Threats or Zero Day Protection rules in the Anti-Malware or Virus policy groups. Simply enable these rules.  If you do not have these rules present, you can create one by using the category script 'Known Threats'.  The rule should look something like this.

Content Analysis Rule: Block Malware - Known Threats

When a message arrives
Where message is outgoing
Where message is categorized as 'Known Threats'
And move the message to 'Malware Suspected'

  • Note: The required category script XML file called KnownThreatsZeroDay.xml should be located in the \Config directory within your MailMarshal installation.  If you do not have this file please contact Trustwave Technical Support.

To contact Trustwave about this article or to request support:

Rate this Article:
     

Add Your Comments


Comment submission is disabled for anonymous users.
Please send feedback to Trustwave Technical Support or the Webmaster.


Execution: 0.031. 8 queries. Compression Disabled.
Powered by InstantKB.NET