ATP engines
Function and Features
 
Standard Features Activated by Default
 
Sandbox engine
Attachments are executed in a variety of system environments and their behaviour analysed. If it turns out to be malware, a notification is sent. Protects against ransom-ware and blended attacks.
Freezing
Emails that cannot immediately be clearly classified but look suspicious are retained for a short period by freezing. A further test is later performed with updated signatures. Protects against ransom-ware, blended attacks and phishing attacks.
URL scanning
A document (such as PDF, Microsoft Office) attached to an email may contain links. However, these cannot be replaced, as this would violate the integrity of the document. The Hornet Security URL scanning engine leaves the document in its original form and only checks the target of such links.
 
Additional Features Activated by EveryCloud Support

Targeted fraud forensics
Targeted fraud forensics detects targeted personalized attacks without malware or links. The following detection mechanisms are used for this:
• Intention recognition system: alerting about content patterns that indicate malicious intent
• Fraud attempt analysis: checks the authenticity and integrity of metadata and email content
• Identity spoofing recognition: detection and blocking of forged sender identities
• Spy-out detection: counter-espionage against attacks seeking to obtain information needing protection
• Feign facts identification: content analysis of messages based on provision of feigned facts
• Targeted attack detection: detection of targeted attacks on individuals
URL rewriting
The URL rewriting engine secures all Internet calls from emails via the Hornet Security web filter. In the process, the sandbox engine also analyses downloads.
Ex post alerts (coming in 2018)
If it later turns out that an already delivered email should have been considered as potentially harmful, the respective company’s IT security team is notified about the extent and possible countermeasures as soon as this is known. This permits rapid containment of a dangerous situation.