ATP engines
Function and Features
Standard Features Activated by Default
Sandbox engine
Attachments are executed in a variety of system environments and their behaviour analysed. If it turns out to be malware, a notification is sent. Protects against ransom-ware and blended attacks.
Emails that cannot immediately be clearly classified but look suspicious are retained for a short period by freezing. A further test is later performed with updated signatures. Protects against ransom-ware, blended attacks and phishing attacks.
URL scanning
A document (such as PDF, Microsoft Office) attached to an email may contain links. However, these cannot be replaced, as this would violate the integrity of the document. The Hornet Security URL scanning engine leaves the document in its original form and only checks the target of such links.
Additional Features Activated by EveryCloud Support

Targeted fraud forensics
The service is responsible for identifying and preventing spear phishing attacks that target mainly departments or single persons in the company having the authority to release any possible bank transfers.

The mechanism is only intended to cover a few decision-makers within the company. There will be no global check on the domain. Customer support will need a list of email addresses to be checked in to enable the service for you.

Targeted fraud forensics detects targeted personalized attacks without malware or links.

The following detection mechanisms are used for this:
• Intention recognition system: alerting about content patterns that indicate malicious intent
• Fraud attempt analysis: checks the authenticity and integrity of metadata and email content
• Identity spoofing recognition: detection and blocking of forged sender identities
• Spy-out detection: counter-espionage against attacks seeking to obtain information needing protection
• Feign facts identification: content analysis of messages based on provision of feigned facts
• Targeted attack detection: detection of targeted attacks on individuals
URL rewriting
URL Rewriting is responsible for testing URL's in incoming emails for any harmful content. To do so, the mechanism will rewrite any identifiable URLs in incoming emails in such a manner, that any URL opened from the email will be rerouted through our ATP filter, which acts as a web proxy and scans the content of the website before forwarding the user to the webpage.

Further information:
Ex post alerts (coming in 2018)
With ex-post alerts, your IT security team receives an automatic notification if an e-mail that has already been delivered is subsequently classified as harmful. You receive a detailed analysis of the attack so that you can take action immediately, such as checking systems or alerting your own employees. This permits rapid containment of a dangerous situation.