Views:

Deep Discovery Email Inspector uses customized Linux kernel and remove unnecessary tools/software/command to secure the environment.

  • QA security testing
    • CSRF/XSS/Command injection/RBAC/Audit Log
  • Web & System vulnerability scan by InfoSec team
    • All high risky issues have been fixed.
  • Source code static scan by Fortify
    • Static code scan by Coverity and Fortify to discover both security and software bugs
  • Black Duck scan for known CVEs and security bugs
    • Every known CVEs or security bugs are carefully reviewed and their impacts to the system and applications are fully assessed
  • PIE/SSP compliant scan
    • PIE compliant ratio: 100%
    • SSP compliant ratio: 100%

Deep Discovery Email Inspector provides token based SSH login to ensure that root account can only be accessed by authorized user.

According to TrendAI™ security policy, when Deep Discovery Email Inspector receives a CVE or ZDI vulnerability report, Deep Discovery Email Inspector will do CVSS evaluation. If the vulnerability has impacted Deep Discovery Email Inspector, Deep Discovery Email Inspector will release a critical patch or resolve it in next major release.

Deep Discovery Email Inspector grants access to the management console by user accounts. The built-in administrator account can create both local account and account from AD if integrated with AD. To access the management console, each user account requires a logon password.

The management console accepts passwords that contain the following:

  • 8 to 32 characters
  • At least one upper case letter: A to Z
  • At least one lower case letteR: a to z
  • At least one number: 0 to 9
  • At least one special character: ~!`@#$%^&*()/_+=[] {}-\|<>',.?:;"

Observe the following guidelines for creating a strong password:

  • Avoid words found in the dictionary.
  • Intentionally misspell words.
  • Use phrases or combine words.
  • Use both uppercase and lowercase letters.
  • Account Role

TrendAI™ recommends each customer to change the default administrator’s password.

Deep Discovery Email Inspector has three kinds of account roles: Administrator, Investigator and Operator.

The Administrator has complete access to the features and settings contained in the menu items.

  • Dashboard
  • Detections
  • Policies
  • Alerts / Reports
  • Logs
  • Administration
  • Help

The Investigator can view certain features and settings contained in the menu items, but cannot make any administrative modifications.

  • Dashboard
  • Detections
  • Alerts / Reports > Reports > Generated Reports
  • Alerts / Reports > Alerts > Triggered Alerts
  • Logs
  • Help

The Operator can view certain features and settings contained in the menu items, but cannot make any administrative modifications.

  • Dashboard
  • Detections (no access to message body)
  • Alerts / Reports > Reports > Generated Reports
  • Alerts / Reports > Alerts > Triggered Alerts
  • Logs
  • Help

Deep Discovery Email Inspector accesses several TrendAI™ services to obtain information about emerging threats and to manage your existing TrendAI™ products. For more information, refer to Appendices of the Deep Discovery Email Inspector Administration Guide (Appendix D > Connections and Ports).

 

Deep Discovery Email Inspector can export a backup file of most configuration settings to an encrypted file. If needed, import this file to restore settings.

Deep Discovery Email Inspector can be reset by restoring it to factory default settings.

The following settings can be backed up and restore from the backup file:

  • Screen
  • Tab
  • Dashboard
    • Settings for all widgets only
  • Policies > Policy Management
    • Policy List
    • Content Filtering Rules
    • DLP Rules
    • Antispam Rules
    • Threat Protection Rules
  • Policies > Policy Objects
    • Notifications
    • Message Tags
    • Redirect Pages
    • Archive Servers
    • Data Identifiers
    • DLP Templates
  • Policies > Exceptions
    • Messages
    • Objects (local object exceptions only)
    • URL Keywords
    • Graymail Exceptions
  • Alerts / Reports > Alerts
    • Rules
  • Alerts / Reports > Reports
    • Schedules
  • Administration > Component Updates
    • Schedule
    • Source
  • Administration > System Settings
    • Operation Mode
    • Proxy
    • SMTP
    • Time (date and time format and NTP server settings only)
    • SNMP
  • Administration > Mail Settings
    • Connections
    • Message Delivery
    • Limits and Exceptions
    • SMTP Greeting
    • Edge MTA Relay Servers
  • Administration > Integrated Products/Services
    • Syslog
    • Microsoft Active Directory
    • SFTP
  • Administration > Scanning / Analysis
    • Settings (Submission Filters and Timeout
    • Setting sections only)
    • File Passwords
    • Smart Protection
    • Smart Feedback
    • YARA Rules
    • Time-of-Click Protection
    • Business Email Compromise Protection
    • URL Scanning
  • Administration > Sender Filtering/Authentication
    • Approved Senders
    • Blocked Senders
    • DHA Protection
    • Email Reputation
    • Bounce Attack Protection
    • SMTP Traffic Throttling
    • SPF
    • DKIM Authentication
    • DKIM Signatures
    • DMARC
  • Administration > End-User Quarantine
    • User Quarantine Access
    • EUQ Digest

  • Administration > System Maintenance

    • Storage Maintenance

  • Administration > Accounts / Contacts

    • Accounts
    • Contacts

  • DDEI 7100/7200/9100/9200: Raid 1 configuration
Keywords: TrendAI Deep Discovery Email Inspector hardening,DDEI security features,DDEI role-based access control,token-based SSH root access,DDEI vulnerability management