https://store-images.s-microsoft.com/image/apps.23290.740d42ed-b655-44a5-8553-b5f5ad45dbb2.481aaf87-7398-414c-8ceb-bb6cb9b675b5.77d36981-bf77-474d-aef8-6ff62b5c05e2
DISARM Content Security for Email
โดย SecuLetter
Just a moment, logging you in...
Secure your content in MS Exchange Online.
Secure your content in MS Exchange Online.
As with AV and NGAV, sandbox solutions struggle when faced with ever-more sophisticated threats. Sandboxes were made to run and “detonate” hidden malware in effort to detect it before it gets onto the users’ devices. However, modern malware has evolved to use numerous sandbox evasion techniques, such as multiple ways of delaying the initial malware execution, detecting whether the malware is running in a virtualized environment or hardware, checking for user interaction, unhooking from any detection tools, and many more. As a result, sandboxes consume a very long time trying to detect threats, have a very high failure rate, and therefore are no longer the magic bullet they were once considered to be.
Why DISARM?
DISARM takes any suspicious documents and detonates them inside its advanced Content Sandbox. The Disarm Content Sandbox is uniquely designed to handle documents as they are opened by different host applications. Unlike most sandbox solutions, the DISARM sandbox runs such host applications while monitoring each machine instruction execution in real-time, thereby detecting and thwarting any attempt of memory or registry corruption (e.g. change of ROP or EIP), persistency, process creation, virtual machine detection and evasion, and many other exploits before it can even execute. Thanks to this unique architecture, it is not necessary to wait and retrospectively look at what the sandbox environment looks like post-execution. Average scans are up to five times faster than those of legacy sandboxes. Moreover, real-time inspection at a machine-code instruction resolution allows to more effectively deal with sandbox evasion techniques and to deliver better accuracy with up to ten times lower false positives and negatives.
DISARM’s advanced CDR technology takes out any active content hidden inside documents, such as PDFs, Microsoft Office documents, and many other file types. Without relying on the traditional “blacklist” approach, CDR ensures that known or zero-day exploits are taken out of the reconstructed document.
Module 1. Content Analysis
Documents going into the DISARM service first go through advanced static and dynamic analysis and tested against a threat intelligence feed. Any known threats are likely to be caught and neutralized at this point.
Module 2. Content Disarm
DISARM can optionally apply its advanced Content Disarm and Reconstruction (CDR) technology, which instantly removes any active content hidden inside documents, such as PDFs or Microsoft Office documents, without relying on the traditional “blacklist” approach.
Module 3. Content Sandbox
DISARM takes any suspicious documents and “detonates” them inside its advanced Content Sandbox. The Disarm Content Sandbox is uniquely designed to handle documents as they are opened by different host applications, and to do so with the highest speed and accuracy.
Key Features "Empower your M365 Email Security"
- Receive Safe Email Attachments - Block malicious attachments such as PDF, JPG, Compressed file (with password), and all types of MS documents.
- Open Links with Confidence - Thoroughly scan all URLs in the email body and in attached files. Also analyze files downloaded through URLs.
- Eliminate Potential Threats - Proactively sanitize all active content within attached files such as JavaScript, macros, hyperlinks, etc. with remarkably high fidelity.
- Accurate but Fast - Maintain business consistency with DISARM's fast and accurate diagnostic performance.
- Get Statistic Report - Use DISARM's automatically generated report that provides complete insight into your organization's email flow.
- Be Alerted - Recipients need to know why some of their emails were blocked and who sent them.
For more information, please read the "DISARM White Paper" and the "DISARM Content Security for MS Exchange Online Manual".
If you need further discussion, please contact us at "global@seculetter.com".
สรุปย่อ
https://store-images.s-microsoft.com/image/apps.19010.740d42ed-b655-44a5-8553-b5f5ad45dbb2.481aaf87-7398-414c-8ceb-bb6cb9b675b5.944b87ca-d931-457c-9d8a-2b657e7e035f