Fireeye email security
Begin Self-Guided Tour
Cloud protection that identifies, analyzes and blocks email based attacks.
Detect and block advanced threats and spam
Rapidly adapt to the evolving threat landscape
To continue the Email Security Self-Guided Tour please fill out the following information
Access email threat information at a glance. Data collected from your organization is aggregated for you to analyze.
EXPLORE KEY FEATURES
Advanced Threats widget
EXPLORE ON YOUR OWN
Lists top sender IP addresses and number
of emails sent
Displays top recipients
Informs of top malware
Access malicious content
Sorts threat indicators (low, medium, high)
Lists top sender IP addresses
ETP Message ID
The Email Trace feature of ETP Cloud lets you search and filter through messages sent to your organization. To access the Email Trace module, click Email Trace in the top navigation bar. You can search for emails by:
Downstream MTA Queue ID
Original Message ID
Explore Next Page
Graphs threats, percentage of all accepted emails and trends, over a specified time period
Graphs spam count, percentage of all accepted emails and trends over the specified time interval
Advanced threat detection
Protects intellectual property
Detects impersonation attacks
Click the Advanced Threats link on the top navigation menu. This page allows you to search for alerts, determine if a malicious email is in quarantine, filter for specific email domains and status, view information about an individual alert and download the alert reports in CSV format.
Click the Alert ID to open the Message Details page. Examples of details include:
Displays alert date, status, domain name and more. Select a filter by clicking its respective dropdown menu. You can also select the Add More Filters link.
Malicious URL or attachment names
Originating email server that sent malicious email
Displays quarantined, released, deleted, dropped (OOB), delivered (retroactive) or dropped (OOB retroactive)
Malicious attachments or URLs with color-coded threat classifications
AT A GLANCE
Malicious URL or name of the malicious attachment file
The system retains information from the analysis on malware and end user system interaction. Reports for each alert include:
Displays header information such as email date and time receipt as well as email From, To, CC and Subject fields.
Specifies attachment file names or URLs, email status and server that sent malicious email.
Automated Analysis Report
Detected Malware Communications
Operating System Changes
Lists why an email was flagged as malicious (Policy Action - PA, Spam - S, Virus - V, and Advanced Threats - AT). See icons below for result types. Green indicates email was not considered malicious. Red indicates it was malicious. Gray indicates email analysis was not performed.
Releases a malicious email from the quarantine and delivers to recipient. Released email may contain LIVE malware. Proceed with caution.
You are prompted to confirm release. This option is only available to domains configured in Cloud AVAS and inline modes. Only emails received within the last 14 days can be released.
Downloads a text file of a malicious email.
DOWNLOAD CASE FILE
Downloads a password-protected zip file. Contains the malware case file, a copy of the malicious email, and the associated malware. Malware file is also contained in its own password-protected zip file.
Permanently deletes a malicious email from the quarantine. You will be prompted to confirm deletion.
This option is only available to domains configured in Cloud AVAS and inline modes. Only emails received within the last 14 days can be deleted.
AUTOMATED ANALYSIS REPORT
The Automated Analysis report includes an overview of the analysis that was performed by the system on the malware. Information such as the malware file type, vulnerable applications and operating systems, and whether the organization's current antivirus solution would have detected the malware is provided. This report also allows you to download the actual malicious file (Archived Malware) and any associated network activity packet captures (VM Captures).
The Detected Malware Communications report includes the analysis that was performed
by the system pertaining to any URL that the malware communicated with.
Information displayed in the report includes the HTTP method, host name, and port that were used to connect to the malicious site. It also includes a copy of the raw request
The Operating System Changes report includes the analysis that was performed by the
system on any operating system changes that occurred. Information displayed includes
services that were started or stopped, registry keys that were modified, and other system configuration changes that occurred.
Provides threat intelligence report including threat name risk level and type. Also details affected software, vulnerability information and remediation patches if available.
FireEye collects extensive threat intelligence on adversaries through firsthand breach investigations and millions of sensors. Email Security draws on this real evidence and contextual intelligence about attacks and attackers to prioritize alerts and block threats in real time.
EXPLORE NEXT PAGE
Releases a malicious email from the quarantine and delivers it to the recipient. The released email may contain LIVE malware. Proceed with caution. You will be prompted to confirm that you want to release the email. This option is only available to domains configured in Cloud AV/AS mode and inline mode. Only emails received within the last 14 days can be released.
The quarantine contains all email that was classified as either spam or malware by the system. You can search for quarantined emails based on various filters. The Quarantine page displays information about each quarantined email, including reason it was flagged as malicious.
If you select an email you can release a quarantined email if its spam
Intro copy needed
The Domains page provides an overview of the domains and domain groups that are being monitored by the system. Use it to create domain groups, and to manage the association of policies and quarantine report settings. rt notifications.
Use the Policies page to view, create, and manage the policies that will be applied to your domains.
Use the Quarantine Reports page to manage the quarantine report settings. You can select the type of malicious email that can be reported and schedule the reports.
Use the Portal Access page to manage the access to the portal. Specify network locations from which the admins can access the portal or the mail recipients can manage their quarantine. It also allows you to set a session idle timeout for the portal.
Use the Alert Notification page to configure users, in addition to administrators, who will receive alert notifications.
SEE HOW FIREEYE EMAIL SECURITY CAN WORK FOR YOU
START TOUR AGAIN
Cloud-based protection that identifies, analyzes, and blocks email attacks.
BOOK A LIVE DEMO
Test your current email solution with Cloud Email Threat Analysis.
Experience how Email Security Cloud Edition works within your environment, configured for your needs.
PROOF OF VALUE
To Schedule a Live Email Security Demo with a specialist please fill out the following information.