ePrism Email Security FAQ

Q. You say ePrism has multi-layered defense, what does that mean?

A: ePrism email filtering is multi-layered meaning Incoming email must pass through successive layers of SMTP session level defenses, content analysis, virus detection, sender profiling, and other filtering before reaching the recipient's email inbox. Each defensive layer removes a specific category of threat, resulting in our industry-leading rate for blocking unsafe emails.


Q. What is Zero Minute Defense?

A: Spammers and hackers are always inventing new ways to circumvent existing filters. In order to combat the ever-changing nature of these attacks, we've developed ePrism's Zero Minute Defense Network. Real-time knowledge gathered from this worldwide sensor network is used to create new detection and protection rules, which are then sent out as updates on a continuous basis. The speed of rule execution combined with the volume of rules we apply distinguishes ePrism technology in the industry.


Q. What is ePrism adaptive threat detection?

A: ePrism not only protects your email, it also protects your network because it stops threats such as Denial of Service and Directory Harvest attacks (DHA) at the perimeter. ePrism technology uses grey listing and merit-based reputation analysis of IP addresses, senders, and recipients to identify and thwart dangerous email attacks and block spam campaigns before they can get near your internal servers.


Q. How does ePrism us behavior analysis?

A: Our behavior-analysis system observes inbound and outbound network traffic to spot unusual behavior patterns. Any suspicious behavior is then reported to our Security Operations Center, which implements appropriate response techniques to throttle, monitor, or intercept the behavior across all ePrism protected email systems. 


Q. What is sender reputation scoring?

A: ePrism creates a merit-based reputation score for each email sender based on both sender history and message characteristics. When determining a sender's reputation score we evaluate factors such as whether or not the sender has previously sent email, how much of that mail was received, an analysis of the sender's email history, and a behavioral analysis of whether that sender's email behaves like spam. We then uses this real-time reputation score to regulate email from each sender. In many cases, ePrism can block the majority of spam or other undesirable email based on sender reputation data.


Q. What is ePrism DNA Analysis?

A: ePrism's proprietary email DNA analysis technology identifies unique characteristics of email that indicate spam, phishing schemes, and other forms of dangerous or objectionable content and checks them against the email DNA database to remove problem emails. This system provides greater accuracy than traditional techniques such as heuristics and Bayesian-based spam filters.


Q. How does ePrism Email Filtering avoid false positives?

A: ePrism technology allows us to correctly identify spam and also correctly identify legitimate emails to make sure you don't miss an important email because it gets blocked or wrongly placed in your junk folder. Before any new rule or filter is deployed it is regression tested against a constantly evolving set of �good email' to make sure that it does not create even a single false-positive. As a result, our false-positive rate leads the industry at less than 1 in 190,000.


Q. What is multi-pass virus and malware protection?

A: In order to provide the best possible protection from email-borne viruses, we use multiple anti-virus engines to detect and remove viruses, spyware, trojans, or other malware from your email. In addition, Red Condor's Zero-Hour Defense system continuously scans for new and emerging virus strains and other malware.


Q. How does ePrism protect against spam that uses images?

A: ePrism has an advanced image filtering technology that includes both comprehensive image analysis as well as dynamic feedback of the message content. We filter both externally-linked images and attached images, and use sophisticated techniques such as color filtering, de-speckling, scanning of individual frames in GIF animations, pixel pattern filtering, and text image filtering to makes sure this type of spam is detected and blocked. 


Q. Does ePrism have protection against botnets?

A: Because ePrism includes inspection of both inbound and outbound traffic, it is able to block botnet attempts on the inbound mail stream and also prevent any bots that may be hiding in your network from contacting their command and control centers via outbound email. Once an attempt is blocked, ePrism notifies your administrator so that the infected computers can be cleaned.


Q. Why does ePrism spool email for up to 160 hours?

A: When protected by a traditional hosted antispam service, a crash of an email server can be a major problem because you face the possibility of losing your business-critical email. With ePrism, if one of your email servers goes down, your email is stored for up to 160 hours � usually enough time to assure that your server is brought back online. 


Q. What does the Security Operations Center do?

A: ePrism technology, services, and products are all supported by our 24x7 Security Operations Center (SOC) that constantly monitors all network activity to search for new email threats. The Security Operations Center gathers and consolidates data from a global threat assessment network, behavior-analysis system, and adaptive threat detection at the perimeter. Our system is designed to include human analysis so that accurate and immediate mitigation of threats is ongoing. 


Q. What kind of technical support do you offer?

A: EdgeWave provides 24x7 technical service and support for our ePrism hosted services with security analysts and networking experts monitoring email threats around the clock and proactively take action to ensure service continuity for all ePrism protected domains and email users.