This article applies to:

• MailMarshal SMTP 2006
• MailMarshal SMTP 6.X

Questions:

• What is Zero Day Protection and how does it work?
• How often does Marshal publish Zero Day Updates?
• What kinds of threats does Zero Day secure me against?
• How do I activate Zero Day Protection?

FAQ:

What is Zero Day Protection and how does it work?

The Zero Day Protection Framework is a system that allows Marshal to reinforce your MailMarshal SMTP server against potential security threats. MailMarshal SMTP is an intelligent security solution that is regularly maintained and updated by Marshal. Most of the time, MailMarshal SMTP is able to detect and manage new threats without any special treatment. However, on occasion there can be a new security issue that MailMarshal SMTP cannot respond to without more information.

The Zero Day Protection Framework is a safety net that allows Marshal to quickly update your MailMarshal SMTP server for you against this latest security concern. It provides you with peace of mind so that when you are at home asleep, or away from the office, we can secure your MailMarshal SMTP server for you until you are back in the office.

To take advantage of the Zero Day Protection Framework, in most cases you can simply enable the Zero Day rule on your MailMarshal SMTP server. Also see later in this article.

How often does Marshal publish Zero Day Updates?

Updates are published as required. There is a perception that Zero Day updates need to be issued every day or even every hour to protect your organization from malicious content. This is not the case with MailMarshal SMTP. MailMarshal SMTP is an intelligent, policy-based solution that can assess messages and threats on-the-fly. Unlike other products on the market that require constant updates to detect the latest threats, MailMarshal SMTP detects emerging threats automatically, based on the complex set of heuristics that Marshal publishes regularly.

On occasion, a new threat may emerge that MailMarshal SMTP does not identify. When this happens, the Marshal TRACE Team responds to the threat by publishing a Zero Day update to secure your MailMarshal SMTP server. After the threat has passed, the TRACE team issues its normal, scheduled update and removes the Zero Day Alert content. If you have Zero Day rules enabled, this process is totally transparent and you don’t need to do anything; the TRACE team and MailMarshal SMTP does it all for you.

What kinds of threats does Zero Day secure me against?

Zero Day Alerts are focused on significant email threats and issues including viruses, malware, large spam outbreaks, phishing, and known exploits.

How do I activate Zero Day Protection?

By default in MailMarshal versions 6.1 and later there are Zero Day Protection rules in the ‘Virus and Threats’ and ‘Spam & Junk Mail’ Rulesets. Simply enable these rules.  If you do not have these rules present, you can create one by using the category script ‘Zero Day Threats’ or Zero Day Spam’.  The rule should look something like this.

Standard Rule: Block Threats - Zero Day Protection Framework

When a message arrives
Where message is outgoing
Where message is categorized as 'Zero Day Threats'
And move the message to 'Virus Suspected'

 

Note: The required category script XML files called KnownThreatsZeroDay.xml and SpamZeroDay.xml should be located in the MailMarshal\Config directory.  If you do not have these files please contact Marshal Technical Support.