- Protects against zero day exploits by enforcing policy that only passes content that is known to be completely reliable and compliant with file format standards.
- Prevents information leaks by augmenting the “known good” checks with extensive clean/dirty word filtering capabilities.
- Conducts deep content inspection and analysis to uniquely verify that file formats are correct and that metadata and other “hidden” areas have not been exploited as carriers of information or new exploits.
- Detects, cleanses, removes, and stores malicious hidden content, viruses, and malware for forensic analysis.
- Interoperates with existing Cross Domain guards that provide SMTP filtering.
Click to enlarge
The XD Mail currently interfaces with the BAE DIIG Guard, but standard interface specification for incorporation with other guards is available per Tresys. Shipped package includes the following:
- 8 core 2U server processor with 96 GB of RAM provides optimum throughput
- All third-party licenses provided
- Tier three support included
- Administrator and engineering support training available
- Isolated environments · Uses SELinux and Tresys VM Fortress to positively isolate the "dirty" side of the application from the "clean" side where sanitized files are stored. Isolation ensures safe handling of virus and malware infected files and strong transactional separation.
- Adaptable filters · Provide state of the art identification of advanced malware and viruses and integrates new filters as other attacks are identified in the future. Filtering features include the following:
- Detect virus or malware infected files
- Clean and verify files are cleansed
- Remove unknown file types
- Remove steganography
- Analyze, remove, and cleanse embedded objects
- Remove or cleanse color or size obfuscated text
- Remove macros from documents
- Remove or cleanse metadata
- Remove unrecognized data
- Validate file formats
- Identification and cleansing hidden content
- File Types · XD Mail supports many file types, including the following:
- Word (.doc, .docx, .docm)
- Excel (.xls, .xlsx, .xlsm)
- PowerPoint® (.ppt, pptx, .pptm)
- ASCII text files (.txt)
- Portable Document Format (.pdf)
- BWT zip (.bz2)
- UNIX tar (.tar)
- Pkzip (.zip)
- GNU zip (.gz)
- Joint Photographic Experts Group (.jpg, .jpeg)
- Windows® Bitmap (.bmp)
- Tagged Image Format (.tif, .tiff)
- Windows® Metafile (.wmf)
- Windows® Enhanced Metafile (.emf)
- Graphics Interchange Format (.gif)
- Portable Network Graphics (.png)
Microsoft® Office (97-2007)
Text and Presentation Files
1. What does XD Mail (eMiST) do?
- Tresys XD Mail enforces a policy of permitting only known good content to pass through to a target mail transport agent (MTA – a network infrastructure component used to move mail between organizations). This policy of whitelisting is the best available defense against Zero Day exploits. XD Mail also provides blacklisting capabilities that enable protection against inappropriate exfiltration of information content that is not malware, but should not transition the boundary protected by the XD Mail system. XD Mail uses a complex stream of inspection and cleansing filters to process the files, protected within layers of SELinux security to protect the device itself from subversion.
2. How does XD Mail work?
- Tresys XD Mail works in tandem with other guards, and is typically deployed on both the incoming and outgoing sides of a domain guard. XD Mail is not a mail server, but an SMTP gateway that passes mail from one network connection to another. On receipt, the message is passed through a series of message decomposition modules and filters that execute the administratively selected policy options.
3. What happens to infected or unrecognized files identified by XD Mail?
- Files with unrecognized formats will be removed by XD Mail. A list of supported formats is include in the "Features" section. Recognized files that contain malicious code will be atomized, cleansed, and re-assembled for safe use.