2nd Update on Email Security

The Trend Micro Hosted Email Security (HES) product was successfully implemented on Thursday, 19th July 2018 around 10am. The issues with the implementation were discussed in the previous update and a full lessons-learned exercise has been conducted the inform future deployments.

The solution has been operational for 26 days without any known service interruptions. In the period of 19th July 2018 10am to 14th August 2018 10am, the system scanned 292,818 (+179,784) email messages for 529 (+11) email addresses. Out of these 206,357 (+129,726) messages were blocked due to malicious content and 86,443 (50,040) messages were delivered:

  • 31,483 clean messages
  • 22,644 bulk newsletters (graymail)
  • 7,999 potential spam
  • 12,560 failed domain-based authentication
  • 11,384 low URL (web) reputation
  • 63 potential business email compromise attempts
  • 89 potential malware
  • 19 potential phishing
  • 23 potential advanced persistent threats
  • 179 other potential threats
HES statistics 19/07-14/08/2018

There was one support request to OxCERT from a colleague, which was not related to the email security product. As the team knew the solution the problem and helped the individual to identify the correct team to liaise with. OxCERT is not aware of any email security related support requests to the IT Services Service Desks. There were no reported issues from the Nexus team and Nexus365 project team.

Next steps

  1. Modify the email gateway filter policy to add a text (stamp) to the message body of messages that are
    • cleaned from potential malware (e.g. the removal of a malicious attachment),
    • have an attachment removed due to file name extension blacklisting, or
    • identified as potential business email compromises (BEC).
  2. Schedule a survey with IT Services staff to obtain feedback on the pilot.
  3. Plan the implemenation of Trend Micro Cloud Application Security for the Information Security Team and IT Services.
  4. Prepare the extension of the pilot of Hosted Email Security to four additional email domains covering a wide range of departments and potentially a college.
List of site pages