Overview of Threat Defense Connector
The Threat Defense Connector client connects the Secure Email Gateway with the Secure Email Threat Defense to scan messages for Advanced Phishing and Spoofing. The ability to perform cloud-based advanced threat scanning helps an organization to:
-
Get an advanced phishing and spoofing solution, and
-
Avail security solutions to ever-changing phishing problems much faster than ever before.
When you configure the Threat Defense Connector, the Secure Email Gateway sends a copy of the actual message as an attachment to the Threat Defense portal’s message intake address in journaled format.
Once a message is scanned by all the scanning engines in the Secure Email Gateway and the message is safe to be delivered, the message is duplicated. A copy of the message is queued to be sent as an attachment in RFC 822 format to the Secure Email Threat Defense for advanced scanning. The original message gets delivered to the original recipient.
Email Gateway sends emails that are meant for advanced threat scanning over the standard SMTP interface using a minimum of TLS 1.2 as required on the Secure Email Threat Defense for the SMTP conversation. Threat Defense scans the messages and appropriate remediation action is taken on the message originally delivered to the user mailbox.
Note |
Advanced threat scanning using Threat Defense Connector is applicable only for incoming messages. |