7.15. RTMD Email¶
RTMD Email is a service that detects unauthorized malware intrusions via Email, makes unknown threats and latent risks visible, and reports them. Principally, it provides a file analysis feature.
It not only performs signature-based analysis on the Customer traffic that passes through vFirewall/Integrated Network Appliance by mirroring it, but also it actually reproduces suspicious traffic in the RTMD Email virtual environment, and analyzes malware dynamically.
Note
- You can use one RTMD Email for every Data Center.
Important
- The following specification is Japan DC version. For specification of other Data Centers, please contact each NTT Communications affiliate.
7.15.1. Available Features¶
You can use the following features with RTMD Email.
| Feature | Overview |
| File Analysis Feature | A feature that inspects attachments to emails (SMTP communication) and URL links and analyzes the content suspected of containing malware and determines whether it is malware inside the virtual environment. |
7.15.2. File Analysis Feature¶
It mirrors the customer traffic that passes through the vFirewall/Integrated Network Appliance, and detects suspicious files attached to email and URL links to fraudulent sites.
The attachments are actually reproduced in the RTMD Email virtual environment. The content of changes generated inside the virtual environment (such as file opening, closing, creating, changing and deleting, registry changes, and API and addresses that are called) is recorded. Whether it is malware or not is determined by those results.
By installing operating systems (OS), Web browsers and Microsoft Office in the Malware Detection (Email) virtual environment, you can reproduce the attacks aimed at the vulnerabilities of each application, and detect malware.
The malware assessment results and the results of detection of URL links to fraudulent sites are provided in daily and monthly reports. You can download the reports from the security Web portal as password-protected ZIP files.
Note that the date when downloading can start depends on the report type.
| Report Type | Details | Date when downloading can start |
| Daily report | One day’s worth of assessment results from the file analysis feature | From the afternoon of the day after the report target date. |
| Monthly report | One month’s worth of assessment results from the file analysis feature | From 11 business days into the month following the report target month |
Note
- You can set a password for the ZIP files in advance.
The traffic volume that can be analyzed by RTMD Email is shown below.
| Item | Performance (maximum value) |
| Number of emails | 150,000 emails/day (6,250 emails per hour) |
| Number of email accounts | 100 email accounts |
7.15.3. Important Points¶
- The following files are not targeted for analysis.
- Encrypted files
- Files set with passwords
- Analysis may be omitted when the device throughput limit is exceeded.
- RTMD Email cannot always be provided because it is to be inserted into the target communication route. Thus network design consideration before application is required.
- The devices that make up RTMD Email are provided in a single configuration. If the devices fail, you cannot use the RTMD Email feature. Note that there will be no effect on your usual communication.
- RTMD Email does not guarantee that the RTMD Email feature has integrity or accuracy, or is suitable for your use. Furthermore, the suitability of the signatures (algorithms that assess the degree of danger and malware) provided by the developers or distributors of the devices making up the RTMD Email feature is not guaranteed.
- The following information might be provided to the developers or distributors of the devices making up the RTMD Email feature.
- Configuration information obtained from providing RTMD Email
- Configuration information obtained from RTMD Email detection, etc.
- We cannot guarantee recovery from failures that might occur due to incompatibility between the Real Time Malware Detection (Email) and your environment, or failures that occur due to your operations other than those specified by NTT Communications.
- There may be times when the customer’s environment is affected by maintenance services. An advance notice will be sent when there are possible effects to the customer’s environment. This is not applied when we judge the maintenance work urgent to continue service.