ExchangeDefender: Corporate Encryption

ExchangeDefender Corporate Encryption

What do all the cloud storage products you have heard of have in common? None of them are built for business. Look no further, ExchangeDefender Corporate Encyrption is built with business in mind!

In business you need to know that your data is secure, you need to know where it is stored, how it is protected and you need the people you can count on to help you with backups, regulatory compliance, data leakage and access concerns.

ExchangeDefender Corporate Encryption provides an easy and seamless way for organizations of all sizes to implement content protection and comprehensive control over information being sent through email. Powered by ExchangeDefender, Corporate Encryption complies with the SOX, HIPAA, SEC and local government requirements for information encryption while providing powerful audit and policy wizards to meet organizations unique goals.



Product Highlights

  • Pattern Matching - Pattern-based encryption that can detect credit card numbers, social security numbers, dates of birth and other account-specific data
  • Lexicon Keyword Matching - Lexicon dictionaries can contain words and word patterns that can trigger encryption mechanisms and protect from data leakage
  • Corporate Encryption Mechanisms - Corporate encryption mechanisms can automatically encrypt messages or forward the contents to the administrator for the corporate review
  • Comprehensive Reporting - Comprehensive reporting of all email activity as well as a Compliance Officer (CO) reporting with search capabilities provide proof of regulatory compliance and simplify reporting

How It Works


Pattern-Based Encryption

ExchangeDefender Corporate Encryption can detect patterns inside of outbound email and attachments and categorize them as credit card numbers, social security numbers, dates of birth or other company-specific account numbers. Each pattern can be assigned an automatic action to be taken once the message with protected content is detected.


Lexicon Dictionaries

ExchangeDefender Corporate Encryption enables organizations to provide entire dictionaries of words that could indicate data leakage. For example, financial companies working in investments may want to intercept messages that contain words "Guaranteed Investment Returns" or "Insider Information" and assign an appropriate action to meet regulatory compliance.


Corporate Encryption Mechanisms

Pattern detection and lexicons provide only for the piece of the encryption puzzle - automating response to potential loss of corporate data is crucial to operational efficiency. Emails that contain sensitive information can be encrypted and sent to the recipient with the username and a password or can be simply emailed with a link to the encrypted message. For additional security, messages can also be forwarded transparently to the Corporate Compliance Officer (CO) who can review the message and then allow it to be sent or block it outright.


Comprehensive Reporting

ExchangeDefender Corporate Encryption delivers sophisticated reporting both on the activity of the users and the compliance officer. You can see at a glance which content is protected as well as which messages have triggered compliance and encryption activity. By reviewing this information you can be assured that any suspicious activity is quickly addressed and that you can respond to inquiries about your regulatory compliance on demand.


Encryption Terminology & Implementation

ExchangeDefender Corporate Encryption involves multiple systems to encrypt the message contents and notifications generated by the system.

Channel Encryption
ExchangeDefender uses SSL/TLS encryption of the SMTP communication between the client's email server and the ExchangeDefender network. All traffic is automatically encrypted using the same level of security that is used with online shopping, banking, etc.

Managed Web Encryption
ExchangeDefender web servers are encrypted using commercial SSL certificates. Client configuration, email review, message retrieval and all services provided through ExchangeDefender websites are automatically encrypted and cannot be accessed through a plain-text process that bypasses encryption.

Data Encryption
ExchangeDefender web servers, email servers, and routing hubs secure all client data through multiple layers of security including:

  • Complex account and login restrictions
  • Remote access restricted to ExchangeDefender NOC IP address space
  • All remote access sessions are recorded and authenticated
  • Administrators do not have access to client message data or configuration information


Pattern Matching, Processing Order, & Delivery Routing

ExchangeDefender Corporate Encryption message scanning is implemented in the following order:

  1. Check email subject for on demand encryption keywords [ENCRYPT] or [CLEARENCRYPT]
  2. Check for keywords or strings
  3. Check for text & number patterns (account numbers, date of birth)
  4. Check for Social Security Number patterns
  5. Check for Credit Card numbers

To improve processing performance and reduce delivery delays, because every single message has to be scanned for potentially sensitive information, ExchangeDefender will encrypt the message using the first pattern it encounters.

If no sensitive information is found in the email, the routing and delivery take place.

If sensitive information is found in the message, the system can take multiple actions as defined initially by the client and the Service Provider.

  • Deliver Encrypted Message - Message will be stored on the ExchangeDefender network and the recipient will be notified via email that they have received an encrypted message. The recipient will be provided a secure link to access the ExchangeDefender system, enroll in the service or login to retrieve the message.

  • Deliver Clear Encrypted Message - Message will be stored on the ExchangeDefender network and the recipient will be notified via email that they have received an encrypted message. Recipient will be provided a secure link to access the ExchangeDefender system which will present the message.

  • Alert Administrator - Message will be stored on the ExchangeDefender network and the administrator will be notified via email that a message containing sensitive information has been intercepted. The administrator will be provided a secure link to access the ExchangeDefender system where they can review the message, destroy the message, send the message as plain text, return the message to the sender, and deliver the message as Encrypted or ClearEncrypted.

ExchangeDefender web service is encrypted and message processing of encryption notifications typically takes about one (1) minute.


Recipient Experience

ExchangeDefender Corporate Encryption provides two types of reciepient experiences that can be controlled by the client as business requirements dictate.

  • Encrypt - Encryption provides for the best level of message protection because it established authentication on top of encryption that cannot be bypassed by the administrator or man-in-the-middle attacks. When a recipient received the first encrypted message from ExchangeDefender they are prompted to enroll in the service and provide their name, address, password, and PIN. While the recipient can always retrieve their password reminder, their 4-digit PIN can never be reset. This assures that only the recipient can retrieve the message.

  • ClearEncrypt - Encryption provides for the casual level of encryption that technically never transfers message contents via plain text. The recipient is not required to enroll, provide a password, PIN, or other information.

For the ultimate level of protection, ExchangeDefender recommends using Encrypt as the protocol to deliver the message. It assures that the message is only seen by the intended recipient and it cannot be compromised by a hacker or a virus or hacked firewall that may be able to steal information from the recipient's PC. If the information being transferred is sensitive, it should be protected.

For practical purposes, ExchangeDefender provides ClearEncrypt as the protocol to deliver messages that do not need the ultimate level of security. Some large organizations also may have employee contracts or corporate policies in place that prohibit employees from providing any personal information to third party websites (such as signing up for services, etc.) While the message transferred through ClearEncrypt is encrypted throughout the process and is never seen in plain text, the link in the email can be accessed by anyone who has access to the recipient's mailbox. For example, if the recipient has their email automatically downloaded to their smartphone or tablet or laptop and those devices are compromised or lost, third parties may be able to retrieve the message.