Monitoring

E-Mail security requires a contineous adjustment of policy rules depending on newly emerging security threats

SMTP-Watch

The operation of E-Mail servers requires constant monitoring. For this we primarily deploy established open source tools.

Furthermore E-Mail servers or rather E-Mail chains ideally can be monitored with real E-Mails from the internet answered by an auto-reply.

From this data we create a protocol of the service availability and measure the response times of the gateways.

In addition we test the TLS-negotiation as well as check for a correct configuration of the E-Mail server (SPF, DKIM and reverse DNS).

We also check whether the monitored systems are listed on blacklists.

Siem

By monitoring the operating data a baseline can be determined fascilitating easy detection of deviations from the norm.

This monitoring generally is performed by a central log-server which triggers alarms for predefined events.

Also with this monitoring important operating parameters for the E-Mail policy can be determined which are used in dynamic content rules.

Besides E-Mail data especially DNS data are excellent for security analysis due to their manageable volume.

We employ graphical interactive real-time reports which can be individually configured for all data sources.

Historical DNS-queries (passive-DNS data) are an important data source for the evaluation of URLs.