ATP-FAQs IKARUS mail.security

ATP stands for Advanced Threat Protection, an approach to information security that focuses on detecting and defending against advanced threats and attacks designed to evade traditional security measures such as malware scanners and firewalls.

In addition to the analysis methods of the IKARUS Malware Scan Engine according to signatures, content and behaviour, IKARUS mail.security with ATP uses the signatureless methods and sandboxes of various leading sandboxing providers.

All types of attachments are specifically scanned for hidden attacks and run on a test basis in conjunction with various combinations of operating systems and applications, including different web browsers and plug-ins such as Adobe Reader or Flash. In this way, attacks designed to circumvent classic security solutions can also be detected.

Only those data for which the IKARUS Malware Scan Engine does not come to a reliable conclusion are forwarded and re-analysed in parallel – these are in the per mille range of the total data volume.

As a rule, the analyses therefore run as quickly as usual and are hardly noticeable in terms of time. Depending on the scope of the ATP analysis, however, processing times of up to ten minutes can occur for individual elements.

The data that was detected as a threat in the ATP analysis is displayed. They appear in the email search with the marking “Infected (ATP)”.

The sandboxes of our technology partners are installed in the IKARUS Scan Center in Vienna. As a result, all data – only meta data, attachments or scripts are sent – remain in Austria.

The European and Austrian data protection laws (EU-DSGVO) apply. The sandboxes themselves are constantly updated by their manufacturers, but they are isolated so that they cannot connect to the outside world.