New in version 8.5

Release Notes | Forcepoint Email Security | Version 8.5 | Updated: 28-Feb-2018


Applies To:	Forcepoint Email Security v8.5

Forcepoint Email Security version 8.5 includes the following new features:

Message Log search enhancements

Personal Email Manager General Settings

SIEM logging customization

URL neutralization

Cloud MTA IP Groups

Other changes and enhancements

Message Log search enhancements

This version of Forcepoint Email Security offers enhanced search options for finding content in the Message Log. New options include the capacity to search on up to 10 filters. Further enhancements to the Advanced Options have added new sorting conditions for Message Log searches. Viewing of the Message Log has additionally been improved, with sortable and resizable columns.

The search filter functionality is used to narrow the search by filtering results by criteria such as Subject, Spam Score, Recipient Address, or Appliance. Each filter type includes conditions such as Contains, Starts with, or Does not equal. The relationship between filters is "and", which allows the search to be greatly refined.

The Advanced Options functionality is used to further refine the search by direction (such as Inbound or Outbound), by analysis result (such as SMTP Authentication Fail or RBL), and by message status (such as Delivered or Rejected).

The Message Log is accessed on the Message tab of the page Main > Status > Logs. See Forcepoint Email Security Administrator Help for information about the Message Log.

Personal Email Manager General Settings

A new General Settings page was added to the Forcepoint Security Manager to configure both the end-user portal and Personal Email Manager notification messages. Configuration settings on the General Settings page include:

End-user action auditing

Sender options

Quarantine message queue display

Quarantine message delivery

The addition of Sender Options enables administrators to configure whether the Envelope Sender address or the From address in incoming messages is displayed in the Sender column of the end-user portal, Personal Email Manager notification messages, and Always Block and Always Permit lists.

For configuration information, see Forcepoint Email Security Administrator Help.

SIEM logging customization

Forcepoint Email Security version 8.5 adds additional support for Security Information Event Management (SIEM) logging. This support includes the capacity to send console and audit logs to SIEM, and to utilize SIEM formatting compatible with QRadar (LEEF) and Splunk (key-value pairs).

Enabling SIEM integration in Forcepoint Email Security allows log data to be saved to the SIEM server using several predefined formats: syslog/common event format (CEF) (for ArcSight), syslog/key-value pairs (Splunk), and syslog long event extended format (LEEF) QRadar). Custom formats can additionally be defined.

Forcepoint Email Security can now save the following logs to the SIEM server: Policy, Connection, Message, Delivery, Hybrid, Audit, and Console.

For configuration information, see Forcepoint Email Security Administrator Help and SIEM: Email Logs.

URL neutralization

URL analysis compares a URL embedded in email with a database of categorized URLs, providing category information to allow Forcepoint Email Security to properly handle the URL. This version of Forcepoint Email Security includes new settings for URL analysis that allow potentially malicious URLs classified by the filter to be removed or modified for neutralization.

The default action for when a message triggers the URL analysis filter is to drop the message and save it to the spam queue, where it may be released and delivered by a Personal Email Manager user. As a result, a message that contains a malicious link may be delivered to an inbox in the network.

New URL analysis policy rules can be configured to detect and contain URLs triggering the filter so that they cannot be released by a Personal Email Manager end user. Options in version 8.5 include modifying any URLs detected by the filter as follows:

Remove URLs from message subject and body

Neutralize URLs by rewriting the scheme and bracketing the last dot of the URL domain

This changes a malicious URL as follows:

Before neutralization: http://www.malicious.com.ca/index.html

After neutralization: hXXp://www.malicious.com[.]ca/index.html

Rewrite URLs and link text labels with custom settings

With this option, variables can be used to rewrite URLs as needed.

A customizable notification message can be sent to users with information about the URL filter action that was taken.

URL analysis is configured on the Forcepoint Email Security page Main > Policy Management > Filters > Add (or Edit) Filter. See Forcepoint Email Security Administrator Help.

Cloud MTA IP Groups

This version of Forcepoint Email Security adds new cloud MTA IP groups for Office 365 and G Suite. These IP addresses are automatically updated every hour and can be used to easily create SMTP routing or TLS connection policies. IP groups are configured on the page Settings > Inbound/Outbound > IP Groups. See Forcepoint Email Security Administrator Help.

Other changes and enhancements

This version of Forcepoint Email Security includes the following new features or functionalities:

Email-specific command-line interface (CLI) commands are added to the appliance CLI.

save configuration

show email counter

set mta open-relay-trusted-ip --status <enable|disable>

set mta reject-empty-pass-auth --status <enable|disable>

set mta sender-domain-validation --status <enable|disable|>

set mta tls-auth-only --status <enable|disable>

set mta tls-received-header --status <enable|disable>

set mta treat-blank-sender-as-outbound --status <enable|disable>

set mta trusted-ip-bypass-blocklist --status <enable|disable>

See Forcepoint Appliances Command Line Interface.