What Is ATP


This article will cover the features of Advanced Threat Protection in MPmail. This is an add on for your Customers, please contact your Account Manager or sales@manageprotect.com for pricing.


  • A MPmail Customer who wants ATP

The Process

Advanced Threat Protection (ATP) protects your company against targeted, individual attacks from the first spam email. Highly innovative forensic analysis engines ensure that attacks are prevented immediately. At the same time, the solution also provides your company with detailed information about the attacks.

When ATP discovers an attack, the Email Address you have specified is sent a notification which immediately informs you about a potential threat. The responsible person receives various details about the type of attack, what it was targeting, the sender and the reason the email was intercepted. The notification Email is set when ATP is added to your Customers account.

ATP has a number of engines available, they are:

  • Sandbox Engine
  • URL Rewriting
  • URL Scanning
  • Freezing
  • Ex-post alert
  • Targeted Fraud Forensics

Sandbox Engine

Attached files are run through a number of different system environments and their behaviours are analysed. You will be notified if a certain attachment appears to be malware. Protects against ransomware and blended threats.

URL Rewriting

URL Rewriting replaces all of the links in an email with your own links. If these are clicked on, the user is sent to the actual website via a web filtering service.

URL Scanning

Documents attached to an email (e.g. PDFs, Microsoft Office) may contain links. These cannot be replaced, as this would affect the integrity of the document. The URL scanning engine leaves the document in its original format and just reviews the link’s destination.


Emails that cannot be clearly classified straight away but are nevertheless suspicious can be held back for a short period of time by using freezing. This is followed by another review with updated signatures. Protects against ransomware, blended attacks and phishing.

Ex-post alert

If it becomes clear that an email that has already been sent should actually be classified as potentially harmful, the company’s IT security team will receive a notification as soon as this is brought to light, detailing the extent to which the email is harmful, and any countermeasures. This allows the risk to be contained quickly.

Targeted Fraud Forensics

Targeted fraud forensics recognises targeted personal attacks that do not involve malware or links. The following recognition mechanisms are used for this:

  • Intention recognition system: alerts for content templates that suggest malicious intent
  • Fraud attempt analysis: reviews the authenticity and integrity of metadata and mail content
  • Identity spoofing recognition: recognises and blocks any fake sender identities
  • Spy-out detection: counterintelligence for attacks obtaining protected information
  • Feign facts identification: analyses content for messages based on simulated feigned facts
  • Targeted attack detection: recognises targeted attacks on individuals