Cloud Email Security Datasheet

Cloud-based protection that identifies, analyzes and blocks email attacks

Email is the most vulnerable vector for cyber attacks because it is the highest volume data ingress point. Organizations face an ever-increasing number of threats from email-based spam, viruses and advanced threats. The majority of threats arrive by email in the form of weaponized file attachments, malicious links, wire-transfer fraud and credential phishing. While anti-spam and antivirus software are good at catching traditional mass email phishing attacks with known malicious attachments, links and content, they cannot catch sophisticated and targeted spear-phishing attacks designed to bypass these legacy solutions. Email remains the primary method used to initiate an advanced attack or deliver ransomware because it can be highly targeted and customized to increase the odds of exploitation.

FireEye Email Threat Prevention Cloud (ETP) helps organizations minimize the risk of costly breaches. Deployed in the cloud, it accurately detects and can immediately stop advanced and targeted attacks, including spear phishing and ransomware before they enter your environment. ETP uses the signature-less Multi-Vector Virtual Execution™ (MVX) engine to analyze email attachments and URLs against a comprehensive cross-matrix of operating systems, applications and web browsers. Threats are identified with minimal noise and false positives are nearly nonexistent.

FireEye collects extensive threat intelligence on adversaries, firsthand breach investigations and through millions of sensors. ETP draws on this real evidence and contextual intelligence about attacks and attackers to prioritize alerts and block threats in real time.

ETP integrates with FireEye Network Security and Endpoint Security for broader visibility to coordinate real-time protection against multi-vector, blended attacks.

FireEye Email Threat Protection (ETP)

Watch a quick overview of our cloud email security product offering, including a walkthrough of the ETP portal.
(5:05 min)


  • Offers comprehensive email security against spear phishing and other advanced, multi-stage and zero-day attacks, as well as anti-spam and antivirus protection
  • Analyzes emails for threats hidden in files including password-protected and encrypted attachments and malicious URLs
  • Automatically detects and reduces or entirely prevents credential phishing


  • Provides contextual insights for alerts to prioritize and contain threats
  • Integrates with Office 365, Google Mail and a variety of FireEye technologies
  • Deploys in active protection or monitor-only mode
  • Meets the FedRAMP security requirements and complies with SOC 2 Type II certification

Effective threat detection

FireEye ETP is an effective cyber threat protection solution that helps organizations minimize the risk of costly breaches by accurately detecting and immediately stopping advanced, targeted and other evasive attacks hiding in email traffic.

At the core of ETP is the Multi-Vector Virtual Execution™ (MVX) engine. MVX is a signature-less, dynamic analysis engine that inspects suspicious email traffic to identify attacks that evade traditional signature- and policy-based defenses. The MVX engine detects zero-day, multi-flow and other evasive attacks by using dynamic, signature-less analysis in a safe, virtual environment. It stops the infection and compromise phases of the cyber attack kill chain by identifying never-before-seen exploits and malware.

ETP is available with anti-spam and antivirus protection to detect common attacks that use conventional signature matching.

Defense against email borne threats

With all the personal information available online, a cyber criminal can socially engineer almost any user into clicking a URL or opening an attachment.

ETP provides real-time detection and prevention of spear-phishing, ransomware, sender impersonation and credential-phishing attacks that evade traditional defenses. It reduces credential phishing with detection of “like but not equal” domains (typosquatting).

If an attack is confirmed, ETP quarantines the malicious email for further analysis or deletion. It conducts analyses for malware hidden in:

  • Attachment types including, but not limited to: EXE, DLL, PDF, SWF, DOC/DOCX, XLS/XLSX, PPT/PPTX, JPG, PNG, MP3, MP4 and ZIP/RAR/TNEF archives
  • Password-protected and encrypted attachments
  • URLs embedded in emails
  • Credential-phishing and typosquatting URLs
  • Unknown OS, browser and application vulnerabilities
  • Malicious code embedded in spear-phishing emails

While ransomware attacks start with an email, a call back to a command-and-control server is required to encrypt the data. ETP identifies and stops these hard-to-detect multistage malware campaigns.

Response workflow integration

ETP works with several other FireEye solutions to help automate alert response workflows:

  • FireEye Central Management correlates alerts from both ETP and FireEye Network Security for a broader view of an attack and to set blocking rules to prevent the attack from spreading.
  • The FireEye Helix platform works smoothly with ETP and is specifically designed to simplify, integrate and automate security operations.

While ransomware attacks start with an email, a call back to a command-and-control server is required to encrypt the data. ETP identifies and stops these hard-to-detect multistage malware campaigns.

Active-protection or monitor-only mode

ETP can analyze emails and quarantine threats for active protection. Organizations simply update their MX records to route messages to FireEye. For monitor-only deployments organizations just need to set up a transparent BCC rule to send copies of emails to FireEye for MVX analysis.

Efficient response to alerts

ETP analyzes every attachment and URL to accurately identify today’s advanced attacks. Real-time updates from the entire FireEye security ecosystem combined with attribution of alerts to known threat actors provide context for prioritizing and acting on critical alerts and blocking spear-phishing emails. Known, unknown and non-malware based threats are identified with minimal noise and false positives so that resources are focused on real attacks to reduce operational expenses.

Rapid adaptation to the evolving threat landscape

ETP helps your organization continually adapt your proactive defense against email-borne threats by using deep intelligence about threats and attackers. It combines adversarial, machine and victim intelligence to:

  • Deliver timely and broader visibility to threats
  • Identify specific capabilities and features of detected malware and malicious attachments
  • Provide contextual insights to prioritize and accelerate response
  • Credential-phishing and typosquatting URLs
  • Determine the probable identity and motives of an attacker and track their activities within your organization
  • Retroactively identify spear-phishing attacks and prevent access to phishing sites by highlighting malicious URLs

Organizations have access to the ETP portal to view real-time alerts and generate reports.

Easy deployment and cross-enterprise protection

ETP is cloud-based, with no hardware or software to install. It’s ideal for organizations migrating their email infrastructure to the cloud. This shift eliminates the complexity of procuring, installing and managing a physical infrastructure.

ETP integrates seamlessly with cloud-based email systems such as Microsoft Office 365 with Exchange Online Protection and Google Mail.

To protect against malicious emails organizations simply route messages to ETP, which analyzes the emails for spam and known viruses first. It then uses the signature-less detonation chamber, MVX engine, to analyze every attachment and URL for threats and stop advanced attacks in real time.

Compliance certfications


The FireEye Government ETP service meets the FedRAMP security requirements for cloud services operated by government and public education entities.

SOC 2 Type II

FireEye ETP cloud environment complies with the American Institute of Certified Public Accountants (AICPA) Service Organization Controls (SOC 2) Type II Certification for Security and Confidentiality.


"With FireEye Email Threat Protection (ETP), less is more. We receive fewer spam and dangerous emails, and we spend less time analyzing suspect messages. Overall, it represents less risk for all."

- Roberto Rubbi, System Administrator, ASCOT CERAMICHE S.P.A.

Ready to get started?

Ask about FireEye solutions, implementation or anything else. Our security experts are standing by, ready to answer your questions.

+1 888-227-2721 +61 281034308 +1 877-347-3393 +358 942451151 +33 170612726 +49 35185034500 +852 3975-1882 +91 80 6671 1241 +39 0294750535 +81 345888169 +03 77248276 +52 5585268207 +64 32880234 +48 223072296 +7 4954658084 +65 31585101 +27 105008408 +82 7076860238 +34 932203202 +94 788155851 +886 2-5551-1268 +27873392 +44 2036087538 +842444581914