Advanced Threat Protection


Protects your business effectively from advanced cyber attacks and threats like ransomware, CEO fraud, BEC, ATO, spear phishing and more

Send a request now!


Emotet, Trickbot, GandCrab – Malware is increasingly finding its way into the email inbox of companies and organizations. CEO fraud, forged invoices and fake application emails are the most common methods used by cybercriminals to smuggle malware into corporate systems. Important files are encrypted, sensitive information is copied or confidential business transactions are monitored. Ransomware, spyware and viruses manipulate or damage operational and production processes, which can cause considerable (financial) damage to the companies targeted. With the comprehensive features of Advanced Threat Protection, even the most sophisticated cyber attacks have no chance.

Advanced Threat Protection protects your email traffic from insidious cyber attacks

Hornetsecurity's QR Code Analyzer

The danger of QR codes: QR codes are commonplace today. We now use them for everyday actions like downloading restaurant menus or taking advantage of an advertising promotion.  Cybercriminals too use QR codes in emails to deliver malicious links to recipients who are tricked into scanning the code. The root problem? Generating a QR Code is simple and can be used for phishing campaigns of all sizes.

Hornetsecurity’s QR Code Analyzer: To stay one step ahead, Hornetsecurity has developed a feature which does far more than simply scanning QR codes. Our QR Code Analyzer is able to detect QR codes embedded in other images that can re-route to other malicious sites. Attackers may start using this trick to circumvent simple QR code scanning apps.

The QR Code Analyzer can detect QR codes at light speed and can analyze different types, including URLs and texts. It supports all common image types such as GIF, JPEG, PNG and BMP.

Protection against blended attacks

Blended attacks use different types of malware at the same time. Viruses, spyware, spam and phishing are combined in one email attack.

This blending of attack methods and penetration of different vulnerabilities makes cyber attacks even more complex and difficult to detect.

The new ATP feature: Malicious Document Decryption

The latest risk from cybercrime is critical: hackers are increasingly using encrypted email attachments to infiltrate corporate systems with malware.

Classic anti-virus programs cannot detect the malware hidden by this encryption. Malicious Document Decryption adds another essential feature to Advanced Threat Protection: encrypted email attachments are decrypted using appropriate text modules. The decrypted document is then subjected to an in-depth virus scan. This keeps your mailbox safe from even this advanced threat.

Malware Transmitting Ways


Significant sales losses



Increasing threat from ransomware

Ransomware is one of the most popular methods of cyber crime in terms of both profitability and scope of (financial) damage to the victims. If the blackmailer’s software infiltrates a company system, all sensitive and confidential files are encrypted and are only released in exchange for a ransom in the form of Bitcoins. Unfortunately, there is no guarantee the files will actually be released after payment has been made.

Hackers’ favorite targets are large companies and government institutions, as well as critical infrastructure. In the worst case scenario, an attack could lead to insolvency. But considerable sales losses are also among the potential effects.

A strong alliance against all methods of attack

The variety of attack vectors means defense mechanisms must be able to cope with a multitude of methods in order to ward off all potential threats. That’s why Hornetsecurity uses freezing, URL scanning, rewriting and sandboxing to keep threats away from your IT infrastructure.

Comprehensive risk analyses with Sandbox Engine: Dangerous types of malware

Advanced Threat Protection - detailed risk analyses in the sandboxDangerous types of malware such as Emotet, Hancinator and Trickbot often hide behind file attachments in emails and therefore remain undetected at first. However, as soon as an infected document is opened, the malware enters a company’s system and can cause millions of dollars of damage. The Sandbox Engine scans email attachments for potential malware by running the file in a virtual, isolated test environment where any potentially harmful effects can be safely identified.

If the document sent turns out to be malware, the emails are quarantined directly, and the company’s IT security team is notified.

Freezing is the safe option

Emails that cannot be classified definitively straight away but are suspicious are held back for a short time by freezing them. The email is re-scanned – as soon as the virus detection engines get a hit, the email is moved directly into quarantine. Ransomware, blended attacks and phishing attacks will never get into your email inbox again!

Secure Links Secure Links protects users from malicious links in emails. It replaces the original link with a rewritten version that goes through Hornetsecurity’s secure web gateway. If a user clicks on a link, a deep web scan is initiated: The service recursively scans the target site and follows links to look for malicious web resources. The system blocks access to malicious sites and prevents hackers and cybercriminals from being able to access the user’s confidential data or infecting their computer with malware.

No getting through for harmful links thanks to URL scanning

Documents attached to an email (e.g. PDF, Microsoft Office) often contain further links. However, these cannot be replaced as this would violate the integrity of the document. The URL scanning engine leaves the document in its original form and only checks the target of these links to rule out possible malware damage and prevent phishing attacks.

Real-time alerts

Hornetsecurity Real Time Alerts notify your IT security teams in real time about acute attacks on your company. This up-to-date information can be used directly by the company for countermeasures, so that you can close your security loopholes in the shortest possible time and set up additional protective measures.

Ex-Post Alerts

With the ex-post alert, your IT security team receives an automatic notification if emails that have already been delivered are subsequently classified as malicious. You will receive a detailed evaluation of the attacks so that you can immediately initiate measures such as checking systems and raising the awareness of your own employees.

If a virus or infected link is detected in ATP analysis tools such as the Sandbox Engine or URL scanning, the system automatically sends an alert. In addition, the administrator is informed about the attempted intrusion into the IT structure. This alert contains detailed information about the type and extent of the attack.

Advanced Threat Protection

Protection against CEO fraud – Targeted Fraud Forensics gives social engineering no chance

The human in front of the PC is still considered one of the biggest security loopholes in a system, and cybercriminals are well aware of this fact. Hackers exploit this vulnerability through personalized attacks such as CEO fraud and spear phishing. Advanced Threat Protection uses innovative detection mechanisms such as spy-out detection, fraud attempt analysis and intention spoofing recognition to detect and prevent targeted social engineering attacks on employees. For this reason, incoming emails are examined for certain content patterns that indicate malicious intentions. This includes, for example, payment requests or requests for data output.

Targeted Fraud Forensics includes the following intelligent detection mechanisms

Fraud Attempt Analysis

Checks the authenticity and integrity of metadata and mail content.

Identity Spoofing Recognition

Detection and blocking of forged sender identities.

Intention Recognition System

Alerting to content patterns that suggest malicious intent.

Spy-Out Detection

Defense against espionage attacks to obtain sensitive information.

False Facts Identification

Identity-independent content analysis to identify messages that attempt to induce the recipient to take action by putting forward fictitious facts.

Targeted Attack Detection

Detection of targeted attacks on individuals who are particularly at risk.

Tips for identifying malicious emails

Professional cyber attacks via email are very difficult to detect, but there are a few clues for detecting fraud. First of all, if a fraudulent email is suspected, Verify whether the sender address actually matches the original domain. Consider carefully whether the sender is really an acquaintance or business partner of yours or whether the email address only resembles that of the actual person. Check for spelling and grammar mistakes, especially if the email is supposed to come from a reputable company. An impersonal form of address in the cover letter, such as “Dear Ladies and Gentlemen,” is another clue. Be careful with links or buttons placed in emails, because as a “normal user” it is very difficult to check whether the apparent link target is actually correct. In case of doubt, it is safest not to click on any attached link.

Data - One of the most important resources of our time

Credit card information, travel information, passwords and access information, and personal details such as name and address are valuable pieces of information in our digital world. Hackers have set their sights specifically on either selling the data on the Darknet or using it for other purposes – for example, to deliberately harm companies. The attackers often use personal data for targeted attacks, since insider knowledge makes it difficult for employees to detect fraud and easier for the attackers to gain access to the company systems.

Raising employee awareness

Train your employees about the growing threat of cybercrime and the sophisticated methods hackers use, so they will be careful about which company information they publish and where they publish it. In-house seminars can enhance knowledge of how to deal with sensitive data, such as passwords or credit cards. In addition, you should always introduce the four-eyes or even better six-eyes principle for payments and protect yourself from any concerns among your clients.

Integration of Advanced Threat Protection into the email management system

Integration of Advanced Threat Protection into the email management system

Hornetsecurity Advanced Threat Protection extends the filtering mechanisms for spam and malware protection.

Emails that have passed this initial check are subjected to further analysis by ATP.

Among other things, Advanced Threat Protection executes suspicious attachments and examines their behavior in detail.


Fact Sheet

Any questions?