What is Heimdall?
The Heimdall service in NoSpamProxy collects and analyses metadata on emails and attachments. The goal is to build an even more powerful anti-malware intelligence that can detect and defend against spam and malware attacks even faster and more accurately.
Heimdall analyses a growing number of emails
Heimdall’s great strength lies in centrally bundling the meta-information of the numerous distributed NoSpamProxy instances and, based on this, identifying suspicious trends early on. The following graph shows the number of emails reported by Heimdall for the second half of 2020:
In the overview, the emails are divided as follows:
- Outbound emails (Outbound)
- Inbound emails with Level of Trust (Trusted Inbound)
- Inbound emails without Level of Trust (Untrusted Inbound)
The dark line (Trend) represents the averaged overall trend. It is easy to see here that the number of reports to Heimdall increases significantly over time. As expected, email traffic is greatly reduced at the end of the year.
Heimdall beta increasingly popular
The free use of the Heimdall service (currently available as a beta version) by NoSpamProxy customers comprises two stages.
In the first stage, participation in Heimdall can be activated locally. The NoSpamProxy instance then reports to the Heimdall service. This allows the algorithms to adjust to the reported meta-data, but does not provide any additional protection.
The second stage becomes active as soon as the NoSpamProxy support has been activated. Then NoSpamProxy not only sends reports, but also receives replies from Heimdall. In this case, additional SCL points are then awarded on the basis of the assessments made.
The graph shows
- how many emails have been reported to Heimdall over the last few months (Nur Berichte)
- and how many of these have already been evaluated by Heimdall (Antworten).
Again, the figures refer to daily values. The proportion of reports that were also answered is represented by the dark line and uses the scale on the right. Especially from the summer of 2020, the proportion of NoSpamProxy customers who used the Heimdall beta increased. As a result, the proportion of Heimdall reports that were answered also increased.
Heimdall is constantly improving
In the course of the last year, the malware and spam detection of the Heimdall service has been constantly expanded with new features. The aim is to complement the existing protection mechanisms in NoSpamProxy.
The following graphs compare the number of local detections with the number of detections by Heimdall:
It becomes clear here that the local protection mechanisms of NoSpamProxy detect the majority of malicious emails. Nevertheless: Threats keep cropping up where Heimdall contributes a significant amount of additional detection and completes the protection.
One example is the detection of phishing or spam waves, which in many cases last less than an hour. Here, the correlation of meta-data enables fast and targeted detection.
Conclusion
After a little over a year, Heimdall is slowly coming of age. In more and more areas, the existing protection is being effectively supplemented. Especially in the case of special threat situations – such as those caused by Emotet and others – Heimdall can react quickly and flexibly thanks to its cloud infrastructure. Moreover, it is already apparent that Heimdall is gradually developing into a mature malware intelligence.
Start using Heimdall now
The Heimdall action in NoSpamProxy ensures that metadata on emails and attachments are collected and analysed. The goal: to build an even more powerful anti-malware intelligence that can detect and fend off attacks by spam and malware even faster and more unerringly. If you are interested in using the beta version of Project Heimdall, send an email with the subject “Heimdall activation” to NoSpamProxy Support and attach a screenshot of your licence details.