Structure and Functions of ATP

Hornetsecurity Advanced Threat Protection (ATP) protects your company against targeted, individual attacks. Innovative forensic analysis engines ensure that attacks are stopped immediately. At the same time, this solution provides your company with detailed information about the attacks.

ATP consists of the following analysis engines:

  • Sandbox Engine
  • URL Rewriting
  • URL Scanning
  • Freezing
  • Targeted Fraud Forensics

Emails intercepted by ATP are categorized as AdvThreat and placed in quarantine. Typically, they can be delivered manually by users with administrative rights.

ATP notifies your company’s security officers about security-related events at two different points in time:

  • Immediately after the arrival of triggering emails, with Real-Time Alerts (see Real-Time Alert).
  • Immediately after the detection of new threats in already delivered emails, with Ex Post Alert (see Ex Post Alert).

Using Ex Post Deletion, emails that have already been delivered can be deleted from users' Microsoft 365 mailboxes in the module Email Live Tracking. For example, it is possible to delete emails that Ex Post Alert has subsequently classified as threats. For more information on the activation of Ex Post Deletion, see here.


Ex Post Deletion is only available for 365 Total Protection Enterprise customers.

In addition to the automatic analysis of emails, both upon their arrival and subsequently with Ex Post Alert, ATP can perform manual analyses of emails with executable attachments. With the so-called ATP scans (see ATP Scan), the user not only increases security, but also obtains detailed information about the affected emails through the ATP reports (see ATP Report).

Figure 1: Workflow of Spam and Malware Protection with Hornetsecurity ATP