Frequently Asked Questions
Frequently asked questions
EMAIL CONTENT MANAGEMENT WITH mxHERO / GENERAL FAQ's
When mxHERO places a URL into an outgoing email (in lieu of attachment), can the system set one rule for employee recipients within my domain and yet another rule for external recipients of that same email?
Yes, every recipient can have unique rules established whether inside of your organization or for external recipients outside of your organization. An example would be for internal recipients, the URL allowing access to an email-based digital content asset might be an Open Link allowing View and Download rights whereas an external recipient might only have View rights and the URL can be both auto-expiring and password protected by rule.
Can mxHero be deployed for a specific set of users vs. organization-wide?
mxHero can be deployed for a single user, a business unit, a project team, or deployed in an end-to-end organizational-wide rollout. It’s all up to the customer.
Can mxHERO auto-detect PII, SSNs, credit card numbers, or other flagged content and quarantine those email assets when being sent by a user?
Yes. mxHERO is intelligent in that it can inspect digital content during our 'capture' processing such that PII and other sensitive information can be detected and rules established to support URL limitations, password protections, and even content quarantine setups based on our customer's content rules. mxHERO can also be configured such that certain content types are 'internal only' and we have the ability to leverage Microsoft's content tagging (e.g. Confidential, Highly Confidential, other) to provide additional content protections when we process inbound or outbound content.
What is the advantage of using mxHERO with Cloud Storage (content cloud) services?
mxHERO extends the advantages of Content Clouds by extending their security, governance and flexibility to enterprise or agency email-based content. Once content is captured by mxHERO and placed automatically into the Content Cloud, the full capabilities of the Content Cloud are enabled for that same digital content.
Can mxHERO be used outside of the United States?
mxHERO can be used on any device anywhere in the world as long as the user's email system and cloud content management configuration are setup. mxHERO has customers with global footprints.
When mxHERO is placing content into content storage (e.g. Box, Dropbox, Microsoft, Google, or Egnyte) - if the targeted folder does not exist, can mxHERO automatically build the target folder (e.g. customer folder, recipient folder, other) and apply security or sharing rules to that folder when it's created?
Yes! mxHERO has the intelligence to detect whether a folder 'target' for a specific content type is available - if it is not (e.g. its a new client and the folder in cloud storage is not yet established), mxHERO will detect this and auto-build the applicable folder in the cloud storage system inclusive of adding security, retention or other rules. Once done, that folder is now available for mxHERO content routing based on rules the customer may have setup.
Can mxHERO improve search functionality by using meta-data tags when uplifting content from email into content storage platforms?
Yes - but this is cloud platform dependent. For integrations that support metadata, this works very well as the API and inherent metadata templates allow for mxHERO to not only process content from email but to enrich it with meta-data when we place it automatically into the cloud storage system.
Does mxHERO have videos available showing key functionality (e.g. demos)?
Yes! They can be accessed from mxHERO's website at: https://vimeo.com/mxhero
Can mxHERO auto-linking be turned off for select email addresses?
Yes, mxHERO can be selectively disabled. In some cases, the recipient needs to have standard attachments, for example, a billing system that receives receipts as email attachments. In other cases, some recipients can't access cloud storage links. In all these scenarios, mxHERO supports whitelisting. Finally, mxHERO can be configured to not process a particular email if the hashtag "#nomxhero" is on the subject line when sent. The hashtag signals mxHERO to not link attachments in that email. mxHERO then removes the hashtag before delivering the message to recipients.
If I use mxHERO, will my users be able to use it if they send or receive emails from their mobile devices?
Yes - mxHERO works from any device anywhere at any time.
When I send an email externally and mxHERO auto-inserts a URL in lieu of an attachment, does the recipient of that email require a Box, Dropbox, Google, Microsoft, or Egnyte account?
Depends on how you configure mxHERO. A common configuration is to send auto-expiring open links. This type of delivery does not require the end-user to have a matching cloud storage account and still provides far better content security than standard email attachments that exist indefinitely. In another configuration, you can require a password. This may or may not need a matching cloud storage service on the part of the recipient. You may elect to use this configuration to secure attachments sent within the organization. Since everyone in the organization is using the same content cloud, it is easy to deploy, and these communications stay protected from eventual breaches or accidental forwards. However, you can also password protect attachments in a way that does not require your recipient to have a cloud storage account. mxHERO can add a password to the Cloud Storage link and forward the password to the recipient in a separate communication. As with all mxHERO configurations, all of the above scenarios can be applied specifically per recipient.
Does mxHERO work with Salesforce?
Yes, there are several ways in which mxHERO can integrate with Salesforce. Salesforce can be configured to relay outbound emails through mxHERO, thereby adding additional security, governance, and management of messages generated with Salesforce. Similarly, emails sent to Salesforce can have their attachments replaced with links to your content cloud before being saved in Salesforce. By moving attachments out of emails, message sizes become much smaller. A 20MB email becomes only ~30K once its attachments are moved to cloud storage. Given the elevated costs of storage in Salesforce, the cost savings can be significant. Salesforce can also be configured as a data source for mxHERO, thereby allowing mxHERO to identify customers for security and auto-filing of messages and/or attachments.
If I want to auto-delete my emails after x period in my email system, can mxHERO automatically archive emails and email attachments into cloud content storage for me prior to deletions (e.g. for archive purposes)?
Yes, this is one of mxHERO's most common applications. Many organizations have enabled retention policies that delete emails over a minimum required age. One challenge of any retention policy is how to keep critical business record emails and attachments from being deleted as well. mxHERO can help by targeting what needs to be kept and moving those emails into your content cloud for safekeeping.
If I want to use mxHERO to get inbound emails or attachments into cloud storage without impacting the end user's email experience - can I do this with mxHERO?
Yes, mxHERO can copy or move emails into your content cloud in the background. This solution is useful for replacing email archives or capturing select communications (e.g., to and from clients) into shared cloud storage folders for better communications security, management and visibility.
If I want to go back in time (e.g. have mxHERO run a script to harvest email or email attachments) can I do that with mxHERO?
Yes, mxHERO can retroactively process emails, copying / moving all messages into content clouds or a specific selection of messages and/or attachments (e.g., all invoices into per vendor shared folders).
Does mxHERO offer any ingestion or inbound capture options for digital content capture from email beyond the full rule-based automation capability?
Yes! mxHERO allows for drag and drop functionality for email users with the Box Content Cloud. This new capability released in Q4 2022, allows users to select or multi-select emails and with a drag / drop operation to simply move them into their targeted Box desktop app accessible folder or directly into a folder in Box Drive.
mxHERO also supports forward to alias capabilities enabling users to simply forward an annoyed email to a specific email address and once done - mxHERO will auto another the email and / or attachments for content uplifts into client specific content management platform folders.
Does mxHERO have a modeling app allowing me to model my cyber risk, sustainability impacts and cost overhead with the traditional use of email?
Yes! mxHERO has a mobile and web app ROI calculator (complete with cited sources) allowing for the modeling of at rest, inbound and outbound email security risks, cost takeouts for appliance depreciation applicable to legacy email usage and sustainability advantages for CO2 takeouts via email attachment elimination. The application is free for all partners and customers, publicly available and accessible via https://tools.mxhero.com/roi/
TECHNOLOGY / ARCHITECTURE / SECURITY - ABOUT US
Is mxHERO SOC2 Security certified?
mxHERO is SOC2 Type II certified and certificates may be provided to customers and/or partners upon request to email@example.com.
What is mxHERO's service architecture?
mxHERO's service architecture is provided here: www.mxhero.com/trust
mxHero as a Software as a Service (SaaS) solution - How is it hosted?
mxHero leverages Amazon Web Services to support unlimited scale for our cloud-based solution. With greater than 99.99% up-time performance historically and unlimited scale, this is the ideal solution for our customers who seek mxHero's benefits while reaping the advantages of SaaS deployed applications.
On-premises deployment options are also available.
When mxHero captures email content or attachments, does the company retain any of that content prior, during, or after it is routed to the targeted cloud content management platform?
mxHero does not retain content or attachments. With its intelligent content management platform, mxHero serves as a 'bridge' between legacy email solutions and the targeted cloud content management platform such as Box, Dropbox, Egnyte etc. Once the email and/or attachment is intelligently routed to the targeted cloud storage folder structure complete with metadata and applicable security overlays, there is NO retention of the email or email-based content on the part of mxHero.
What are the lines of demarcation when it comes to mxHero security vs. that of the target cloud storage?
mxHero serves to extend the cloud content platform security model to email-based content. In doing so, mxHero ensures inflight encryption of captured content and once the content is stored into the appropriate cloud storage folder container, the cloud storage security overlays apply to that content including HIPAA, GxP, and other security features available. Thus, mxHero’s security includes:
Data transmissions over SSL and is encrypted at rest
Multiple monitoring angles and intrusion detection systems are in place
SOC2 Type II certification
SkyHigh Enterprise-Ready Certification
CSA Star Certification
Regulatory Compliance with HIPAA and FERPA
For more on mxHero security see https://mxhero.com/trust
What is the mxHero platform?
mxHero's full platform feature components offer a more robust set of software services when clients want to exploit the intelligent routing, automation of email content flow mechanisms into cloud storage targeted folders and to expose the full capabilities of mxHero with cloud platforms.
Under the platform component, customers are able to leverage mxHero's full suite of platform capabilities including email archiving, intelligent routing to the cloud, meta-data captures, and rule-based workflow enablement.
What type of encryption does mxHero leverage?
As previously stated, mxHero leverages encryption on all the processes executed to get your content into the cloud storage platform. Emails are captured via SMTP/S or IMAP/S, both using 2048-bit SSL Certificates with strong 256-bit encryption. Data is sent to the cloud storage services using the same encryption level through their secure APIs, over HTTP/S. While at rest for processing, data is protected using the industry-standard AES-256 algorithm.
What are mxHERO's failover procedures?
mxHERO deployments are designed to provide maximum service by design and fully leverage the proven robustness of email technology. If the customer's cloud storage service is unresponsive and mxHERO cannot upload content, mxHERO can optionally allow email to proceed with attachments intact (email unaltered) after 15 minutes. mxHERO customer administrators can also disable mxHERO instantaneously at any time. Finally, mxHERO recommends that customers provide secondary MX records to guarantee uninterrupted email service in even the most unlikely failure scenarios. mxHERO uptime performance and system status can always be monitored via https://status.mxhero.com.
IMPLEMENTATION & PRICING
For natively supported use cases, how fast can mxHERO be deployed?
Initial setup of mxHERO with a customer email system and back-end cloud content management platform (e.g. Box, Dropbox, Microsoft OneDrive, Google, or Egnyte) normally takes less than 90 minutes. The time-consumption pertaining to mxHERO implementation is in the establishment of the internal vs. external email content routing rules, once those rules are established by the organization, the configuration of mxHERO for those use-cases normally takes one configuration meeting and <90 minutes in most cases.
How is mxHero priced?
mxHero is priced on an annual per-user basis with tier-based discounts based on customer user volume levels. Pricing starts at $10 per month per user ($120 per user per year) for a 20 user minimum with discounts applicable as user-counts expand. mxHERO also has special pricing for our Legal Vertical Quick Start package (www.mxhero.com/legal-quickstart) and for non-profit and public sector agencies. For email harvesting from legacy Exchange, one-time charges are project-based and informed partially by targeted terabyte volumes. To find out more or to get a quote - email us at: Sales@mxHERO.com
Can mxHERO be deployed as an on-premise application vs cloud-based?
mxHERO is a cloud-hosted Software-as-a-Service application. For agencies or customers who may require an on-premise installation of mxHERO for security or other reasons, mxHERO can be deployed on-premises. However, there is an initial configuration professional services fee for this setup including an annual maintenance expense. The majority of mxHERO's customers utilize the cloud-based solution.
Under a traditional deployment of mxHero, what is required from a technical perspective to support turning on mxHero's features and functionality?
While client use-cases vary, native mxHero is deployable in tandem with all of the leading email solutions including O365, Microsoft Exchange, MS Outlook, GMAIL, etc. On the content management side, mxHero is configured to take advantage of the Cloud Content Platform API for integration and intelligent routing of content.
Under a typical deployment, mxHero will work with clients to capture the intended customer use cases (e.g. intelligent routing protocols) and deployment requirements, and once done - the configuration or setup of mxHero aligned with targeted user emails and/or client email domains, mapping to cloud storage based on workflow rules or content keys (e.g. a project number, user name, sender name, or other taxonomy) and the setup of mxHero is then staged with the assistance of the client's email administrator or assigned resource.
A typical deployment of mxHero takes hours - not days - as long as the requirements for the connectors, plug-ins, or bi-directional content captures are in place during deployment.
Once mxHero understands the rule structure for placing email content into cloud storage, the implementation is seamless and velocity-oriented.
Can you explain exactly how mxHero captures the email-based content and moves it into cloud storage from a technical perspective?
mxHero's service is topologically equivalent to a network router. The service acts as a gateway (or an IMAP client) where email is temporarily processed for integration with cloud storage systems. Like a router, mxHero's services possess very little internal storage, only a sufficient amount to process email in transit. Once processed, mxHero deletes local copies to allow the system to continue processing inbound messages. mxHero's systems are not designed to retain messages for longer than needed for the express purpose of processing. Processing normally takes less than 5 seconds to occur. As an additional precaution, all temporary storage used for processing utilizes encrypted file systems ensuring that data is encrypted at rest at all times. Technically speaking, emails are captured through SMTP/S or IMAP/S, analyzed, optimized, and filed into the cloud storage service using APIs through HTTP/S.
Is mxHERO’s support model publicly available for customers?
With a 99.9% uptime performance and public monitoring via our status site, mxHERO is committed to system performance and customer success. Our support model is also available via: http://link.mxhero.com/support
CYBER-SECURITY CONSIDERATIONS FOR EMAIL CONTENT WITH mxHERO
What is mxHERO's posture in terms of using mxHERO Mail2Cloud to reduce or eliminate email-borne cyber attacks?
Email is the #1 security threat vector for the enterprise. As such, mxHERO's position is that email content attachments should NOT reside within email. With mxHERO Mail2Cloud, we capture content payloads in-flight in real-time and replace those attachments with secure and auto-expiring capable URLs. In certain cases, those same URLs can also require a password to access them - which mxHERO has fully automated. To further, when digital content is accessible via URLs, capabilities such as Preview and auto-quarantine of email based on anomalies can further secure an organization's vital email content. In a zero-trust model, one has to assume that a breach can or will occur at some point. Under this approach, if an email system is breached but the ill-intended actor cannot access the vital content - the impact of the breach is minimized and/or eliminated. Furthermore, content sent outside of an organization's walls is also a security threat (e.g. if your client or outside partner is breached - so are you). With mxHERO, we can protect our customer's digital content even outside of their walls!
When mxHERO places a URL into an outgoing email (in lieu of attachment), can mxHERO force the use of a password under a 2FA/MFA scenario and automate this?
Yes. mxHERO is able to determine - by rule - when a URL link allowing access to an email-centric content payload is required to have password protection. When this rule is established (e.g. for outbound inter-domain emails), mxHERO automates the password protection and sends the recipient(s) a separate communication with the password allowing access to the URL-linked asset. The URL can also be auto-expiring providing an additional layer of content protection.
If I have Barracuda, Proofpoint, or other perimeter defenses, will mxHERO conflict with these?
No, mxHERO is designed to fully integrate with your border systems - adding additional security and governance capabilities they do not provide. Furthermore, not all mxHERO solutions need to be a part of the email delivery chain. When mxHERO does need to be part of the email delivery chain it is simply added as another hop. Ideally, mxHERO is positioned as the last hop in and the first hop out of the email service.
DLP and anti-virus systems are needed, but there are significant, dangerous gaps in what they provide in terms of data protection. From a security point, mxHERO provides greater security and control of your email content before and after a breach has occurred. Critically, this protection extends beyond your organization. Existing DLP solutions can help police what content gets sent out of the company, but what happens when your external recipients get breached or otherwise mishandle your sensitive information? mxHERO ensures that email content, like attachments, actually never leaves your organization, even when sent out through email. Attachments are moved into your secure content cloud. What is delivered externally is only a URL that you still control. This means that even simple measures, like automatically expiring outbound links in 7 days, vastly reduced your threat surface. Furthermore, mxHERO can move attachments and messages out of internal emails and into secure content clouds. If an employee is breached or accidentally forwards sensitive information, the hackers do not have immediate access to your content, which has been secured. DLP solutions do not provide this level of protection.
If mxHERO protects content outside of the organization by sending secure links, what happens when that attachment is downloaded by my recipient? Does mxHERO continue to protect that content like DRM (digital rights management) solutions?
mxHERO protects content that is in email. Email is widely replicated as it is delivered and even after it is delivered if forwarded to additional recipients. [link to ROI calc] With mxHERO, email content is removed to your content cloud and so is never part of email's replication. mxHERO does not alter your attachment, like DRM solutions. When an authorized recipient downloads the file, it is no longer in your content cloud's control. You can use any DRM solution with mxHERO. mxHERO does not interfere with the use of DRM-protected files. Although DRM is a compelling security technology, its adoption has never been widespread despite decades of existence, largely in part because it requires the recipient to either possess the same software or jump through too many hoops. In contrast, mxHERO ensures that your content is never exposed in email without encumbering the sender or recipient with additional software requirements.
What happens if someone breaches my email system and I have mxHERO & cloud storage deployed?
While the threat of breaches cannot be fully mitigated, the impact of a breach can certainly be minimized. By deploying mxHero, content attachments are moved 'away' from the email paradigm and into secure cloud storage folder targets. So, if an email breach does occur after deployment of mxHero, a hacker may have access to an email but they'll never have access to the content protected by the links as long as the links are disabled, secured via login requirements, or removed. In summary, the security overlay at the cloud storage level prevents unauthorized access. This represents one of the most significant benefits of deploying mxHero with your cloud storage. Furthermore, mxHERO uniquely offers this same protection to emails sent outside your organization - in other words, you are protected from the breaches of others.
Does mxHERO have a summary of typical enterprise or agency use cases that might apply to my organization?
Yes! Check out the mxHERO Solutions Catalogue
Will mxHERO support integration to identity management or single-sign-on (SSO) platforms such as Okta?
mxHERO supports SSO setups. While user SSO or identity management-aligned access to customer IT systems will not change in any way with an mxHERO implementation (including their SSO-accessibility to email systems), assigned / approved customer ADMINISTRATOR personnel who will have access to mxHERO's Mail2Cloud dashboard will gain entry to the mxHERO ADMIN CONSOLE via SSO authentication as may be required by our customers. mxHERO will guide the setup of the SSO or identity management configuration with the mxHERO Admin Console access during implementation. This is a native capability and a common deployment setup for mxHERO.