Today marks a huge step forward for the GreatHorn platform — we are terrifically excited to introduce full content analytics for cloud-based email, significantly enhancing the email security capabilities of our customers!

This is a major functional update, and will help organizations make their cloud-based email systems more secure in three major ways:

  • Detect frequently used spear-phishing phrases and keywords (“authorize this wire transfer”, for example) in realtime
  • Create role-specific policies and alerts, ensuring that threats targeting high-risk staff (finance staff, HR, and senior executives) are flagged appropriately
  • Automatically take remediation actions, such as suspending accounts that exhibit suspicious authentication activity following the receipt of high-risk emails

The Power of Big Data: Finding Threats at Scale

On top of the ability to create content-based policies in email, the GreatHorn platform has analyzed over 4 million emails; we sit on top of one of the most robust proprietary security data sets in the world.

By design, we do not store email content or subjects in this data set; what we do build is an incredibly deep set of meta- and pattern data, which makes it possible for us to find threat patterns that other solutions miss. In adding content analytics, we will now be able to flag threat vectors — domains, MX routes, even compromised organizations — more quickly and accurately than ever before.

Cross-Platform Behavior Correlation

What’s particularly exciting about this new functionality is the ability to correlate activity that originates in one cloud application — for example, a message received into a Google Apps or Office 365 mailbox — with subsequent activity in another, such as a login into an AWS EC2 instance.

Managing security, both in terms of email security as well as a broader cloud defense-in-depth strategy, requires this kind of combinatorial analysis. Differentiating a forgotten password from a dictionary-based authentication attack, for example, means pulling the camera lens back far enough to see whether an individual user (or even a set of users) have been targeted by other kinds of reconnaissance activities. With content analysis in place, GreatHorn can now take the burden of this type of analysis off the plate of an information security administrator, and instead allow them to respond to real threats without being distracted by non-security related noise.

We will be rolling out content policies to our customers over the next few days; if you’re interested in trying it out, let us know and we’ll get you deployed in under 20 minutes!