Incident Response

Minimize risk exposure with email removal and in-depth forensic capabilities

Incident Response and the Failure of Email Security

It’s a poorly kept secret that no email security tool can block 100% of threats. And yet security vendors have failed to adequately integrate incident response capabilities, forcing security professionals to rely on time-consuming and often inaccurate scripting (as required with the native capabilities of cloud email security providers) or a cumbersome process involving simplistic search, .csv export from one tool, and import into another (as typically required by secure email gateways).

Meanwhile, every minute that incident response takes is one minute closer to a click and a potential breach. According to Verizon’s Data Breach Investigations Report, it takes less than 16 minutes for the first user to click on a given attack. GreatHorn Email Security focuses on the full lifecycle of email—targeting not just the entry point, but every point of vulnerability from delivery to deletion.

Email Removal—No Scripts Required

From automated removal to two-click bulk remediation, GreatHorn’s integrated incident response capabilities are designed to speed response time, reducing exposure and simplifying the response process.

Automated Removal

In addition to blocking threats before arrival, GreatHorn Email Security keeps working even after mail is delivered to user mailboxes. As emergent attack patterns are identified by GreatHorn’s threat response team, GreatHorn scans and removes any threats sitting in user mailboxes. This is particularly helpful in situations where a link is weaponized after the initial threat scan has taken place.

Two-Click Bulk Removal

GreatHorn’s integrated incident response capabilities make it easy for security professionals to perform bulk removal on threats that have made it to user mailboxes. Using GreatHorn Email Security’s robust search interface, incident response teams can quickly identify the breadth of a given attack and immediately remove the threats from user mailboxes.

Unlike the manual, multi-step process that other email security tools rely on, this quick and simple removal means that security teams can protect their employees from widespread, emerging threats faster than with any other tool.

“We inserted GreatHorn into the early stages of response, as a tool for our Help Desk to use to very quickly remove malicious emails after being reported. The early removal reduces the time malicious emails live within our system. As you can imagine, bulk removal is important to the process when campaigns are larger than 100 or so emails.”

GreatHorn customer

Exposing Risk Exposure

Email removal is just one part of the incident response equation—understanding who may have interacted with
the email before it was removed is another.

Search and Forensics

GreatHorn’s comprehensive forensic capabilities can quickly and precisely tell you who received a given threat and when. Since sophisticated attacks can take many forms and often lack the sender and/or subject line consistency of more simplistic volumetric phishing campaigns, GreatHorn’s robust search engine enables you to search against any combination of factors from relatively simple content-based keyword searches to more technical metadata.

Link Analysis

It’s not enough to know who received a given threat and when, you also need to isolate which people actually interacted with the threat. GreatHorn’s Link Analysis provides additional time-of-click protection for users, and also tells you who clicked through to the destination page and when. This additional insight empowers you to make smarter decisions about the severity of your threat response, limiting the business impact to those users that are actually at risk.

Administrators have access to full-click tracking for suspicious and malicious URLs, post-delivery blocking capabilities, and enhanced detection of new threats—even those that have not yet been added to real-time blacklists or publicly available antivirus tools.

“GreatHorn not only identifies more threats than other product, it also provide us with easy remediation capabilities in the rare event that it misses something.”

Yoel Alvarez, Hersha Hospitality Management

Schedule a Demo

Link-based attacks expose sensitive data and intellectual property, while also giving cybercriminals access to systems infrastructure or financial systems. GreatHorn protects against both malicious URLs and credential theft attempts by using fully automated URL sandboxing, with mailbox-/user-level click-tracking, administrative alerting, and credential theft threat isolation.

  • This field is for validation purposes and should be left unchanged.