Incident Response - GreatHorn

Integrated Incident Response

Minimize risk exposure with email removal and in-depth forensic capabilities

When a phishing attack hits, every second matters

It’s a poorly kept secret that no email security tool can block 100% of threats. And yet today’s security professionals have to rely on time-consuming and often inaccurate scripting or a simplistic and manual search and remove process.

Meanwhile, every minute that incident response takes is one minute closer to a click and a potential breach. GreatHorn’s incident response capabilities make it easy to find and bulk remove threats from user inboxes in just seconds.

Email Removal—No Scripts Required

From automated removal to two-click bulk remediation, GreatHorn’s integrated incident response capabilities are designed to speed response time, reducing exposure and simplifying the response process.

Automated Removal

In addition to blocking threats before arrival, GreatHorn Email Security keeps working even after mail is delivered to user mailboxes. As emergent attack patterns are identified by GreatHorn’s threat response team, GreatHorn scans and removes any threats sitting in user mailboxes. This is particularly helpful in situations where a link is weaponized after the initial threat scan has taken place.

Two-Click Bulk Removal

GreatHorn’s integrated incident response capabilities make it easy for security professionals to perform bulk removal on threats that have made it to user mailboxes. Using GreatHorn Email Security’s robust search interface, incident response teams can quickly identify the breadth of a given attack and immediately remove the threats from user mailboxes.

Unlike the manual, multi-step process that other email security tools rely on, this quick and simple removal means that security teams can protect their employees from widespread, emerging threats faster than with any other tool.

“We inserted GreatHorn into the early stages of response, as a tool for our Help Desk to use to very quickly remove malicious emails after being reported. The early removal reduces the time malicious emails live within our system. As you can imagine, bulk removal is important to the process when campaigns are larger than 100 or so emails.”

GreatHorn customer

Analyzing Risk Exposure

Email removal is just one part of the incident response equation—understanding who may have interacted with
the email before it was removed is another.

Search and Forensics

GreatHorn’s comprehensive forensic capabilities can quickly and precisely tell you who received a given threat and when. Since sophisticated attacks can take many forms and often lack the sender and/or subject line consistency of more simplistic volumetric phishing campaigns, GreatHorn’s robust search engine enables you to search against any combination of factors from relatively simple content-based keyword searches to more technical metadata.

Link Analysis

It’s not enough to know who received a given threat and when, you also need to isolate which people actually interacted with the threat. GreatHorn’s Link Analysis provides additional time-of-click protection for users, and also tells you who clicked through to the destination page and when. This additional insight empowers you to make smarter decisions about the severity of your threat response, limiting the business impact to those users that are actually at risk.

Administrators have access to full-click tracking for suspicious and malicious URLs, post-delivery blocking capabilities, and enhanced detection of new threats—even those that have not yet been added to real-time blacklists or publicly available antivirus tools.

Ready for a demo?

Schedule a personalized demo with a 5-minute deployment to get you up and running fast.