GreatHorn improves its threat detection, user protection, and incident response capabilities

GreatHorn, the leading cloud email security provider focused on managing risk from advanced email threats, achieved substantial product innovation, customer growth, and expansion during 2019 with improvements to its industry-leading adaptive threat detection, user protection, and incident response capabilities.

Demonstrating its continued market leadership, GreatHorn released the industry’s most sophisticated computer vision-driven solution for credential theft recognition, as well as bulk remediation capabilities that meet the scale of enterprises with complex mail environments and effectively reduce time-to-response for post-delivery attacks.

The company also launched a fully featured, bidirectional API for integration with SOAR, SIEM, and other security platforms. With a focus on increasing visibility and control of an organization’s email security environment, these enhancements to GreatHorn’s flagship product improve threat identification, reduce user engagement with suspicious email, and automate post-delivery remediation.

Targeted attacks through email continue to be the biggest threats facing the modern connected enterprise. Both legacy solutions such as secure email gateways and the native email security controls within cloud email platforms fail to recognize email security as a risk management function, focusing instead on a 100% prevention mindset that does not provide adequate protection.

Sophisticated payload-free attacks, such as impersonations, credential theft attempts, and business services spoofing, often slip past traditional perimeter-based defenses, and organizations have lacked the tools they need to quickly respond and minimize their exposure.

“In one Global 1000 company, we found that a traditional gateway missed 40% of executive impersonations, and 15-20% of all threats, including business email compromise, credential theft, and malicious links,” said Kevin O’Brien, co-founder and CEO of GreatHorn.

“We recognize that email security needs to be approached as a risk management function, and so we are continually developing capabilities that not only identify sophisticated threats more effectively, but also reduce time to response through tools that automate and accelerate remediation, minimizing potential impact to businesses.”

Expanded threat detection

In 2019, GreatHorn incorporated advanced machine learning techniques to expand the number of threats GreatHorn Email Security can detect and remove. Developments included:

• Identification of credential theft sites: Part of GreatHorn’s Link Protection feature, this capability uses advanced computer vision analysis to quickly assess the authenticity of common login pages such as Office 365 and G Suite, thereby identifying and blocking zero-day credential theft threats even if they were weaponized after the email was delivered.
• Expanded detection capabilities: GreatHorn further extended its use of data science to detect more threat types and provide more fine-tuned analysis.
• Automatic detection of domain lookalikes: GreatHorn was awarded a U.S. patent for an algorithm and threat analysis method that identifies fraudulent email messages aiming to impersonate either the target’s company domain or a well-known brand.

Stronger end-user protection

Reducing user engagement with suspicious phish is a critical component of the GreatHorn Email Security platform. By providing users context and threat-specific warnings, the product encourages better risk decisions at the moment they open and interact with their messages, warning users when they are most at risk for interacting with a potential threat. The capabilities GreatHorn expanded in 2019 include:

• Cobranding personalized security context: Email banners, policy reminders, and suspicious link preview pages can now be branded with company logos. When these notifications are delivered with company logos, it improves user recognition and trust.
• General availability of GreatHorn Reporter: This client-side plugin provides digestible threat analysis for any given email and allows employees to easily report phish and manage individual spam block lists directly from the email client. GreatHorn Reporter reduces the administrative burden for security teams with fewer phish reports and integration into the GreatHorn Email Security platform for additional search, forensics, and remediation if necessary.

Faster incident response

Time to remediation is a critical factor when reducing the risk of an emerging threat. GreatHorn extended its core response features in 2019 with:

• Simplified bulk email removal: Released in the first quarter of 2019, this capability enables incident response teams to search for and automatically remove thousands of malicious emails from any employee company inbox within seconds.
• Expanded search and forensics: Upgrades to the platform’s robust search engine enable teams to search against any combination of factors—from simple content-based keyword searches to more technical metadata—to quickly and precisely identify who has received a given threat and when.

Enterprise visibility and controls

GreatHorn’s rapid growth has increased the ways customers are using GreatHorn within the context of the rest of their security portfolio. The following capabilities were released to support these efforts:

• Bidirectional API: GreatHorn released a fully featured, bidirectional API designed to integrate email protection and response with the rest of an organization’s security stack, including SOAR, SIEM, and other platforms, to reduce risk, manual effort, and time to response.
• Immediate, automated customization: In Q4, GreatHorn introduced new capabilities that speed the availability of both organization- and individual-specific analysis such as communication patterns, relationship analytics, technical fingerprinting, and other data science techniques.
• Performance and scalability updates: Improvements enabled the platform to accommodate rapid customer growth and its resulting mail volume.