Armorblox releases Graymail and Recon Attack Protection to stop malicious emails

Armorblox has released its newest product, Graymail and Recon Attack Protection, developed to decrease the time security teams spend managing graymail and mitigate the security risks from malicious recon attacks.

This is in addition to the announcement of new capabilities across two main products of the Armorblox cloud-delivered email security and data loss prevention platform: Advanced Data Loss Prevention and Abuse Mailbox.

The new capabilities are designed to enhance overall productivity across security teams by providing custom, automated workflows across user-reported threats, improved graymail detection and classification, and enhancements to data protection features.

The new features build on the platform’s existing capabilities, which provide email protection for automatically detecting and protecting against emerging language-based cyber threats, preventing accidental or malicious data leakage and compliance violations across all communication channels, and saving security teams time from having to manually sort through graymail and respond across individual user-reported threats.

“At Armorblox, we understand the challenges that organizations face in managing graymail and the potential security risks associated with it. Graymail is not just a nuisance, it’s a potential security risk that can expose organizations to cyber attacks. Data from our recent report highlights that up to 27 hours a week is wasted on manual graymail management – security teams can’t afford to ignore this issue,” said DJ Sampath, CEO of Armorblox.

“That’s why we’re excited to announce our latest product, Graymail and Recon Attack Protection, which directly addresses the pain points organizations face when it comes to graymail management. With Armorblox, organizations can receive advanced protection against reconnaissance attacks that can lead to serious data breaches and confidently manage and enhance productivity across their security team, while getting peace of mind that they are staying ahead of evolving threats,” added Sampath.

New Armorblox capabilities include:

Improved graymail detection and protection against recon threats

Armorblox Graymail and Recon Attack Protection uses advanced machine learning algorithms and large language models to enable the precise detection and classification of graymail, such as newsletters and marketing emails, and unwanted solicitation from a legitimate source – all while reducing the risk of malicious reconnaissance threats, emails disguised as genuine graymail communications with the intention of eliciting a response prior to exfiltrating sensitive data.

Automatic remediation removes the need for manual review, saving security teams up to 30 hours each week, and end-user preferences (based on movement of graymail) are automatically monitored and applied for all future incoming graymail communications.

Abuse mailbox custom workflows for end-user reported phishing threats

Security teams can now automate the feedback loop back to end users for user-reported phishing incidents submitted to Armorblox Abuse Mailbox. This keeps end users informed of the status of user-reported threats and engaged in the security process.

Pre-configured templates allow security teams to automate the response back to end users based on incident type, while custom templates allow for pre-authorized workflows to be quickly and efficiently identified as exceptions for a reduction in false positives.

Custom DLP workflows

Armorblox Advanced Data Loss Prevention provides powerful data protection capabilities, including automatic classification, protection, and encryption of sensitive information (PII/PCI/PHI, source codes, tabular data, across languages).

The latest enhancements bring investigation, management, and response to sensitive emails that have been blocked, together, into a streamlined workflow. Insightful DLP analysis per incident allows admins to quickly remediate (delete or request alterations) or release the email to be sent.

Armorblox is committed to providing security teams with the email security and data protection solutions, so that organizations can stay ahead of emerging threats, protect organization-specific sensitive data, and ensure compliance across industry regulations.

“As cyber criminals ramp up the sophistication of their socially engineered attacks with generative artificial intelligence tools such as ChatGPT, only email security solutions that apply the full capabilities of large language models for language-based detection can protect end users from the onslaught of emerging attacks,” said Arjun Sambamoorthy, Chief Architect at Armorblox.

Armorblox Large Language Models and Artificial Intelligence capabilities include:

• GPT Large Language Models & AI – Analyzes the content and context of email communications: text in email body and attachments for tone (like urgency) and intent (unusual requests) often seen in social engineering tactics, and provides in-depth email analysis to protect against sender impersonation, ransomware/extortion, account compromise attacks, and graymail.
• Computer Vision – Follows URLs to final destination and inspects in real-time to protect against fake landing pages used in malicious credential phishing campaigns. Minute, visual deviations such as image and layouts often go unnoticed by the human eye; Armorblox analyzes and safely redirects end users away from these malicious pages.
• Malware & File Attachment Inspection – Analyzes attachments, malware, and advanced persistent threats, while ensuring there are no delays in end users gaining access to critical emails, nor disruption to critical email-based business workflows. Armorblox provides static and dynamic analysis and safely blocks end users from engaging or downloading malicious files.
• Contextual Analysis & Attacks Overview – Creates both user-specific and organization models for custom behavior baselines, so that how and who one communicates with are continuously monitored and anomalous communications and conversations are automatically flagged.