Defend is an email security tool that evaluates your inbound emails' context, relationships, and message content. This analysis happens before the emails reach your inbox to prevent inbound cyber threats and allows your admins to identify and act on any future breaches.

Banners

Incoming emails from outside of your organization will have a colored banner inserted. These banners inform you of how the email has been classified. The color of the banner corresponds to the associated level of threat.

There are four banner categories displayed below:

• Productivity banners are gray and are applied to emails that Defend classifies as graymail or spam. These emails are usually non-malicious bulk emails such as newsletters, announcements, or advertisements. The purpose of these banners is to act as a visual cue for easy categorization and improved productivity.

  An example of a productivity banner is displayed in the screenshot below:

  

• Benign banners are blue and are informative alerts that are not associated with detected threats. These banners are designed to provide additional context about an email and typically do not require any specific action. Benign banners may notify you about various email characteristics, including:

  • New sender: The email is from someone who has never emailed you before.
  • Financial content: The email contains financial information or references.
  • External source: The email originates from outside your organization.
  • Sensitive information: The email includes content that may be considered sensitive.

  These banners increase awareness and help you make informed decisions about handling an email. While no immediate action is usually necessary, the information provided can be valuable for assessing the email's relevance and importance.

  An example of a benign banner is displayed in the screenshot below:

  

  

  

  

• Suspicious banners are amber and are applied to emails that contain suspicious elements, potentially indicating phishing or impersonation attempts. These banners serve as a cautionary alert, prompting you to exercise increased vigilance. When you encounter an amber banner, follow the tips below:

  1. Exercise caution before taking any action on the email.
  2. Carefully inspect the sender's email address to verify its authenticity.
  3. Be wary of clicking on any links within the email.
  4. Avoid downloading or opening attachments unless you are certain of their safety.
  5. If you need to reply, double-check that you're sending to the legitimate sender, not a similar-looking fraudulent address.
  6. When in doubt, verify the email's legitimacy through an alternative communication channel, such as a phone call or in-person confirmation.
  7. Report suspicious emails to your IT or security team for further investigation.

  An example of a suspicious banner is displayed in the screenshot below:

  

  

• Dangerous banners are red and are applied to emails exhibiting strong indicators of phishing or other malicious intent. These banners represent the highest level of threat warning. When you encounter a dangerous banner, follow the tips below:

  1. Do not click on any links or download any attachments within the email.
  2. Refrain from replying to the email or engaging with the sender.
  3. Do not forward the email to others, as this may spread the potential threat.
  4. Report the email immediately to your IT security team.
  5. Delete the email from your inbox after reporting it unless instructed otherwise by your IT team.

  Remember, dangerous banners indicate a severe risk, and treating these emails as genuine threats is important. Your organization's security protocols should always be followed when dealing with dangerous-bannered emails.

  An example of a dangerous banner is displayed in the screenshot below:

  

Email Summary Page

All banners applied by Defend can be clicked on. This feature allows you to learn more about what was detected in the email. If you think an email has been categorized incorrectly, you can report it by selecting a reporting button at the bottom of the email summary page. For more information about what the email summary page displays, see the list below:

1. What we found: This section provides an overview of what Defend found and the recommended action you should take. In this example, Defend identifies strong signs of phishing and recommends following your organization's policy for reporting phishing emails.
2. Primary Reason: This area describes the primary reason the email raised concerns and triggered the banners.
3. Threat dial: The colored threat dial displays the risk rating that Defend has assigned to this email. In this example, Defend has assigned the highest risk classification.
4. Email information: This section displays advanced email information, including details such as the sender address, sender location, email security protocols, and your previous interaction history with the sender.
5. Report this email: The reporting section allows you to report the email if you believe it has been classified incorrectly by Defend.

Link Protection

Defend includes link protection that helps safeguard you from malicious links in emails, even when they appear legitimate. This protection works by checking links in your emails in two ways:

1. When an email arrives
2. When you click on links in emails

This dual approach helps protect you against links that may seem safe at first but later direct you to harmful websites. Attackers sometimes change where a link goes after an email is delivered, and Defend helps catch this trick by verifying links in real-time when you click them.

When Defend detects a potentially harmful link that you've clicked, you'll see a warning screen instead of being taken directly to the website. This protective screen shows you the actual destination web address, indicates the specific signs of phishing that were detected, and highlights when the sender is being impersonated. This information helps you make an informed decision about whether it's safe to proceed to the website, protecting you from phishing attempts and other malicious sites that could compromise your security.

Productivity Management

Managing your inbox effectively requires distinguishing between different types of bulk communication. Our system categorizes unsolicited or non-essential emails into two main groups: 

• Graymail 
  • Non-malicious bulk email, such as newsletters or marketing updates, that you may have opted into in the past. It is technically wanted at some point, but it can become distracting.
• Spam
  • Unsolicited and potentially dangerous bulk email. These are often sent for commercial purposes and may contain malicious links or attachments.

Depending on your organization's configuration, emails flagged as graymail or spam will either:

• Appear in your inbox with a Graymail or Spam banner.
• Be sent to your _Graymail or Junk folder with a Graymail or Spam banner.

You can click on a productivity management banner to go to the email summary page, where you can find more information about the email. You can help the Defend system understand your preferences better by using the reporting buttons on the email summary page. 

If you believe the email has been incorrectly flagged as graymail, or you want to receive graymail from this sender to your inbox, click the Report as not Graymail or the Report as not Spam button. This action will ensure future emails of this kind will remain in your inbox.

Languages

The default language for the Defend user experience is English. Select user groups can receive banners, email summaries, and link scanning in any of the following languages:

• Chinese (Mandarin) - Simplified
• Dutch
• English
• French
• French Canadian
• German
• Hungarian
• Italian
• Japanese
• Norwegian
• Portuguese
• Portuguese (Brazil)
• Spanish
• Spanish (Latin America)