GreatHorn detects the most carefully planned email attacks

Its ability to unmask phishing and social engineering attacks based on context truly sets it apart.

Become An Insider

Sign up now and get FREE access to hundreds of Insider articles, guides, reviews, interviews, blogs, and other premium content. Learn more.

It’s no secret that successful cyber-attacks against organizations in all sectors are on the rise. One of the most popular attack tools today is a phishing email combined with social engineering. Why go through all the trouble of trying to break into a network, find critical assets and slowly exfiltrate data when you can simply ask a user to send you the information you want to steal? Better yet, why not ask for a couple hundred thousand dollars while you're at it? Believe it or not, those types of “please hand me the cash” attacks are also highly successful.

The reason these types of phishing attacks are so successful is because a good attacker does a lot of research. Users don’t think they are transferring cash to a hacker. They believe they are paying a legitimate bill, giving critical information to their boss or resetting a password for a friend. And because most email gateway appliances only scan for known bad domains or the presence of malware (neither of which needs to be present in these types of social engineering attacks) they normally breeze through security.

GreatHorn was designed to close that security gap, as well as lock down the rest of the mail stream, which remains one of the most popular avenues for launching cyber attacks. GreatHorn is a software as a service (SaaS) product that exists inside the cloud. It works particularly well with Microsoft Azure, where it can run in tandem with a corporate mail server for Office 365 users. But it also works elsewhere. In fact, installation involved simply heading over to the signup page and providing credentials for our approved test account.

I have reviewed countless email gateway appliances in the past, and while they all do a good job at stopping things like malware attachments, they don’t have any contextual information about how to stop modern, targeted social-based attacks. They also require things like changing MX records and routing pathways. Plus, when they do catch something, the only option is generally to quarantine the mail and have a human, eventually, take a look to see if the mail is in fact malicious. That can take time, and false positives are fairly common.

GreatHorn Install John Breeden II/IDG

Installing GreatHorn is extremely easy. Just visit the webpage and provide your credentials.

GreatHorn works differently. Because it integrates with the mail software within the same cloud, the installation is seamless and mostly invisible. Once it’s up and running, it uses machine learning and the knowledge of billions of previously scanned emails to provide context when examining the mail stream.

Behind the scenes, the product works by first delivering mail sent to a user into a hidden folder, where it is examined. Then that mail, if approved, goes into the user's inbox. Besides a second or two delay when receiving mail, GreatHorn is seamless to a user and invisible unless it finds that something is amiss.

To continue reading this article register now

SUBSCRIBE! Get the best of CSO delivered to your email inbox.