Security Experts:

GreatHorn Expands Email Security Platform

Waltham, MA-based GreatHorn has expanded its machine-learning phishing protection system into a complete email security platform. "This major new expansion of the Company's flagship solution," it announced on November 14, "addresses every potential stage of a phishing attack with integrated threat detection, protection, defense, and incident response."

"We believe that email is the most critical business communication system in existence, and that requires best-in-class protection," explains GreatHorn's CEO and co-founder Kevin O'Brien, "not just a small point solution, plug-in or add-on."

Four new modules have been added to the existing product: imposter protection (which offers protection against attacks via spoofed and look-alike domains, and business email compromise -- BEC  -- attacks); link protection (which includes automated URL sandboxing to protect against link-based credential theft); attachment protection (including file isolation for protection against zero-day attacks via attachments); and mailbox protection (providing personalized email protection for users based on their individual communication patterns and relationships).

The mailbox protection module is effectively a new product available as an Outlook or Chrome plug-in. It is available today in beta from GreatHorn; but will soon be on general release via the Microsoft Office Store or the Google Chrome Web Store. Its purpose is to provide the user with the tools and context necessary to make better decisions on how they interact with their email.

O'Brien believes that users are often dismissed as the company's weakest link without ever being given the information necessary to make intelligent decisions. "The security industry continues to treat users as the ëweakest link' in their security practices, rather than as intelligent, informed, and vital parts of a true security posture," he said. 

"Until today, email users have not been provided with meaningful context or the security tools they need to make better risk decisions at the moment that they open and interact with their messages. With GreatHorn Mailbox Protection, however, relationship and risk data will be immediately and easily accessible to the user without needing technical training or having to navigate to another system. GreatHorn Mailbox Protection empowers end users to take action from the front lines, further reducing their organizations' susceptibility to today's advanced email attacks."

Information provided to the email user includes the strength of their relationship (and that of their organization) with the sender; the data of their most recent outbound communication with the sender, the likelihood that the email comes from the purported domain; and the relative risk of any embedded links within the email.

The user is then able to make an intelligent decision -- to accept the email at face value, to mark it as phishing and quarantine it, or as spam and delete it, or to add the sender to a personal block list to reduce unwanted email.

The platform isn't simply based on the addition of the new modules -- the existing product has also been enhanced. "As part of the expansion," GreatHorn told SecurityWeek, "we have made substantial updates to other parts of the platform, specifically Adaptive Threat Detection, Automated Threat Defense, and Post-Delivery Incident Response, which run across the platform regardless of the type of attack."

The threat detection algorithms have been improved in their ability to calculate relationship strength and communication patterns, and the organizational and technical fingerprinting is enhanced to detect more nuanced anomalies such as domain authentication drift.

Threat detection is improved with URL rewriting and sandboxing, and analysis at both ingest and time of click -- with greater administrative control over user interaction with suspicious links. Threat-specific context and warnings with configurable banners have been added.

The new platform is well-received by GreatHorn customers. "As the nation's largest financial life management firm, United Capital Partners is a constant target for cybercriminals looking to gain financial advantage," commented Brandon Gage, senior vice president of technology at United Capital Partners. "Imposter Protection from phishing and other fraudulent cyber-attacks, in particular, has been a critical focus for our GreatHorn implementation. We're pleased with the decreased risk profile we've achieved through our collaboration with GreatHorn and have already seen additional value with the solution's improved spoofing detection."

GreatHorn, founded in 2015 by Kevin O'Brien and Raymond Wallace, raised $6.3 million Series A funding led by TechStars Venture Capital Fund and .406 Ventures in June 1027.

Related: State of Email Security: What Can Stop Email Threats? 

Related: DMARC Use is Growing, But Difficult to Configure Correctly and Completely 

Related: The Disconnect Between Understanding Email Threats and Preventing Them 

Related: Email Impersonation Attacks Increase by 80% 

view counter
Kevin Townsend is a Senior Contributor at SecurityWeek. He has been writing about high tech issues since before the birth of Microsoft. For the last 15 years he has specialized in information security; and has had many thousands of articles published in dozens of different magazines – from The Times and the Financial Times to current and long-gone computer magazines.