Welcome to the Egress Defend interactive demo!
In this interactive demo, explore the Defend Admin Portal within the Egress Security Center to see how you can identify risk across inbound email flows, drill down into threats, and assess user risk across your organization. Click the tool tips and highlighted elements throughout to get more detail.
Next
This is the Egress Security Center home page, where you'll find all the Admin portals for your Egress Intelligent Email Security products. For this demo, we will be showcasing Egress Defend. To continue, use either the menu bar on the left or the directory button below to navigate to the Defend Dashboard.
Data visualizations provide an at-a-glance view of suspicious and malicious email activity over time so you know where to focus your efforts.
Average Risk Score shows the company Risk Score and any change within the last timeframe. Clicking on User Risk will take you to the User Risk page.
Jump into your settings to configure your language and banner preferences based on your organization's needs and risk posture.
Set up notifications to inform if there is a new threat or if a user has interacted with a phish.
The Threat Feed displays events related to ‘Dangerous’ or ‘Suspicious’ emails and provides a synopsis of activity. For example, ‘User has clicked a link in a Dangerous email.’ Click the activity to go to a filtered view of Recent Emails for further analysis.
Access the full audit log to review any changes made in the portal and spot potentially malicious or suspicious behavior.
Manage admin permissions for each user based on the level of detail needed for their role.
See how your organization's average risk score is broken down per user and identify problem users.
Review any emails recently received that have been identified as suspicious or dangerous.
This is where you can see all of your allow-listed and deny-listed email addresses, domains, and IP addresses.
For customers with URL rewriting enabled, this is where you can input a rewritten link to see its original destination.
Should you need any assistance, here you can find quick links to the Knowledge Base, Support and more.
Egress Prevent helps you stop accidental and malicious data loss by detecting misadressed emails, incorrect attachments, and attempted data exfiltration.
Go to Prevent Product Tour
Learn more about Prevent
Each incoming email is validated for DMARC, this authentication protects a domain from being spoofed.
Each email classified as Dangerous is categorized to identify the type of phish.
Each email classified as Dangerous is examined to identify the type of threat (payload) it contains.
Risk Score allows you to gain visibility of risk across your user base. These scores are split into three levels of risk: High Risk: 7 - 10 Medium Risk: 4 - 7 Low Risk: 1 - 4
The number of emails your organization has sent and received in the selected time period with an indicator showing if the number has increased or decreased since the previous period.
The number of emails your organization has received that has had a Suspicious banner in the selected time period. The % is the change since the previous period.
The number of emails your organization has received that has had a Dangerous banner in the selected time period. The % is the change since the previous period.
The initial email details tab will show you basic details about the message, like To, Cc and From fields, user interaction history, and message authentication checks.
The advanced tab will surface more granular details about the email, like spam confidence levels, specific domain information, links and attachments.
The intelligence tab shows threat-related details, like phish type, payload used, communication history and more.
In the operations tab you'll be able to view a rendering of the suspicious or dangerous email, see how many users received it, and remediate accordingly. Click View Email to continue.
When you view the message, you'll see a read-only rendering of the email with associated details, like how many times that exact email appears in users' inboxes, true link destinations and attachment details.
You also have the ability to remediate the threat from your users' inboxes, either individually or all at once. Check the box on the right to select all, and then "Remediate Selected" to remove them.
Talk to a specialist
Back to Dashboard
Now that you've remediated the emails from your users' inboxes. you'll see the email location has been changed to "Recoverable Items/Deletions" and the "Active" status has been changed to "Remediated".
This is your user risk breakdown. Here, you'll be able to see which users are having the biggest impact on your average risk score, based on how many emails they receive and how many of those are suspicious or dangerous. You can also dive deeper into each user to see how their engagement with these messages are impacting their score. The higher their score, the more risk they pose to the organization. Click the highlighted user profile below to see their stats.
Risk Score allows you to gain visibility of risk across your user base. Risk evaluates existing data to calculate the likelihood of that user receiving future threats. This information will allow you to focus your resources on training and supporting those who are most at risk, as well as being able to identify the areas in your company that are the least at risk. Data is compiled and scores your users on a scale of 1 to 10. A user with the score of 1 has the least risk and a user with the score of 10 has the most risk. Does a low risk mean my users will not get phishing emails? This means that there is less of a chance that they will be attacked based on historic data. But a user’s risk can change over time and users which are historically low risk could be part of a focused campaign. Does a high risk mean my users have done something wrong? No, there are a broad range of reasons why users get phished, not all of them are down to the user.
This is a user risk profile. Here, you can get a breakdown of each users' email activity and how it contributes to their risk score.
Here, you can see the user's individual score, compare it to your company average, and see how they're ranking against their peers.
Quickly assess the ratio of inbound and outbound emails sent - the more emails they are receiving, the more likely they are to be phished.
See which types of email banners they are receiving most frequently, based on the highest level of warning received. For example, if an email triggers one dangerous red banner and two advisory blue banners, only the dangerous banner would be counted.
The dangerous activity chart helps you spot problem behaviors and potential insider threat, so you can better inform training efforts and mitigate dangerous activity.
This is your recent emails log. Here, you'll find all emails that have been flagged as either suspicious or malicious so you can investigate further into each.
Results can be filtered to make finding certain types of emails easier. You can filter by sender, receiver, threat type, message ID, payload, phish type and user interaction.
These are your allow and deny lists, where you can choose to allow or deny specific email addresses, domains or IP addresses.
This is your event notifications log. Here, you'll find all dangerous and suspicious events that have recently taken place. Click on the highlighted event below to continue.
In the details tab you'll learn more about the event, like what action was taken following the event and, what the trigger was. You can also edit the details shown to name the event, add a specific description, and reclassify event severity.
Defend offers language support for: English, French, Spanish, German, Italian, Dutch, Portuguese, Norwegian or Hungarian.
This is the settings page, where you'll configure warning banner frequency, link rewriting preferences, phish reporting capability and harmful code removal.
Include warning banner for external messages: Always, Only if email is suspicious, or Never.
Include warning banner for emails of a sensitive nature: Always, Only if email is suspicious, or Never.
Include warning banner for messages that are impersonating another user: Always or Never.
Include warning banner for dangerous messages: Always or Never.
Include warning banner for messages from a first time sender: Always, Only if email is suspicious, or Never.
Include warning banner for messages of a financial nature: Always, Only if email is suspicious, or Never.
Include warning banner for suspicious messages: Always or Never.
URL links in emails can be rewritten to protect the user by first scanning them.
A Warning Page can be displayed showing the results of the link scan when a user clicks on a link within an email. This page can always be displayed or only displayed if the link is potentially harmful.
Users can be prevented from following potentially harmful links after they have been scanned via the Warning Page.
Choose whether to hide or show the report phish/not phish buttons on the email summary page.
When enabled, all HTML format emails will have javascript and other potentially harmful scripts removed.
If you'd like to make any changes to how Egress is rewriting or scanning specific URLs, this is where you'll do it. If Egress has rewritten a URL and you'd like to decode it to see the true destintation, that can be done in the URL Decode tab.
Should you need to add, change, or remove any users or admin permissions, you can do that here. Click 'Add Admin' on the right to view policy options.
Enter one or more email addresses to individually apply policies or in bulk. Granular poilcy options make it easy to assign permissions based on need.
In the audit log, you'll have full visibility into every change made in the admin portal, including email remediations, viewed emails, admins added or removed, and more.
'Jeremy.Glimbopo@egressdefend.com'
'Pranav.Pearso@egressdefend.com'
'Elizabeth.Fernandes@egressdefend.com'
'Alan.Djevalikayan@egressdefend.com'
'help@egressdefend.com'
'Yusef.Nobro@egressdefend.com'
'Kirsten.Pankos@egressdefend.com'
'Shannon.Eber@egressdefend.com'