Avanan can automatically block all outgoing emails from accounts detected as compromised.
Compromised accounts are a big threat to organizations and are therefore detected and automatically blocked by Avanan.
As an added security layer, administrators can now configure Avanan to automatically add an Anti-Phishing block-list for all outgoing traffic from accounts detected as compromised or suspected-compromised.
This added layer best serves two main scenarios:
- Scheduled malicious messages – The attacker may schedule emails to be sent at a later stage that suits their attack, knowing that the user they compromised may be blocked at any time.
- Hybrid Environments – in cases where the on-premises Active Directory overrides the Azure Active Directory, blocked users may be unblocked. In this case, all outgoing emails from this compromised user will still be blocked.
To automatically block all outgoing email traffic from compromised accounts, go to Security Settings > Security Engines > Anomaly Detection > Configure and check the Add Anti-Phishing block list for outgoing emails under the Compromised accounts and/or Suspected compromised accounts workflows.
Note – after unblocking a blocked compromised account, you will need to manually remove the created block list under Security Settings > Exceptions > Anti-Phishing.
This feature is being deployed gradually – you should see it in your portal during the next 7 days.