A Deep-Dive Into Armorblox 2.0

Abhishek Iyer
Written by Abhishek Iyer
Product Features /
A Deep-Dive Into Armorblox 2.0

Friends, please shuffle your feet towards the fire for some exciting news! Over the past months, our team has been hard at work perfecting Armorblox 2.0, a critical step in our journey to stop the targeted email attacks of today and tomorrow. As we gear up for more announcements in the weeks to come, we’d like to walk you through the major features of Armorblox 2.0.

This release is packed with features suggested to us by customers, end users, and industry experts. Armorblox 2.0 introduces:

  • Refined classification and explainable detection for targeted email attacks.
  • Customizable response actions for different attack types.
  • Email DLP that blocks PII, PCI, and unencrypted passwords from leaving the organization.
  • Automated remediation of bulk emails reported to company abuse mailboxes.
  • Compliance and access control features to handle enterprise security needs with ease.

and much more!


Before we begin, we’d like to extend high-fives of gratitude to all our customers. Thank you for being effusive with your praise, forthright with your feedback, and generous with your collaboration.

Seat belts all fastened? Let’s kick this release up a notch...

Refined attack classification and explainable detection

Targeted email attacks are often bunched up under the umbrella of ‘Business Email Compromise (BEC)’. While this is perhaps a necessary simplification for building industry awareness, targeted email threats don’t follow any one agreed-upon set of techniques. There are various ‘strains’ of BEC attacks, each using a different technique, targeting a different persona, or having a different end goal.

The Armorblox 2.0 detection engine studies thousands of signals across identity, behavior, and language to accurately classify emails into granular attack categories. These categories align with the techniques attackers use and the victims they target, providing Armorblox users straightforward explanations about the ‘what’ and ‘how’ of attacks rather than shrouding them in ML mystery.


Fig 1: Armorblox email attack classification

Moving on to the ‘why’ of attack detection, Armorblox 2.0 offers comprehensive explainability of its attack detections, providing email-specific analysis that’s built for human eyes. The analysis includes a quick summary of what was detected, additional insights that feed into detection, as well as highlights within email content and metadata.

If security teams know exactly why Armorblox classified an email as payroll fraud, for example, they can confidently delete the email or mark it as safe without any second-guessing.


Fig 2: Armorblox explains the ‘why’ behind every email attack detection


Fig 3: Attack analysis includes highlights within email content and metadata

Customizable attack remediation options

Remediating email attacks is tricky, with security teams needing to walk the tightrope between safety and productivity. In this scenario, security teams should have the ability to define custom remediation actions that cut across organizational departments, hierarchy, and the certainty of the remediation action itself.

Let’s take an example. For an impersonation attack, you may want to delete the email and send custom alerts to a security analyst when a VIP or someone from the finance team has been targeted. For other employees, the same attack may merit just a quarantining of the email because the possibility of financial loss is not as immediate.

Armorblox 2.0 provides user-defined remediation options for every attack category, enabling security teams to respond to email alerts with minimal manual effort while upholding organizational productivity. These actions, once set for an attack category, are automatically applied to every email that gets classified under that attack category.


Fig 4: Customizable remediation actions…in action (sorry)

Email data loss prevention

Looking at email security through an attacker-agnostic lens, it’s worth noting that data loss over email is a critical reason for organizations being less secure. It doesn’t matter if the data loss is borne out of malice or human error; the end result is organizations falling short of compliance and paying the price.

Armorblox 2.0 detects data loss over email including PII, PCI, and unencrypted passwords, enabling security teams to accurately measure risk exposure due to data loss. Armorblox can also block offending emails containing sensitive data from leaving the organization.


Fig 5: Armorblox detects and prevents data loss over email

PII, PCI, and password data loss prevention is the first step Armorblox has taken in the DLP marathon. You can learn more about Armorblox DLP capabilities here.

Abuse mailbox remediation

If you’re part of a security team, the mere mention of ‘too many emails, not enough time’ will have you nodding your heads in vigorous agreement. Company phishing/abuse mailboxes are bursting at the seams because of over-reporting, mass phishing campaigns, and the repetitive nature of attack remediation.

Armorblox 2.0 connects with customer abuse mailboxes and automatically resolves any reported email that flags an Armorblox detection category. Security teams can also remove similar suspicious emails across user mailboxes with one click, even if only one person actually reported the email to the abuse mailbox.

You can learn more about Armorblox abuse mailbox remediation capabilities here.


Fig 6: Armorblox automatically deletes suspicious emails across user mailboxes

Enterprise grade capabilities

The Armorblox product and engineering teams have been hard at work over the past few months, aiming to marry consumer-grade simplicity with enterprise-grade robustness in the platform. We’re proud to share that Armorblox 2.0 is packed with features that make it immediately enterprise-ready.

Armorblox is SOC 2 Type 2 certified, highlighting our commitment to upholding the integrity, confidentiality, and privacy of customer data.

Some other enterprise-grade features to note are:

  • Role based access control allows users to tailor permissions according to their security tolerance and organizational hierarchies.
  • Detailed audit logs provide users with relevant visibility into activity.
  • Two-factor authentication is built into the product for all admins and users, appending a layer of security while accessing Armorblox.
  • Integrations with SIEM and SOAR solutions through RESTful APIs facilitates inter-product connectivity and sends threats detected by Armorblox to any preferred source of truth.
  • Custom alerting enables the dissemination of timely email notifications to security teams for critical email threats, accelerating investigation without adding to alert fatigue.

We hope you’re as excited to get your hands on Armorblox 2.0 as we were while building it in our purple basement! Stay tuned for more product updates and deep-dives in the weeks to come.

To see inbound and outbound email protection in action, you can register for a 90-day free version of Armorblox below.

Get Armorblox Free Edition

Read This Next