SANS Institute Report: Protecting Your Cloud Office Inbox with Armorblox

Lauryn Cash
Written by Lauryn Cash
Product Features /
SANS Institute Report: Protecting Your Cloud Office Inbox with Armorblox

On June 2, 2022 SANS Institute published the report: Protecting Your Cloud Office Inbox. Written by SANS Author, Matt Bromiley, this report goes into detail about the Armorblox cloud delivered email security platform and product capabilities.

SANS Institute agrees that email is an integral part of all business communications between employees, customers, and third parties. With the growing popularity of use across organizations, adversaries have also leaned into this rising trend as the preferred vector for malicious email attacks.

“To protect their email infrastructure, security teams rely on defense systems to detect malicious emails and prevent them from entering the environment. However, year after year, phishing numbers grow—and adversaries continue to find success.”

As of December 2021, the FBI disclosed in an announcement business email compromise (BEC) and email account compromise (EAC) are responsible for $43 billion in losses.

SANS Institute and author, Matt Bromiley, believe that the time has come to look at new architecture and technology in order for organizations to defend and protect against these targeted, malicious email attacks, and that Armorblox is the answer to solve this problem.

“Purposely built to integrate with modern email systems, Armorblox provides security teams with advanced capabilities to prevent email-based attacks and put a dent in adversary success rates.”

– Matt Bromiley, SANS Author and Incident Response Consultant

The product review, delivered by SANS Institute, puts Armorblox platform and product capabilities to the test as they uncover how Armorblox assists security teams, secures email infrastructure(s), and protects against targeted attacks and cyber threats.

Highly capable and powerful platform enables malicious email detection, prevention, and investigative capabilities.

Overall, SANS Institute classifies Armorblox as a “robust email security solution in a simple, easy-to-use platform.”

Matt Bromiley, SANS Author explains:

“Some of the best spearphishing emails seem simple, innocuous, and innocent enough. That’s exactly the point. Adversaries have discovered what techniques will help them evade email defenses, oftentimes removing links and attachments that bypass email filters. This is where understanding the conversation comes into play. The next line of defense looks at context and other key statistics, areas at which Armorblox excels.”

Armorblox product capabilities go beyond malicious email detection and prevention, and SANS also agrees with the sophisticated investigative capabilities available within the platform:

“Armorblox provides analysts with sample decisions and emails in a single place, allowing them to quickly review threats, make decisions, and keep the organization safe from email threats.”

Detect and block malicious emails with advanced technologies, such as Natural Language Understanding, Machine Learning, URL protection, and malware sandboxing.

This SANS report goes into detail about Armorblox’s detection models and applauds the approach to email security the product provides. Whether malware, malicious links, credential phishing, or financial fraud, SANS explains that adversaries target an organization’s email as much as possible in order to exploit and steal sensitive information. Due to this, Matt Bromiley of SANS explains the benefit and importance of Armorblox technology in order to protect against these targeted attacks:

“The power of the Armorblox platform lies within its various detection models. Instead of relying on malicious—but often static and old—indicators, Armorblox incorporates advanced technologies such as natural language understanding (NLU) and AI/ML (machine learning) concepts to detect suspicious and/or malicious emails.The platform can achieve high efficiency rates by integrating directly with an enterprise’s cloud email environment and “learning” about its email traffic.”

SANS also appreciates the products within the Armorblox platform that save analysts time, such as the Advanced URL Protection feature: 

“Armorblox also caches a screenshot of the malicious URL for posterity. We love this feature because it saves analysts from having to click through links or set up anonymous sources.”

Email Data loss prevention that is simple to configure and use. By combining with NLU, Armorblox reduces false positives - a truly unique, differentiating feature.

After going through detailed examples of threats Armorblox has detected and stopped, SANS Author, Matt Bromiley also gives much appreciation to Armorblox’s Advanced Data Loss Prevention solution. Bromiley reflects on how often DLP functionality either works or doesn't, and often draws mixed reviews, but with Armorblox technology the ability to recognize sensitive data amongst email traffic is highly effective.

“The DLP functionality within Armorblox prevents users from accidental data leakage and/or exposure. It’s clear that Armorblox has no difficulty recognizing data structures amongst email traffic. DLP rules can also be customized and implemented based on organization specifics.”

The difference and sophisticated technology that Armorblox brings to data loss is one that SANS and Matt honed in on as a main contributor to false positive reduction; something that other DLP tools lack. 

“The key differentiator that Armorblox brings to DLP is the integration of its NLU engine to complement what most DLP tools rely on: custom identifiers and regular expressions. Understanding the context and content of the email can help dramatically reduce false positives.”

Armorblox augments native email security from Microsoft Office 365, Gmail and adds depth in defense for existing Secure Email Gateways.

SANS Institute examined the Armorblox platform in depth and describes it as, “An email security platform built with the unique, intricate needs of an organization as its priority.”

Armorblox puts the needs of the organizations we protect from targeted attacks first, and with our global machine learning model, protection from targeted attacks are within reach for all organizations.

“With high-powered analytics driven by technologies such as natural language understanding and integrated AI/ML, Armorblox learns and tunes itself to the environment to better protect it. The platform can be used to either complement native email security from Microsoft Office 365 and Google Gmail or add depth in defense to your existing secure email gateway (SEG). Organization-driven policies, highly intuitive analysis, and auto remediation capabilities also make Armorblox an easy fit with analysts, allowing for robust incident investigation with little overhead.”

– Matt Bromiley, SANS Author and Incident Response Consultant

We agree with SANS Institute when they say, “Email security is one of the better investments any organization can make in its security infrastructure.” Armorblox is dedicated to preventing adversaries from exploiting an organization's email.

Get your complimentary copy of the full SANS Institute report: Protecting Your Cloud Office Inbox, and watch the SANS webinar here.


To see Armorblox work in your environment, get started with a free 2-week risk assessment below.

Get a FREE Risk Assessment

Read This Next