Find suspicious and malicious mail rules that result from phishing attacks.
Take action directly from the Push platform to prevent business impact.
Get instant detection and response capability to stop future attacks.
A common attack technique where mail rules are created inside a user's mailbox to perform malicious actions, like forwarding emails to an external address. Although companies can be targeted directly, it's often opportunistic, where a rule is created automatically after a successful phishing campaign, malware infection or account compromise.
Connect Microsoft 365 or Google Workspace to get instant visibility into all mail rules within employee mailboxes.
Get instant insights about whether the rules are legit, suspicious, or malicious.
Use ChatOps (Slack and Teams) to automatically ask the owner of the mailbox about a suspicious mail rule. Push asks employees whether a rule seems strange or if it's something they set up intentionally so we can tell you whether the rule is malicious or safe.
Disable or delete malicious rules based on their response to prevent business impact, right from the platform.
We immediately notify employees when a new rule is created in their mailbox. They know whether they've just set up a rule to forward work email to their personal email. If the mail rule wasn't created by them, it's suspicious and possibly malicious.
Push automatically disables rules employees don't recognize and notifies you so you can take immediate action to prevent further compromise.
No SIEM or any other detection infrastructure is required. Keep it simple.
Detect SaaS apps that employees are using in your company.
Nudge employees to remove unused third-party integrations.
A strong indicator of compromise. Detect and respond automatically.
Use ChatOps to automatically nudge employees to enroll.
The latest news, articles, and resources, sent to your inbox.
