Check Point Email Security | Blog

Taking Action on Anomalous Behavior

Written by Jeremy Fuchs | April 5, 2023

One of the key tenants of email security is detecting anomalies. When something happens that's out of the ordinary, it can be a sign that malicious behavior is afoot. Here's a sampling of some of the anomalies we detect:

  • New delete-all-emails rule
  • Users sending malicious emails
  • Moving all emails to a subfolder
  • Login from a Malicious IP address
  • First time in New Country
  • Massive Senders
  • Auto-forwarding to an external email address
  • and much more

It's one thing to discover this information--it's another to take action.

Our automatic blocking of compromised accounts provides ith a workflow that automatically blocks users detected as compromised and terminates all active sessions. (Admins can also choose to do this manually, as well.) 

This detection of anomalous logins is powered by AI engines that inspect all parameters of login events to pinpoint those that malicious actors do. The parameter list is dynamic and ever-growing, and includes the IP address, browser and browser version, device, VPN brand and more. 

Understanding how email security solutions not only monitor and detect anomalies, but also take action on them, is critical. With Avanan, you can do it automatically, with easy workflows, with no additional products or alerts to monitor.

Simple and effective. As it should be.