Version 2.6.0 will begin deployment for all customers on November 20, 2019 at 8:00am EDT. This document covers the changes from prior release (2.5.9).
The ability to hide/show cards (Shadow IT, DLP…) and save as a user preference.
When events are detected for multiple recipients, they are presented in a cumulative manner with group actions.
Under “Analytics” in left side menu, Weekly Reports can be viewed, downloaded, and printed.
The ability to exclude specific users or groups from a policy.
The ability to add Allow List options (e.g. by country).
Under “Configuration → Security App Store,” anomaly configuration options can now be added (email alert action, Block List for suspicious geo-locations).
Note: anomaly email alerts to admins are now turned OFF by default and can be enabled here.
Add “Encrypt” as a DLP detection action to enable third-party encryption. When configuring DLP, selecting the new remediation action ‘add-header’ allows for Avanan to detect outbound emails for data leakage and add an email header to it. The third-party encryption tool is activated using a mail flow rule that checks for the header and encrypts the outbound email.
Executive spoofing is a scam in which cybercriminals impersonate the names and emails of company executives to fool an internal employee into disclosing sensitive information or executing a payment.
In Avanan version 2.6, SmartPhish has a setting that allows Avanan administrators to automatically block such spoofing attempts.
Configuration
Avanan administrators can trigger their “Phishing” or “Suspicious” workflows when SmartPhish detects a nickname impersonation.
Best Practices
Note that regardless of your settings, SmartPhish will always look for nickname impersonations for all users. The configuration described here will ensure that, for the scope of users selected, at least the “Suspicious” workflow is triggered.
Handling False Positives
Many commonly used services like Salesforce or ServiceNow send legitimate emails on behalf of other users. To SmartPhish, these will be detected as nickname impersonations. Therefore, it’s important to ensure that this configuration is not generating false positive phishing/suspicious detections.
In order to do so, create a Custom Query that filters only for detections containing nickname impersonations. You can find the fields embedded under Security Stack → SmartPhish.
Example Output:
Be sure to Allow List legitimate services that appear in the query by navigating to Configuration → Antiphishing Allow List
If you have any questions or would like assistance configuring, please reach out to support@avanan.com.