Compromised Accounts (Anomaly) Workflows
When Avanan detects a high-confidence compromised account, it automatically re-inspects the user's emails for the last three hours.
As these emails are more suspicious of being malicious, the Anti-Phishing security engine performs this inspection with increased sensitivity.
If it detects phishing emails sent from this user, it takes remediation action based on the policy applied to the user.
-
If the policy is in Detect mode, it takes no action.
-
If the policy is in Prevent (Inline) or Detect & Remediate mode, it quarantines the email.