Smart Banners

Overview

Smart Banners are customizable banners added to incoming emails that Harmony Email & Collaboration found clean of threats.

These banners help distinguish external, unverified, or potentially fraudulent emails and so on that serve these main purposes:

• Make users cyber-aware - The banners draw user attention to suspicious elements in the email that - combined with the user insights - might lead to the understanding that the email is malicious.

• Remind users to follow the company policy - The banners alert the user to follow company policies for particular emails. For example, emails that contain invoices or requests to modify a partner's billing information.

Attaching Smart Banners to Emails

00:00: Smart Banners allows you to add customized banners to non-malicious emails with sensitive information. These banners alert the user depending on the nature of the email and promote compliance with your organization's policy. This video shows how to enable Smart Banners in Harmony Email and Collaboration. 00:20: Log in to the Infinity Portal. Access the Harmony Email and Collaboration Administrator Portal and click "Policy". 00:29: Select the email service for which you need to enable Smart Banners. For example, "Office three sixty five Mail". 00:37: Create a new Threat Detection policy or open the existing policy. 00:42: Set the policy mode as "Prevent (Inline)". 00:46: Scroll down to the "Clean Emails" section and select "Deliver with Smart Banners" for "Clean Workflow" 00:52: Click "Save and Apply". Now that you have enabled Smart Banners, you must select the banners required for your organization. 01:00: To do that, navigate to "User Interaction" and then click "Smart Banners". 01:05: Select the banners required for your organization. 01:09: To change the default text used in the banner, click the edit icon and make the required changes. 01:15: Select a severity for the banner. 01:18: Finally, click "Save and Apply". 01:21: Thanks for watching the video.

To attach Smart Banners to emails:

1. Create or edit an existing Threat Detection policy for Office 365 Mail or Gmail. See Threat Detection Policy for Incoming Emails.

2. Set the policy protection mode as Prevent (Inline).

   Note - Smart Banners are not supported for policies in Detect and Detect and Remediate protection mode.

3. Scroll down to Clean Emails section and for Clean Workflow, select Deliver with Smart Banners.

4. Click Save.

Notes: For allow-listed emails, Smart Banners are not added. When more than one banner is applicable for an email, Harmony Email & Collaboration adds the banner with the highest severity. If there are multiple banners with the same severity, the one with the highest priority is added. For information about priority of the banners, see Supported Smart Banners. These banners apply only to emails written in English: Request to update payment details Invoice from a new vendor Payroll information update request Emails with Invoices / POs

Customizing Smart Banners

To customize a Smart Banner:

1. Click User Interaction > Smart Banners.

2. Click on the banner.

   The banner's preview appears.

3. Click the icon on the banner.

   

4. To change the banner's severity and color, select Low, Medium, or High.

5. Make the required changes to the text.

6. Click Save and Apply.

To remove the Secured by Check Point footer:

1. Click User Interaction > Smart Banners.

2. Click Settings next to Smart Banners from the top of the page.

   Smart Banners Config pop-up appears.

   

3. Clear the Add "Secured by Check Point" to all banners checkbox.

4. Click OK.

Enabling/Disabling Specific Smart Banners

Harmony Email & Collaboration delivers the emails with a specific Smart Banner if they match the use case the banner covers.

To enable or disable specific Smart Banners, do these:

1. Go to User Interaction > Smart Banners.

2. Toggle the button On/Off to the left of the required banner.

   Note - Smart Banners can only be turned on/off for all the protected users in the Infinity Portal tenant (account) and does not apply per policy.

3. Click Save and Apply.

Automatically Enabling New Smart Banners

Check Point periodically introduces new banners for additional elements and characteristics. To enable these banners automatically:

1. Click User Interaction > Smart Banners.

2. Click Settings next to Smart Banners from the top of the page.

   The Smart Banners Config pop-up appears.

   

3. Enable the Automatically enable newly introduced banners checkbox.

4. Click OK.

Excluding Specific Sender Domains from Smart Banner

Harmony Email & Collaboration allows administrators to exclude Smart Banners from emails sent by specific domains. To do that:

1. Go to User Interaction > Smart Banners > Settings.

   The Smart Banners Config window appears.

   

2. Select the Exclude sender domains checkbox.

3. In the Excluded sender domains field, enter the selected domain(s) separated by commas.

4. Click OK.

Supported Smart Banners

Harmony Email & Collaboration supports these Smart Banners:

Category	Smart Banner Name	Description	Default Severity	Priority	Is enabled by default?
Business email compromise	Sender resembles a real contact	Email from a sender that resembles but is not identical to a contact the recipient is corresponding with.	High	1	Yes
	Request to update payment details ¹	Email that resembles a request from vendors to change their payment details.	High	2	Yes
	Invoice from a new vendor ¹	Email with an invoice from a vendor that never contacted before.	Medium	21	Yes
	Payroll information update request ¹	Emails from external senders requesting to update their payroll information.	Low	41	Yes
Financial transaction requests	Emails with Invoices / POs ¹	Email that contains a request for payment in the form of invoice or purchase order.	Low	42	Yes
	Payment request via payment service	Email that contains a payment request received via accounts in payment services.	Low	43	Yes
Avoiding inspection	Emails with links to restricted resources	Email with links to resources with restricted access, possibly in order to avoid inspection.	Low	45	Yes
Fundamentals	Sender name different than address	Email from sender with a name that is significantly different from the email address which may indicate an impersonation attempt.	High	3	Yes
	Reply-to domain recently created and its address is different than the sender’s	Email with reply-to address different from sender address and whose reply-to domain is created recently.	High	4	Yes
	Sender domain created recently ²	Email whose sender domain was created recently.	Medium	23	Yes
	Sender SPF failed	Email that failed SPF checks.	Medium	24	Yes
	Incoming emails from external senders	Email from an external sender (outside the organization).	Informative (blue)	81	No
Impersonation	First-time sender ³	Email from a sender that never sent an email to the recipient before.	Low	44	Yes
	Sender resembles a person within the organization	Emails from a first-time sender whose display name is identical to a person within the organization.	Medium	22	Yes

¹ These banners apply only to emails written in English.

² This banner will be applied to emails only if the sender's domain was created in the last 100 days.

³ The First-time sender banner will not be applied to the recipient's emails after 24 hours from the sender's first email.