Stop advanced phishing attacks with Egress Defend

Easy-to-deploy, intelligent detection technologies combine to defend against the most sophisticated phishing emails. Contextual, color-coded banners use nudge theory to reduce risk and augment security awareness and training.

Intelligent phishing detection in Microsoft 365

Egress Defend uses behavioral AI to detect the advanced threats that get through Microsoft’s native security controls and secure email gateways


Stop advanced phishing attacks in Microsoft 365

Our zero-trust approach enables us to detect zero-day and emerging threats, as well as the advanced attacks that evade perimeter controls.


Tangibly reduce risk through real-time teachable moments

Nudge theory is brought to life through dynamic color-coded warning banners that highlight threats in real time, sustainably reducing risk and augmenting SA&T programs.


Surface human risk insights

Apply threat intelligence data to pinpoint individual, departmental, organizational, and supply chain risks for proactive threat management.

Stop inbound email attacks

Egress Defend detects and neutralizes the full spectrum of inbound email security threats.

Defend Illustration 1

Advanced phishing detection

  • Linguistic analysis. Natural language processing (NLP) determines the emotion and intent behind every email, detecting unusual, suspicious, and threatening behavior

  • Machine learning. Self-learning technology develops user behavior baselines to detect and flag anomalous activity

  • Holistic detection. All aspects of an inbound email is analyzed in unison, enhancing its detection efficacy versus traditional anti-phishing and malware solutions that analyze these in isolation

  • Neutralize malicious code. Active and malicious code is automatically disabled from html message body and attachments

  • Sender policy verification. lookup and validation is performed on every message for SPF, DKIM and DMARC

Defend Illustration 2 Compressed

Engage and empower users

  • Contextual HTML warning banners. Color-coded (heat-based) warning system immediately alerts users to the level of risk when engaging with an email.

  • Real-time teachable moments. Simple language explains which aspects of an email indicate a threat, providing employees with coaching-in-context at the point of risk and augments into Security Awareness and Training (SA&T).

  • Cross platform. Optimized to provide advanced protection on any device or interface (desktop, mobile, and web).

  • M365 integration. Integrates seamlessly into MS Outlook apps on Windows Desktop, Mac, iOS, and Android, including integration with MS Safelinks.

  • Interactive prompts. Users can be prompted if they attempt to violate advice by integrating with Egress Prevent.

  • Intelligent recommendations. Provides intelligence and actions to the user based on the threat level.

  • Link rewriting. Stops time-based attacks by rewriting links and checking at time-of-click. Unsafe links are redirected to a warning page with contextual details and used as teachable moments.


Reduce admin, respond to threats

  • Human risk scoring. Determine the overall organizational risk posture and gain insight into risk and threat trends

  • Simplified administration. Eliminates rules and signature-based policies so administrators no longer need to configure and maintain them

  • Intuitive single-click remediation of threats. Seamlessly removes high-risk messages directly from mailboxes

  • Simple end user deployment. Can be setup and deployed in under 30 mins

  • Integration. Integrates seamlessly into the Microsoft 365 platform using SMTP connectors and Graph API

  • Historic learning and analysis. Protection provided from day one due to ‘back in time’ analysis and historic user benchmarking

  • Silent mode. Allows a phased roll out and streamlined user onboarding

  • SSO enabled. Integrates directly into organization Single Sign On (SSO)

Learn more about Egress Security Center and Adaptive Security
Egress Defend Reduce The Impact Of Inbound Threats

Reporting, analytics and incident response and remediation

  • Real-time cyber intelligence. Tailor threat models, assess risks, and roll out additional security measures based on the most up-to-date threat data

  • Detailed reporting and analytics. Provide clear visibility into potential threats targeting individual users

  • User risk. Highlight the users that are the highest risk within an organization and offer actionable insights

  • Trending and abnormal behaviour. Provides actionable insights into unusual trends and behavior at both organization, departmental and individual level

  • Threat landscape. Threats are broken down by type and severity to pinpoint areas of immediate concern and demonstrate ROI

  • User interaction. Detailed reporting on end user interaction with dangerous emails.

  • Communication history. Track and report on end user email communication history detecting attacks such Business Email Compromise (BEC)

  • SIEM & SOAR. Output log and threat intelligence data directly into an existing SIEM/SOAR/SOC

Egress Defend Reduce The Impact Of Inbound Threats (1)

Reduce the impact of inbound threats

  • Lowers administration overhead with intelligent self-learning threat detection

  • Teachable moments positively adjust user risk scoring

  • Reduces user friction by engaging and warning only when risk is present

  • Lowers time to respond and remediate email-related incident

  • Reduces the risks associated with sophisticated phishing and BEC attacks

  • Swiftly demonstrates value

  • Reinforces security awareness training to increase its effectiveness and your ROI

Egress Defend Robust Architecture

Robust architecture

Email is a critical part of every business and even small email delays can have a big impact. That’s why Defend is architected with high availability and redundancy at its core, ensuring that your emails are quickly inspected and that they are always delivered.

Defend achieves this by making use of a modern cloud-native architecture in AWS. This utilizes availability zone (which are isolated locations within a region, each being geographically separated), as well as completely independent power, networking, and cooling infrastructure to ensure full redundancy.

The Defend system also makes use of sophisticated SMTP retry and error handing logic, which ensures that if, for example, Microsoft 365 is down, the emails will be properly retried and sent as soon as Microsoft 365 is available again.

This results in Defend being highly available and resilient to infrastructure failures without negatively impacting you, as well as adhering to SMTP/email best practices ensuring your emails always get delivered in a timely manner.

Implementation in your organization

Egress Defend integrates transparently into Microsoft 365 via SMTP and Graph API, operating after a Secure Email Gateway (SEG), and/or Microsoft 365 has performed any analysis at the perimeter.

A simple Deployment Packager will create necessary groups, app registrations, connectors and mail flow rules required to complete set up in under 30 mins.  Deployment can be staggered by group, geography, and organizational unit.


Defend Integrations

Integrations with your security ecosystem

Using the Egress Defend API, integration into a SIEM/SOAR makes it simple to report alongside existing security tools. Egress Defend can output log data in a range of formats via API. For Native Microsoft customers, there is also a Microsoft Sentinel connector available on Azure marketplace.

Egress Defend leverages Microsoft Graph to provide post-delivery remediation capability for administrators. This includes the ability to group and delete heterogeneous phishing events across multiple mailboxes and geographies.

See Egress Defend in action

Want to learn more about Egress Defend?



From 176 reviews on Gartner® Peer Insights™ for Email Security as of September 14, 2023.

How a global insurance services firm uses Egress Defend to enhance Microsoft 365 email security

We selected Egress Defend and Egress Prevent as added security layers in our Microsoft 365 environment to ensure we are minimizing our risk profile.

What our customers say

Read about the worldwide businesses that trust Egress Defend to stop inbound email attacks.

Customer stories

"(With Egress Defend) I’m able to remediate dangerous emails from everyone’s inbox, potentially before they’ve even opened them."

"Egress Defend helps us significantly reduce risky clicks and supports the development of our defensive emailing culture — and it’s easy-to-use, easy to-understand and customizable."

"If a user sees an anti-phishing banner in an email, they can click on it, and it explains to them why the email was flagged. Feedback has been great."

Simplify and optimize your email security architecture.

Unlock greater value from your core IT and security platform investments.

Knowbe4 Logo
Microsoft Logo
Amazon Web Services
Mimecast Logo
Forcepoint Logo
Proofpoint Logo
Sophos Logo.Svg
Ironport Logo
Ibm Logo
Splunk Logo
Solarwinds Logo
Logrhythm Logo
Bulletproof logo
Citrix Logo
Apple Logo
Android Logo
Microsoft Intune Logo
Salesforce Logo
Imc Logo
Microsoft Dynamics Crm Logo
Visualfiles Logo
View all integrations

Related resources

Learn how Egress Defend works in concert with our full suite of advanced email protection technologies to mitigate both inbound and outbound email risks.

Human Risk Summit

12th October 2023 | 10:00 - 12:40 ET/15:00 - 17:40 BST

It's time to adapt.

The next evolution of cloud email security has arrived. Join industry thought leaders at our virtual event for insight into managing human risk and adaptive cloud email security.

Customer webinar: enhancing anti-phishing defenses in Microsoft 365 at Newcastle City Council

Get insight into the types of phishing threats targeting government organizations, how to layer defenses in Microsoft 365 for effective threat detection, and more.

CISO strategy guide: Bringing adaptive security to cloud email

Download this guide to learn how adaptive security moves risk management from reactive to proactive by providing a predictive layer to threat prevention and continuously assessing risk.

Customer story: Concertus

Concertus Design and Property Consultants works with Spear Shield and Egress to mitigate inbound and outbound email threats.