Egress Defend

Stop advanced phishing attacks

Easy-to-deploy, behavioral AI detects the most sophisticated phishing emails. Contextual, color-coded banners use nudge theory to reduce risk and augment security awareness and training.

The only self-learning & adaptive anti-phishing solution on the market

Egress Defend combines the power of behavioral AI with self-adapting technology to detect and protect against the most sophisticated threats that bypass Microsoft’s native security and legacy secure email gateways.


Stop advanced phishing attacks in Microsoft 365

Defend’s proven, zero-trust approach enables us to detect zero-day vulnerabilities, emerging threats and advanced attacks that evade perimeter controls.


Reduce phish click rates to 0% through real-time teachable moments

Nudge theory is brought to life through dynamic color-coded warning banners highlighting real-time threats, reducing risk and augmenting SAT programs.


Minimize admin with Adaptive Security

Defend’s self-adapting mechanism ensures every user has the appropriate level of security, automatically dialing up or down based on their risk.

Manchester Airports Group takes their email security to new heights with Egress

“We’re really pleased with Defend. We’re now detecting a broader range of advanced phishing threats, including BEC and impersonation attacks."

Enhance Microsoft 365

Egress Defend detects and neutralizes the full spectrum of inbound email threats to deliver a 71% reduction in user interactions with phishing emails versus Microsoft alone.

Defend DM 1

Advanced phishing detection

By using a combination of self-learning techniques, behavioral intelligence, language processing engines and automation, Egress Defend delivers first-of-its-kind inbound email protection.

  • Self-adapting technology. Automatically adjusts security policy per user based on their risk score.

  • Linguistic analysis. Natural language processing (NLP) determines the emotion and intent behind every email, detecting unusual, suspicious, and threatening behavior.

  • Machine learning. Self-learning technology develops user behavior baselines to detect and flag anomalous activity.

  • Holistic detection. All aspects of an inbound email are analyzed in unison, enhancing its detection efficacy versus traditional anti-phishing and malware solutions that analyze these in isolation.

  • Neutralize malicious code. Active and malicious code is automatically disabled from html message body and attachments.

  • Sender policy verification. lookup and validation are performed on every message for SPF, DKIM and DMARC.

  • Link rewriting. Stops time-based attacks by rewriting links and checking at time-of-click. Unsafe links are redirected to a warning page with contextual details and used as teachable moments.

  • QR code detection. Detects QR codes within email to warn users of quishing attempts.

Defend DM 2

Engage and empower users

Through coaching-in-context and guided advice in risky scenarios, users actively learn to identify red flags, effectively becoming part of your security arsenal. In turn, you enjoy increased user productivity and fewer late-night fires.

Defend DM 3
  • Contextual HTML warning banners. Color-coded (heat-based) warning system immediately alerts users to the level of risk when engaging with an email.

  • Real-time teachable moments. Simple language explains which aspects of an email indicate a threat, providing employees with coaching-in-context at the point of risk and augmenting Security Awareness and Training (SA&T).

  • Cross-platform. Optimized to provide advanced protection on any device or interface (desktop, mobile, and web).

  • M365 integration. Integrates seamlessly into MS Outlook apps on Windows Desktop, Mac, iOS, and Android, including integration with MS Safelinks.

  • Interactive prompts. Users can be prompted if they attempt to violate advice by integrating with Egress Prevent.

  • Intelligent recommendations. Provides intelligence and actions to the user based on the threat level.

  • Email productivity. Improve user productivity and reduce admin burden by automatically moving graymail to a separate folder.

Defend DM 4
1500W Threat Trends Apr 24 Web Imgs Blog Thin CTA

2024 Phishing Threat Trends Report: January - March insights

Download report

Reporting, analytics and incident response and remediation

Expedite threat investigation and reduce your mean time to respond with extensive reporting, self-learning threat mitigation, and automated remediation tools.

Defend DM 5 (1)
  • Adaptive Security. Dynamically updates Defend security policy based on users' risk score.

  • One-click remediation of threats. Remediate all exact and similar emails in one click, removing the need for further investigation.

  • Real-time cyber intelligence. Tailor threat models, assess risks, and roll out additional security measures based on the most up-to-date threat data.

  • Detailed reporting and analytics. Provide clear visibility into potential threats targeting individual users.

  • User risk. Highlight the users that are the highest risk within an organization and offer actionable insights.

Learn more about Egress Security Center and Adaptive Security
  • Trending and abnormal behavior. Provides actionable insights into unusual trends and behavior at both organization, departmental and individual level.

  • Threat landscape. Threats are broken down by type and severity to pinpoint areas of immediate concern and demonstrate ROI.

  • User interaction. Detailed reporting on end user interaction with dangerous emails.

  • Communication history. Track and report on end-user email communication history detecting attacks such as Business Email Compromise (BEC).

  • SIEM & SOAR. Output log and threat intelligence data directly into an existing SIEM/SOAR.

Defend DM 6

Reduce admin, respond to threats

IT and Security teams are spending too much time on remedial, investigative, and routine email tasks. With Egress Defend's automated threat management tooling, you'll win yourself time back to focus on more strategic security initiatives.

Defend DM 7
  • Human risk scoring. Gain contextual understanding of organizational risk down to the user level to spot vulnerabilities and impending threats.

  • Automated threat collation. Automatically aggregates attacks enabling instant remediation and relieving operational burden.

  • Simplified administration. Eliminates rules and signature-based policies so administrators no longer need to configure and maintain them.

  • Abuse mailbox automation. Reduce security overhead and time to respond with advanced AI-powered phishing investigation and remediation.

  • Integration. Integrates seamlessly into the Microsoft 365 platform using SMTP connectors and Graph API.

  • Historic learning and analysis. Protection provided from day one due to ‘back in time’ analysis and historic user benchmarking.

  • Silent mode. Allows a phased roll out and streamlined user onboarding.

  • SSO enabled. Integrates directly into organization Single Sign On (SSO).

  • Simple end user deployment. Can be setup and deployed in under 30 mins.

Defend DM 8
Defend DM 9 1

Reduce the impact of inbound threats

  • Lowers administration overhead with intelligent self-learning threat detection

  • Ensures each user gets tailored protection based on their risk level

  • Teachable moments positively adjust user risk scoring

  • Reduces user friction by engaging and warning only when risk is present

  • Lowers time to respond and remediate email-related incident

  • Reduces the risks associated with sophisticated phishing and BEC attacks

  • Swiftly demonstrates value

  • Reinforces security awareness training to increase its effectiveness and your ROI

Defend DM 10

Robust architecture

Email is a critical part of every business and even small email delays can have a big impact. That’s why Defend is architected with high availability and redundancy at its core, ensuring that your emails are quickly inspected and that they are always delivered.

Defend achieves this by making use of a modern cloud-native architecture in AWS. This utilizes availability zone (which are isolated locations within a region, each being geographically separated), as well as completely independent power, networking, and cooling infrastructure to ensure full redundancy.

The Defend system also makes use of sophisticated SMTP retry and error handing logic, which ensures that if, for example, Microsoft 365 is down, the emails will be properly retried and sent as soon as Microsoft 365 is available again.

This results in Defend being highly available and resilient to infrastructure failures without negatively impacting you, as well as adhering to SMTP/email best practices ensuring your emails always get delivered in a timely manner.

Implementation in your organization

Egress Defend integrates transparently into Microsoft 365 via SMTP and Graph API, operating after a Secure Email Gateway (SEG), and/or Microsoft 365 has performed any analysis at the perimeter.

A simple Deployment Packager will create necessary groups, app registrations, connectors and mail flow rules required to complete set up in under 30 mins.  Deployment can be staggered by group, geography, and organizational unit.


Defend DM 12

Integrations with your security ecosystem

Using the Egress Defend API, integration into a SIEM/SOAR makes it simple to report alongside existing security tools. Egress Defend can output log data in a range of formats via API. For Native Microsoft customers, there is also a Microsoft Sentinel connector available on Azure marketplace.

Egress Defend leverages Microsoft Graph to provide post-delivery remediation capability for administrators. This includes the ability to group and delete heterogeneous phishing events across multiple mailboxes and geographies.

Simplify and optimize your email security architecture.

Unlock greater value from your core IT and security platform investments.

Microsoft Logo Light
Netskope Logo
Crowdstrike Logo Transparent
Knowbe4 Logo
Amazon Web Services Logo Light
Mimecast Wht
Forcepoint Logo Light Transparent
Proofpoint Logo Transparent White
Sophos Logo 140H COMPRESSED 8Kb
Ironport Wht
Ibm Logo
Splunk Logo Transparent White
Solarwinds Wht
Logrhythm Wht
Bulletproof Wht
Citrix Logo White
Apple Logo White.Svg
1 Android Logo
Microsoft Intune Logo
Salesforce Logo 140H COMPRESSED 3Kb
Imanage Logowhite
Microsoft Dynamics Logo Transparent White
Visualfiles Logo
View all integrations

See Egress Defend in action

What our customers say

Read about the worldwide businesses that trust Egress Defend to stop inbound email attacks.

Customer stories

"With the introduction of human risk management, we now have a holistic view of our riskiest users hour by hour."

“The banners have also dramatically increased employees’ everyday vigilance to phishing attacks.”

"One layer is not enough to detect and neutralize the numerous advanced phishing threats targeting our day-to-day work."