Skip to main content

Platform

Email Security Release Blog

PT-product-release-blog-1b.jpg

Note

Prior to October 2024, the Email Security Solution was called PhishTitan. Release blogs published prior to this date use PhishTitan when referencing the Email Security Solution.

November 2024

Wrapping up this month we have two enhancements to the Email Security solution. More information icons have been added to the MSP user interface and there is a new email security banner, specifically for spam mail.

Additional Learn More Links on Email Security UI

Additional context-sensitive help has been included in the Email Security UI. MSP admins will now notice more information ES-icon.jpgicons. Selecting these icons will direct them to Learn More links where they can access documentation related to the page they're on.

ES-Rel-Blog.jpg
ES-SPAM-banner-Rel-Blog.jpg
ES-Banner-Mal-Phish-rel-blog.jpg

Separate Spam Banner Added

A new email banner has been added specifically for spam detection. The spam warning had previously been included with warnings for malware and phishing, which is now a separate banner.

PT-product-release-blog-divider.jpg

November 2024

November is proving to be a busy month with further improvements and announcements. We've added the Threat Categories donut chart on both the MSP and customer admin overview pages. Admins also have more control over the display of the Incidents table with the ability to reorder and resize columns. And, with Microsoft announcing the retirement of Office 365 connectors in Teams, the content in the Notifications section has been updated.

Threat Categories Pie Chart

The new Threat Categories donut chart enables MSP and customer admins to see how analyzed incidents are categorized and which are more dominant. If an admin clicks on a threat category name, it's removed from the chart. Selecting it again adds it back.

Plat-MSP-Piechart.jpg
ES-Column-Reorder-RelBlog.jpg

Admins can reorder columns in the Incidents table by selecting the column icon and moving the reordering ES-Reordering-icon.jpg icon up and down the list. This changes the left-to-right display of columns. Column width can also be resized using the resize ES-Resize-Cursor.jpgcursor. As before, columns can be hidden and made visible by sliding the toggle off and on. All of these options give greater control to admins for organizing the Incidents table based on their preferences.

Updating Webhooks for Email Security

Email Security lets you configure a webhook to send a notification to a web application every time a user identifies an email as clean or phishing using the TitanHQ Outlook Add-in.

If you've already configured a webhook, then you'll need to update it before January 31st 2025 because Microsoft is retiring Office 365 connectors within Teams. This means that all webhook connector URLs must be updated before this date.

See Notifications for assistance.

ES-Notification-Webhook-Update.jpg

PT-product-release-blog-divider.jpg

August 2024

A busy month for PhishTitan with another release! This time it's the Graymail feature to help you manage marketing emails.

Graymail

Graymail refers to legitimate, opted-in, bulk emails that are at risk of being viewed as spam over time. Now both MSP and customer admins can remove unwanted mail by adding an alert banner to graymail. If auto remediation is enabled, graymail is auto remediated.

  1. Go to PhishTitan > Configuration > Mail Flow and select Graymail.

  2. Select the toggle Treat graymail as malicious and select Save.

PT-Graymail-ReleaseBlog.jpg

PT-product-release-blog-divider.jpg

August 2024

This month we're making navigation in PhishTitan easier with the Incident Summary slideout view.

Incident Summary slideout

With the release of this new feature, MSP and customer admins can now click on an incident and the Incident Summary slides out from the right side of the page. Admins can move between incidents in the table, and as each one is selected, the Incident Summary repopulates with the new data. This makes it easier and more efficient to navigate between incidents.

  1. Go to Incidents and select an incident from the table. The Incident Summary appears as a slideout.

  2. For a fullscreen view, select the fullscreen PT-pop-out-icon.jpg icon beside the subject.

PT-Incident-Sum-Slideout-Overview.jpg

PT-product-release-blog-divider.jpg

July 2024

Threat Coach, TitanHQ's latest AI-driven feature, has a beta release!

Threat Coach

Threat Coach is an AI-driven feature to help you understand phishing emails. Powered by TitanHQ AI, Threat Coach analyzes incoming emails for sentiment, context, tone, and potentially malicious intent. Threat indicators are highlighted and explained so that you can learn more about the threats used in phishing emails.

Not all email categories are included for analysis in this beta release. As beta testing continues, additional categories will be included.

  1. Go to Incidents and select the Resolved tab.

  2. Select the incident you want to view, and from the Incident Summary page, select the Threat Coach tab.

PT-incidents-tabs-blog.jpg
PT-Threat-Coach-Blog.jpg

PT-product-release-blog-divider.jpg

June 2024

This month sees the release of PhishTitan Anti-spoof and a new Mail Flow page.

Anti-spoof

Email spoofing is the creation of an email with a forged sender address to intentionally mislead a recipient about its origin. PhishTitan Anti-spoof is automatically enabled, meaning that manipulated display names are checked and if detected, an alert banner is added. You also have the option to disable it.

Both MSPs and Customers can access the Anti-spoof setting from PhishTitan > Configuration > Mail Flow > Anti-spoof.

PT-Antispoof.jpg

New Mail Flow Page

PT-Mail-Flow-Release-Blog.jpg

To simplify things, all mail flow configuration settings have been consolidated, so you can quickly and easily manage how mail is processed before delivery.

Go to PhishTitan > Configuration > Mail Flow to find tabs for Remediation, Anti-Spoof, Allow List and Frequently Exploited Domains.

PT-product-release-blog-divider.jpg

May 2024

We've added the Exploited Domains feature and updated the Incident Summary page.

Exploited Domains

Malicious actors frequently launch phishing attacks from free email services. With the Exploited Domains feature, admins have the option to apply a banner to email from free email services and alert users to be vigilant. Available on both the MSP and Customer layer, it can be accessed from the Configuration menu:

  • Go to PhishTitan > Configuration > Mail Flow > Frequently Exploited Domains. The feature is turned off by default. You just need to select the toggle to turn on alerts.

  • Select Save.

PT-Exploited-Domain.jpg
PT-Susp-Domains-Alert-Banner.png
PT-Incident-Summary-Release-Blog.png

Updates to Incidents Summary page

The Incident Summary page has been updated so that admins can quickly find the information they need.

The top summary card has been removed and that information is now in the message view header.

The Actions dropdown menu displays contextual information to explain the available options.

Lastly, the layout is now in a two-column format, with the message view on the right and Reasons for Detection and URL Analysis on the right.

PT-product-release-blog-divider.jpg

More in March 2024!

Responding to customer feedback, we've added Allow Domain and Reasons for Detection.

Allow Domains

An admin can now add a trusted domain to a customer level Allow List, making it easier and faster to receive email from known, secure domains. For customers delivering anti-phishing, suppliers usually provide a list of trusted domains allowing training emails to be delivered to a user's inbox without being caught by PhishTitan. Allowed Domains can be added from a number of places:

  • Go to PhishTitan > Configuration > Allow List and select the Domains tab, or -

  • Select the add allowed domain icon allow-domain.jpg in the in the Incidents page, or -

  • Select Actions > Add Domain in the Incident Summary page.

PT-allow-domain.jpg

Phishing Detection Reasons

We want to share the reasons PhishTitan considers an email as phishing to give more insight into an incident. This is particularly important for an admin reviewing a borderline safe email.

  • Go to PhishTitan > Incidents and view an incident. See the Reasons for Detection panel on the Incident Summary page.

reaons-for-detection.jpg

PT-product-release-blog-divider.jpg

March 2024

New layout, Auto Remediation and QR code protection is here!

Auto Remediation

With the introduction of auto remediation, an administrator can now decide the destination of malicious emails by selecting either manual or auto remediation.

With auto remediation, instead of risking exposure to malicious emails - even with banners - an administrator can choose to divert malicious email directly to the Junk folder, providing an additional layer of risk mitigation. Auto remediation:

  • Helps an MSP admin reduce the risk for customers and their users.

  • Enhances protection against malicious emails, especially for those who might overlook warning banners.

  • Go to PhishTitan > Configuration > Remediation

PT-blog-remediation.jpg
PT-Left-Menu.jpg

Sidebar Changes

We have moved things around in the side bar menu to help make room for some new things we're planning. While none of the functionality has changed, you will notice that some things are in a slightly different location than before.

Customers

An MSP admin can find all their customers conveniently located on a new Customers page.

License Usage

All your M365 licensing information is now on the License Usage page, previously the Usage page.

Settings

A new Settings menu is where you will find the Administrators page and at the customer level, the Connections page.

Simplified PhishTitan Menu

To simplify navigation, we have grouped all PhishTitan-specific pages together under one PhishTitan menu.

Overview

Previously the Dashboard page, Overview provides a summary of activity for all your customers, including emails analyzed, incidents and usage.

You can also now select either a 7-day or 30-day view on the Overview page, allowing you to see a more focused view of your data.

PT-blog-switcher.jpg

Incidents

Previously the Threat Resolution page, Incidents is where you can manage and take action on reported incidents.

Configuration

This new sub menu is where you will find Remediation, Allow List (at the customer level) and Link Lock.

Notifications

Notifications page remains the same.

Reporting

Insights and Summary Report are now grouped under a single Reports menu.

PT-Left-Menu-PhishTitan.jpg
PT-blog-quishing.jpg

Quishing Protection

QR codes have gained popularity, but they carry a significant security risk as fraudulent codes can redirect users to malicious websites that appear legitimate. PhishTitan now analyzes the URLs within QR Codes and will detect if they are dangerous.