AI Guardian Premium is available with Email Protection + DLP package only. Read our Knowledge Base article Package Management if you need to switch the plan.

AI Guardian Premium includes all the functionality of AI Guardian Standard plus additional features.

AI Guardian Premium can be disabled by navigating to HostPilotĀ® Control Panel > Services > Email Protection > AI Guardian and clicking Disable. It can be re-enabled anytime later if needed.

Here you can also access AI Guardian Dashboard to customize your policies and manage AI Guardian features.

Overview

AI Guardian Premium comes with a set of pre-configured Inbound and Outbound policies to address various types of threats.

Inbound Policies

Default Inbound policies include several categories:

Business Email Compromise (BEC)

  • Social Engineering: This policy identifies generic business email compromise incidents.
  • Ransomware: This policy identifies crimes in which hackers first hold something valuable as hostage from a person or organization (e.g. - via the encryption of digital data or of a computer). The hacker then tells the victim that the valuable object(s) will not be returned until certain demands - usually financial - are met.
  • Extortion: This policy identifies crimes in which a hacker threatens a person or organization with some sort of harm such as the exposure of sensitive or personal information unless a victim meets certain - usually financial - demands.
  • Payroll Fraud: Attacker fraudulently requests a change in direct deposit information to steal from an employee.
  • Payment Fraud (Internal): Attacker poses as an internal entity to request fraudulent payment.
  • Payment Fraud (External): Attacker poses as a vendor, partner, or other external entity to request fraudulent payment. Vendor email compromise falls under this category.
  • Impersonation: VIP (Requesting Gift Card): The attacker impersonates a VIP/exec to send emails that request gift cards from the victim.

Spear Phishing

  • Impersonation: VIP: The attacker impersonates a VIP/exec to send emails that request some action from the victim (for instance, sharing personal information).
  • Impersonation: Employee: The attacker impersonates an internal employee to engage with the victim.

Credential Phishing

  • Phish URL (Mail Body): Emails containing a URL that harvests personal information from the victim.
  • Phish URL (Attachment): Emails containing attachments with a URL that harvests personal information from the victim.

Outbound Policies

Outbound Data Loss Prevention wil help to detect PII/PCI violations disclosed through emails sent outside of your organization. Default Outbound categories include:

  • PCI Bank Account Number: Employee discloses bank account details within email content to an external entity.
  • PCI Credit Card Number: Employee discloses credit card number within email content to an external entity.
  • PCI IBAN: Employee discloses IBAN details within email content to an external entity.
  • PCI Routing Number: Employee discloses routing number within email content to an external entity.
  • PII Passport: Employee discloses passport number within email content to an external entity.
  • PII Social Security Number: Employee discloses social security number within email content to an external entity.
  • PII Tax Number: Employee discloses tax number within email content to an external entity.

Policy Actions

If the email falls into any of these categories, the policy will be triggered and the email will be treated according to the configured action for the policy. Possible actions are:

  • No Action: incidents will appear in the AI Guardian Overview Dashboard and the incidents pages, but there will be no action taken on any end user emails across your organization.
  • Subject Tag: email will be delivered with custom tag in the message subject
  • Body Tag: email will be delivered with custom tag in the message body
  • Label: email will be delivered with the label marking it as suspicious
  • Quarantine: email will be delivered to Junk email folder
  • Delete: email will be deleted from the users' mailboxes

Default actions for each policy can be configured in AI Guardian Dashboard.

Read more about Policy configuration in AI Guardian Dashboard in AI Guardian Dashboard Policies article.

Body And Subject Tags Text

When Body Tag or Subject Tag action is applied, specific wording is displayed on the body or subject of the email.

Body tags are applied with the following text:

  • Potential threat warning - This email looks like it may be threatening you with a potentially harmful action. Please be cautious when responding or clicking on any links or attachments. If in doubt, contact your IT team.
  • Potential phishing warning - This email looks like it could trick you into sharing your credentials with a fake party. Please be cautious when clicking any links in this email or its attachments and check the sender's email address. If in doubt, contact your IT team.
  • Potential fraud warning - This email looks like it could try to trick you to send money to a fake company or employee - Contact the company on a known email or telephone to confirm their details. If in doubt, contact your IT team.
    Potential social engineering attack warning - This email looks like it could try to trick you into handing over sensitive information - Avoid replying with any sensitive information and be cautious about clicking on any links/attachments.

Example

The following text is displayed for Subject tag:

  • [THREAT WARNING]
  • [PHISHING WARNING]
  • [FRAUD WARNING]
  • [IMPERSONATION WARNING]
  • [SOCIAL ENGINEERING WARNING]