CyberGraph 2.0 - Dynamic Banners

Updated

This guide describes how CyberGraph 2.0 Dynamic Banners work.

Banner Warning Types

CyberGraph provides message banner functionality by inserting a banner into inbound emails with warnings that vary depending on the scan results. Additionally, interacting with banners can enable users to report emails as dangerous, spam, or safe.

Banner colors are set and cannot be customized; their color changes depending on the risk level.

There are two different types of banners that can be configured: Dynamic (or image) banners and Static (or text) banners.
These two types are explained below:
See Configuration Settings CyberGraph 2.0 - Configuration Settings for banner configuration details. 

  1. Dynamic Banners: Dynamic or Image Banners are inserted via a URL placeholder in each applicable message. As the message status is subsequently updated via user reporting, the banner color and warning level can be changed in CyberGraph storage, and then the updated version will be downloaded to the message when the URL is resolved. For example, if a user deems the message to be Dangerous, the banner will turn Red, as depicted below. If Mimecast analysts determine the message is harmless, the banner color and warning level will revert to the original state.
  2. Static Banners: Static Banners are static Text images inserted into the applicable message only at the initial delivery time. Unlike dynamic banners, the color and warning level do not change based on user reports. However, if the user does report the message, any subsequent messages from the same sender can reflect the changed risk determination.
    Mimecast advises using static banners when Outlook display issues occur with dynamic banners. These issues can include:
    • Rendering issues with Microsoft's New Outlook for Windows, or Microsoft Web Access for Outlook. For more information, please see CyberGraph Outlook Compatibility.
    • Needing to support assistive technologies (for example, for vision or mobility impaired users).

Strong Communication

What does "Strong Communication" mean for Dynamic Banners? 

Strong communication is applied on a Per Sender – Recipient basis as follows:

We consider strong communications to be established if either:

      • The recipient has sent more than 2 emails to the sender (i.e., meaning effective with the third email received from the sender,  it will count as strong communications)
      • The sender has sent at least 2 emails to the recipient and is whitelisted

However, even in cases of the scenarios above,

      • If the sender has been classified as Dangerous, the appropriate banner will be applied.
      • CyberGraph will always check the SPF for the sender domain. If the SPF check fails, a banner stating "The sender could not be verified" will be applied. Then, the message will then be processed against the remaining rules. If any other rules trigger, the text for those rules will also be applied.

User Experience

Clicking a warning banner will automatically authenticate users and direct them to the 'submit a report' page, where they can select the appropriate action for the email.

Users who interact with a CyberGraph 2.0 banner for the first time will be required to authenticate against the Mimecast platform. 

  1. Clicking a warning Banner will authenticate their email address and direct users to a page to submit a report.
  2. The user is presented with a prompt where they will select the appropriate action for the email.
  3. Confirmation of the chosen selection is displayed. 

Action Details

Action Result
Report as Dangerous to My Security Team.
  • The banner is updated to a deep Red color for the reporter.
  • A Mimecast Security Analyst reviews the dangerous email and applies the deep Red Banner for a set duration for all email recipients.
  • A notification is sent to the administrator address configured within the CyberGraph settings CyberGraph 2.0 | Settings | Notifications | Reported Dangerous Notifications
  • If a Mimecast Security Analyst determines the email is not malicious, the deep Red Banner is reverted to the original Banner displayed on the email.
  • The sender is added to the user's personal blocked senders list
Report as Spam to My Security Team.
  • No change in banner appearance, and the banner continues to be displayed on future emails.
  • The sender is added to the user's personal blocked senders list
  • Information is used to enhance the system's learning abilities.
Mark as Safe and Hide Warnings. 
 
  • All future emails from the sender to the reporter will not display a banner.
  • Historical emails will be updated.
The above describes Dynamic Banner behavior. The static banners do not change; even if a user reports a message, messages already delivered will keep the original banner. You get the updated banner only if a new mail is delivered from the same sender.

Related to

Was this article helpful?
13 out of 17 found this helpful

Comments

4 comments
Date Votes
  • Avatar
    SA - Mike Stoico

    If a bulk email is received (and expected) and one user marks it correctly as safe. is the banner removed from future emails from that domain. or does the domain need to added to the safelist?

     

    0
  • Avatar
    Admin-TM

    Hi Mike

    Thank you for your comment. 

    All future emails from the sender to the reporter will not display a banner, because they have been marked as safe for that particular domain.

    I hope this answer was helpful.

    0
  • Avatar
    Bhati, Vijeta

    Suppose if user reporting is disabled! so in case of Text-based banner if spf failed email is sent to the user- the banner color will be red as its high severity or banner color will remain same for all the alerts? 

    0
  • Avatar
    Admin - LI

    Hi Bhati,

    Thank you for your comment. Banner colors are set and cannot be customized; their color changes depending on the risk level. Furthermore, if your issue is more urgent and/or you wish to open a new Support case, please do so here.

    0

Please sign in to leave a comment.