Auto-Quarantine: How it Works

Complex AI-driven phishing tactics are being utilized more frequently to generate phishing emails that bypass conventional security measures. To stem this increase, we recommend that users of your Mesa Security platform allow Auto-Quarantine, which takes immediate action on high-risk email threats to your organization.

Below is how Auto-Quarantine functions: Auto-Quarantine will capture any email that reaches a risk score of 80 or higher, and quarantine that email before it reaches a user’s inbox. In addition, Mesa Security’s Auto-Quarantine is near-instant with a average speed of 5 milliseconds from when the malicious email is detected to when it is quarantined.

All in all: the whole process of when a potentially malicious email reaches a user’s inbox to when it is detected and quarantined is less than 5 seconds – making the threat contained before the user even has time to see it. The administrator will still be able to evaluate the risky quarantined email in the Mesa Security threat insights view and take further action on that particular email.

How the Risk Score is Calculated

The risk score is calculated based on multiple factors, each contributing to the likelihood of an email being malicious. Here’s what goes into determining a high-risk email:

1. Sender Reputation & Domain Age
   • Emails from newly registered or suspicious domains are more likely to be phishing attempts.
2. Email Content & Tone Analysis
   • AI analyzes email language for urgency, financial transactions, and unusual requests.
3. Attachments & Links
   • Malicious attachments (e.g., .exe, .zip, .docm) and shortened or obfuscated URLs increase risk scores.
4. Authentication Checks (SPF, DKIM, DMARC)
   • Emails failing authentication checks are flagged as high-risk.
5. User Behavior & Anomalies
   • If an email is sent from an unusual location or time, it will add to the risk score

Why You Should Turn On Auto-Quarantine

With AI and its assistance with phishing attacks, it is nearly impossible to respond to the number of attacks happening and with great frequency. Additionally, generative AI capabilities provide hyper-realistic phishing emails that closely align with human tone and behaviors making them indistinguishable from legitimate emails. In 2024, Zscaler reported a 60% increase year over year in AI-assisted phishing attacks.

By configuring your Auto-Quarantine, you ensure that high-risk emails are blocked from reaching your employee’s inbox! By making this adjustment, you have greatly reduced the possibility of incurring the financial loss of a data breach.

Get Started with Auto-Quarantine:

1. Enable Auto-Quarantine in Settings
   • This ensures any email with a risk score of 80 or above is automatically quarantined before they even reach an employee’s inbox. You can still review the email and take further action on it.
2. Review Quarantined Emails
   • If a legitimate email is mistakenly flagged, you can release it to user’s inbox.
   • If it’s a phishing attempt, you can delete it permanently and/or block the sender address.

Expanding Beyond Employee Emails

Auto-quarantine is available now to anyone who is on the professional plan at only $2/user/month and you can click here to get started with your administrator credentials! Currently, auto-quarantine is available to tenants on the Office 365 platform but we expect to release Google Workspace in the next month. In the not-so-far future, we plan to roll out protection for business messaging applications such as Slack or Teams to have the auto-quarantine and remediation capabilities. This will allow for a 360 degree protection against malicious content in all interrelated applications.

We are excited about bringing this capability out to you soon and hearing your feedback on what you want to see!