OWASP course series

Train your engineering and IT teams on Broken Access Control, ranked #1 in the OWASP Top 10 since 2021. The course is now in your catalog.

It's the first in our OWASP series, which extends our library beyond general cyber awareness with technical content. We’ll have more on this topic soon.

Full incident visibility in ticket details

The Inbox ticket detail view has been completely redesigned to give you the full picture on any incident.

Activity logs now show every step in a precise timeline, from email reception to resolution — helping you better understand both the attack and how Inbox handled it.

New Recipients and Reporters tabs let you measure the real scope of an attack: who received the email, and who reported it.

Block senders with Inbox

Blocking a sender is the fastest way to shut down an attack. You can now do it in one click when resolving a ticket.

A blocked sender is always treated as malicious: reports are automatically resolved, and with the Block Threats option, their emails never reach your employees — moved to spam before they land.

On the flip side, approving a sender saves time on noise. Their reports are automatically resolved, and Slash won't flag their emails anymore.

Auto-forward monitoring

Auto-forward rules are easy to set up and an easy way for data to quietly leave the company.

Sonar now alerts you when emails are auto-forwarded to a non-business address, and lets you remove the rule in one click.

New Sonar insights

We've revamped the Sonar dashboard with clearer, more actionable metrics.

You can now see your current exposure level and how it's evolved since onboarding, with the context to know what good looks like, what's driving it, and where to focus next.

Darksword

In March, a Darksword exploit kit for iOS leaked, becoming available to virtually every hacker in the world. As of this writing, it is estimated that 24% of iOS devices in use are running a vulnerable version.

Riot has deployed simple changes to help you deal with this risk.

You can sync your fleet's device data between Google or Microsoft and Riot.

A new course dedicated to Darksword has been added to your catalog. It is automatically set to a smart group of users vulnerable to Darksword. Note that out of precaution it includes users who don't have a registered mobile device, which we consider odd.

You can decide to send it these users once, or add to the Year 1 program. We recommend adding it to the program, to help inform new joiners.

You can track course completion, as with any other course. You can also see the smart group get smaller as employees update their devices.

Sonar alerts

Sonar Alerts is your queue for the security decisions employees can't make alone. Each one comes with the context you need and a one-click fix.

1. Sharing to a personal email

A share to a personal address can be a benign mistake, or the first step of an exfiltration. In the second case, the employee's own explanation isn't something you can trust, so Sonar allows you to quickly assess the situation and act.

2. Dangerous apps

Employees often struggle to estimate the risk they’re taking. When it’s high and time-sensitive, walking them through the intricacies of OAuth is not an option. You can quickly see apps requiring elevated rights, and shut them down in one click.

3. Missing owner

When it’s hard to determine who’s really in charge of a partner, Sonar escalates to you. You can either assign an owner based on your domain knowledge, or you can revoke access.

4. Late partner review

Level-1 decisions are made by employees, but they sometimes let security tasks slip. When an owner has failed to assess a partner for 2 missions in a row, Sonar raises an alert for you to take a look.

Inbox and Slash summary

You and your team can now see at a glance why an email was categorized as Malicious, Spam, or Safe. The summary reflects the specific email, and does not feel like a generic template.

In Inbox, this summary saves you time. The strongest signals are highlighted. Individual signals remain accessible for deeper analysis.

If you agree with Inbox, these elements are used to explain your determination to the employees who reported the email. If you don’t, they are discarded. In both cases, you can add your comments.

When you use Slash, employees will see the summary list clear reasons why they should be careful. It does so in simple terms, and in the language set in their profile.