The Shadow Workflows capability will provide detection and response of the most common post-compromise malicious activities. These activities include:
  • Malicious inbox rule creation (we are completely revamping how we detect malicious inbox rules as part of this effort)
  • Malicious phishing campaigns: At a minimum, we will detect and generate an incident report when a mailbox is responsible for a malicious phishing campaign.
  • Data exfiltration timeline: Provide a timeline and attack summary within the ITDR incident report to enable users to quickly determine scope of an attack.