Using the DarkTrace Analyze tool in Outlook

Using the DarkTrace Analyze tool in Outlook

We have deployed the Dark Trace analysis tool to Microsoft Outlook.  When reading an e-mail you can get a short summary from Dark Trace on how it thinks of the email.  Inside the message, this is an icon with an orange magnifying glass named analyze in the tool bar.  It provides you with two options when activated... Report as Safe, and Analyze.

Finding the Analyze button



Finding Analyze in Microsoft Outlook

In the Microsoft Outlook client it will appear in the ribbon across the top of an opened message.  If your email window is too small, it may be off screen.  Simply make the window wider or hit the arrow pointing to the right to shift the ribbon over.




Finding Analyze in Outlook Web Access

In OWA, you need to first expand the APPS button, then you can access INBOX Analysis.



Finding Analyze in the Outlook Mobile application.

In the mobile app, the button is located in a submenu off the message.  Android version shown in the image below.



Using Analyze

You have two options within analyze for any email coming from outside the company.    Analyze and Report as safe.

Using analyze

Clicking analyze will give you a bit more insight into how our security has assessed the email.  It does not tell you specifically if an email is safe or not, but instead gives you some other things to consider.  The contents will vary by email, but here is one example and what it tells you.  



The system recommends moderate caution:  This is the overall recommendation from the security system.  Remember, we need you to make up your own mind, so this is just a reference point.  The security system is state of the art, but it is still a computer and can be tricked or make mistakes.

The domain has a long history of sending emails to a small number of your colleagues: This shows that we (as a company) have seen emails from this person for awhile now.  This is an weak indicator it could be good.

Emails are rarely sent back: This clarifies the communications have been one-way this whole time.  We get a lot of spam that people don't rely to. 

Caution when using links: This is an indicator, pointing out that the site could be suspicious, or that it just does not match the domain the email is coming from. 

The sender domain was registered on the internet only 76 days ago:  This is an interesting indicator.  Hackers will often register look alike domains (IE: LiifewayMobility.com) and start using them to trick people.  Smarter hackers sit on them for a while, so this could be a good indicator of something supicious, but a long registered domain does not specifically mean its good.

Using Report as Safe

If, an email is actually a good email, you can inform the security system by clicking Report as safe.  This does not mean any email like this will get through, but it gives a strong hint that these are generally good.  If you are getting emails from someone fine now, there is no benefit to clicking this.