CloseTraditional email security is a one-size-fits-all black box.
Sublime lets you write, run, and share rules to block phishing attacks, hunt for threats, and more.
"Sublime gives us the benefit of community curated rules to stop phishing threats and the precision to craft our own.”
Protect your environment from HTML smuggling, credential phishing, BEC, and more using out-of-the-box rules written by Sublime’s Detection and ML teams and the community.
“The Sublime Rules Feed detects both targeted and generic phishing attacks, from malware delivery to vendor compromise.”
Benefit from the collective knowledge of security teams around the world by subscribing to Rule Feeds managed by your peers.
Counter emerging attacks quickly by customizing and enforcing your own detection rules. No vendor bottlenecks.
“Sublime’s enabled us to close gaps we discover during our red and purple team engagements, adapt to the latest Qakbot techniques, and share and receive detection rules from the broader community to stay one step ahead.”
Threat hunt over historical messages using arbitrary behavioral queries or IOCs.
Operationalize threat intelligence in your email environment.
“Historically we’ve been limited to searching historical mail using IOCs. With Sublime, we receive new behavioral detections via the Feed and can retro-hunt with these to incidents or attacks we didn’t know about.”
Automatically mitigate entire phishing campaigns from a single user report or when arbitrary conditions are met using Triage Rules.
“Sublime’s phishing herd immunity empowers every one of our end users to help secure the organization when attacks get through.”
Verifiably reduce attack surface by blocking suspicious behavior atypical in your organization.
“Sublime enables our team to be resilient to new HTML smuggling techniques by blocking all HTML attachments from new senders. It’s one of the most effective policies we have enabled.”
All the information you need at your fingertips to make quick, accurate decisions. Backed by a full REST API and Webhooks for integration with SOARs and SIEMs.
“Sublime is fully integrated into our SOAR, enabling complex workflows to enrich, investigate, and remediate. Frankly it was one of the easiest SOAR integrations we’ve worked on.”
Identity, history, and context-aware.
Combine the best of machine and human intelligence using Natural Language Understanding (NLU), Computer Vision (CV), and more.
“With Sublime we don’t have to pick between black box machine learning and having control, we get the benefits of both. It’s incredible that we can write rules using sophisticated capabilities like NLU, and the community is constantly coming up with things we haven’t.”
![Sublime rule to detect HTML smuggling attachment with the following MQL:
type.inbound
and any(attachments,
(
.file_extension in~ ("html", "htm", "shtml") or
.file_extension in~ $file_extensions_common_archives or
.file_type == "html"
)
and any(beta.binexplode(.),
.scan.entropy.entropy >= 5
and all(["document", "write", "atob"],
. in ..scan.javascript.identifiers)
)
)](https://cdn.prod.website-files.com/6392271389d6f4bcd2243e40/63b863015c6d4e181514ee26_HTML%20smuggling%20attachment%402x.png)
