Critical protections for your critical material

Stop attacks, secure sensitive data, and strengthen security posture across Google Workspace and Microsoft 365.

Essentials

A cloud office security solution that automates detection and response across email, files, and configuration settings.

$3
Per user/month,
billed annually
Plus $1.20/TB for shared drives
Get started
Everything you get from traditional email security tools, plus:
Identity-based threat detection and response
Posture management and vulnerability reduction across the cloud office
No one-size-fits-all, black box solution
Zero hours spent writing and maintaining detection rules
Advanced

All the features of Essentials with additional capabilities around data classification, governance, and protection.

$6
Per user/month,
billed annually
Plus $2.40/TB for shared drives
Get started
Everything in Essentials, plus:
Detect and monitor improper sharing and excessive permissions in Google Drive
Detect and monitor sensitive content in email
Expanded data discovery and governance capabilities
Enhanced identity risk and threat detections
Detect anomalous behavior related to sensitive content in files and emails
ATO Resilience

Enhance your security with advanced features that detect, respond to, and mitigate account takeovers. This functionality is available as an add-on or a stand-alone license.

+$3
Per user/month,
billed annually
$5/user/month as a stand-alone
Get started
Comprehensive coverage purpose-built for one of the most common threats to your organization:
Contain the blast radius of ATO attacks with message-level controls for sensitive content, password resets, and more
Reduce your vulnerability to ATOs by uncovering MFA gaps and bypasses before they’re exploited
Detect ATO attacks early via monitoring of anomalous behavior
You can buy this feature separately or as an add-on.

Find the Perfect Plan to Match Your Needs

Compare features, benefits, and pricing to choose the best option for your budget and goals.

Capability
Expand all
Essentials
$3
/month
Get started
Advanced
$6
/month
Get started
Capability
Expand all
ATO Resilience
+$3
/month
Get started
Email Threat Detection and Response
Detect sophisticated email-based attacks (Phishing, BEC, Impersonation, Fraud, etc.)
Remediate email attacks with flexible remediations (banners, link/attachment speedbumps, marking spam and deletion)
Ingest, auto-classify, and respond to user-reported phishing
Hunt for email threats and build custom detections
View trends and analytics on email-based attacks
Run phishing simulations based on real attacks
Monitor DKIM, DMARC and SPF records
Detect and remediate email bomb and harassment campaigns
File Data Security
Sync files from MyDrives and Shared Drives
Metadata only
Metadata and Content
Detect files with  improper sharing
Detect files with excessive permissions
Detect external applications with excessive file access
Detect orphaned file sharing from offboarded accounts
Create custom detections to monitor file permissions and sharing
Remediate file issues with user notifications, permissions updates, and label assignments
Ingest Google Drive labels for use with custom detections and remediations
Detect and monitor built-in sensitive data types in file content
Define custom sensitive data types
Email Data Security
Detect auto-forwarding rules to internal, external and personal accounts
Detect manual forwarding to personal accounts
Detect external applications with excessive email access
Create custom detections to monitor email traffic
Detect and monitor built-in sensitive data types in email
Detect anomalous and high volume sensitive content sharing
Define custom sensitive data types
Ingest custom sensitive data types from Microsoft Purview
Identity Threat Detection and Response
Detect MFA coverage gaps including use of non phishing-resistant MFA
Detect and remediate IMAP/POP, ASPs,  and other forms of MFA bypass
Detect leaked credentials in public data breaches
Detect suspicious mail forwarding rules
Detect and remediate inactive and dormant accounts
Detect and mitigate suspicious admin activity
Detect and mitigate account takeovers (ATO) based on account activity
Detect credential sprawl and unsanctioned app signups
Detect SSO gaps and email-based password resets
Secure Configuration and Compliance
Detect vulnerabilities due to misconfiguration or settings drift
Align configuration with compliance standards
Investigations and Incident Response
Email and file content search index
6 months
1 year
Search across email and file metadata
Search across email and file content
Email only
Email and files
Follow investigations through settings and issues for related Accounts, Groups and Tenants
Platform Capabilities
RBAC
Event Subscriptions and API
Integrations
REST API
Reports
Customize user-facing messages and UI
Mailbox Retention Policy Mirroring
Account Takeover Prevention
Detect MFA coverage gaps including use of non phishing-resistant MFA
Detect and remediate IMAP/POP, ASPs,  and other forms of MFA bypass
Detect leaked credentials in public data breaches
Account Takeover Detection
Detect suspicious mail forwarding rules
Detect and mitigate account takeovers (ATO) based on account activity
Detect account takeovers (ATO) based on sensitive content honeypots
Detect anomalous access of historical sensitive emails
Audit historical access of sensitive emails
Detect and monitor built-in sensitive data types in email
Define custom sensitive data types
Ingest custom sensitive data types from Microsoft Purview
Account Takeover Impact Assessment
Categorize all sensitive data at rest in mailboxes
View historical message access to inform email retention policies
Detect credential sprawl and unsanctioned app signups
Detect SSO gaps and email-based password resets
Account Takeover Consequence Mitigation
Prevent post-breach data loss with message-level MFA for accessing historical sensitive email
Prevent post-breach lateral movement with message-level MFA for accessing password reset and other  identity verification emails
Investigations and Incident Response
Email content retention
Unlimited
Search across metadata and content for email and files
Follow investigations through settings and issues for related Explore Accounts, Groups and Tenants settings and issues
Platform Capabilities
RBAC
Event Subscriptions and API
Integrations
REST API
Reports
Customize user-facing messages and UI
Mailbox Retention Policy Mirroring

Frequently Asked Questions

Find answers to common questions and get the details you need.

Do you offer volume discounts?
What is Material’s deployment model?
Do you offer support plans?
Do you have different pricing for shared or low-volume accounts?

Schedule a live demo

Fredrick "Flee" Lee, CSO, Gusto
Fredrick "Flee" Lee
CSO, Gusto

“At Gusto, every employee is serious about protecting our customers and ecosystem. We are using Material to take full advantage of the underlying APIs in our cloud email to protect against phishing, reduce ATO attacks, prevent sensitive data leakage, and more.”

Alex Bynum, Information Security Manager, Color
Alex Bynum
Information Security Manager, Color

"It used to take me 20-30 mins to investigate a single phishing email. Today I received 5 or 6 phishing emails and spent only 2-5 minutes in Material."

Nico Waisman - Former CISO, Lyft
Nico Waisman
Former CISO, Lyft

"If we review the last 5 years of incidents across multiple industries, both sophisticated and wide-spread attacks started with a successful intrusion through phishing. Material gives us an extra layer of protection when it matters most—and accelerates our detection and response time by delivering a strong workflow."

Matt Pecorelli, Director Cybersecurity Operations, Mars
Matt Pecorelli
Director Cybersecurity Operations, Mars

“Material was simple to operate and trust even at our scale. There was no complex implementation and no disruption to go into production, and we had full access to our own cloud instance throughout. Within a couple of hours of deployment, we could analyze all the email data for all our domains across North America. It was remarkable.”