.png)
Material's January updates simplify security investigations by making search simpler and connecting disparate risks across the cloud workspace for faster triage.
Far too often, security teams are forced to choose between power and speed. The more powerful a tool is, the more specialized knowledge it requires to actually operate. You end up with a team of highly-paid staff who are experts at managing a tool: spending their days wrestling with proprietary syntax or clicking through fourteen tabs to see if a specific user has been targeted by more than one campaign.
At Material, we think that’s a failure of design.
We know that email security is a cloud workspace problem. A malicious message is often just the catalyst for broader risks involving account takeovers, third-party app permissions, and sensitive data exposure. If your security platform makes it difficult to see those connections quickly, it isn't really solving the problem; it's just giving you a different place to be busy.
Our January updates are focused on removing that friction. We’ve overhauled how you search, how you pivot between related incidents, and how we communicate risk severity so you can get out of the console and back to actual security work.
Search without syntax - or losing your place
If you’ve spent any time in the modern security ecosystem, you’ve likely been asked to learn a proprietary query language. Every new tool seems to come with its own unique syntax, forcing analysts to become part-time linguists just to find a specific message or event.
We think that’s an unnecessary tax on your time.
We’ve overhauled the search experience in Material so you can now search using natural language. Search functions more like a standard wizard and less like a coding exercise. Our Material Query Language (MQL) is still doing the heavy lifting under the hood, but you don’t have to write a single line of it if you don't want to.
- How it works: Instead of parsing out a long string of variables in a single search bar, you’re prompted to fill in specific fields.
- The benefit: It drastically reduces the learning curve for new team members and speeds up the investigation process for veterans. You shouldn't need a cheat sheet taped to your monitor just to run a search.
We’re keeping the power and precision of MQL available for those who want it, but we’ve removed the barrier to entry. We’ll handle the translation; you just find what you need.
And not only is our search easier to use, it’s easier to find. CMD/CTRL-K from anywhere within Material brings up the search interface, so you can look up that message or user without losing your place in the investigation.
Seeing the full blast radius: Recipient filtering across all issues
When an account is potentially compromised, your first question isn't just "What emails did they send?" It’s "What else is happening with this person?"
We’ve expanded our recipient filter to work across all issues in the platform, not just email-specific ones. This might sound like a small UI tweak, but for an analyst in the heat of an investigation, it’s a massive context builder.
By selecting a specific recipient, you can now see every issue associated with them across your entire cloud workspace. This allows you to group together disparate indicators of compromise—like a suspicious login followed by a sensitive file share—into a single, coherent timeline.
It’s about moving away from isolated incidents and toward understanding the total blast radius of an event. When you can see the whole story in one view, you make better decisions, faster.
Connecting the dots with related issues
A security event rarely happens in a vacuum. A malicious app often targets specific accounts, which then send specific messages. Until now, managing these moving parts could feel a bit fragmented.
Our latest update enhances issue management by allowing multiple entities (messages, accounts, and apps) to be associated with a single issue. We’ve introduced two key features to make this visibility more actionable:
- "Related To" filters: In your issue list view, you can now filter by a specific entity to surface every related issue. A new column explicitly displays how that entity is connected to the issue, removing the guesswork.
- Related issues table: We’ve updated the tables throughout the app to more clearly highlight when an entity you’re looking at is involved in other open issues.
This is part of our broader commitment to visibility across the cloud workspace. By tying these risk surfaces together in a single view, we’re helping you see the connective tissue between an app permission and a potential data leak.
Transparency through severity adjustments
"Severity" shouldn't be a black box. If a platform tells you an incident is "High" or "Critical," you deserve to know exactly why that determination was made, based on logic you actually recognize.
We’ve adjusted how Material defines the severity of detected issues to bring our platform more in line with industry-standard security best practices. We aren't interested in making up our own definitions of risk just to sound unique.
- Better alignment: Severity levels now reflect commonly understood standards used by most SOCs and compliance frameworks.
- Clearer documentation: We’ve updated our internal guides to explain the specific triggers for each severity level.
These changes make Material more transparent and easier to integrate into your existing workflows. When our platform flags something, you can trust that the "why" is grounded in the same logic your team uses every day.
Moving forward
These updates are all focused on the same core principle: security tools should work for the person using them, not the other way around. Whether it’s removing the friction of a query language or providing a clearer view of an account's blast radius, we want to make your time in the cloud workspace as efficient as possible.
To learn more or see how Material's latest updates can simplify your day-to-day, contact us for a demo today.