.png)
.png)
.png)
Material’s latest updates deliver unified threat visibility, broader automated response capabilities, and smarter phishing intelligence.
Over the past three months, the team here at Material has been quietly and steadily delivering product enhancements that push forward our vision of EDR for email – extending protection beyond the old perimeter-focused model. We’ve focused on building features that make security teams more effective without adding extra work, while optimizing the value of your existing security stack.
The result is a set of updates that reinforces our unique approach to securing the entire cloud office, keeping up with (and often ahead of) the best email security tools in the market. In this post, we’ll reflect on these updates and how they contribute to a more resilient and confident security posture for your organization.
Unified threat visibility with the new overview dashboard
One of the most impactful changes this quarter is the introduction of our Overview Dashboard, a new primary landing experience that gives you a high-level yet information rich view of the state of your cloud office security at a glance. Instead of overwhelming you with raw alert counts, the Overview Dashboard surfaces the threats and insight that truly matter, all in one place. This means when you log in, you immediately see meaningful indicators of risk across your cloud office: whether it’s a surge of phishing attempts, a new detected account anomaly, or a risky file share, all without digging through multiple screens.
.png)
Importantly, this dashboard highlights the areas where Material excels, subtly underscoring what sets us apart from traditional email security products. Many legacy solutions fixate only on the inbound email gate (focusing on whether a phish got blocked or not), leaving teams blind to what happens after an attacker slips through.
By contrast, Material’s dashboard brings into view those often-overlooked signals of compromise beyond just a malicious email. For example, you might see an alert about a suspicious spike in email forwarding rules or a misconfigured file sharing link – the kinds of subtle yet critical indicators of risk that a tool focused purely on inbound email security would miss. Each insight on the dashboard is also immediately actionable: clear callouts and one click drilldowns ensure that if something needs your attention, you can act on it swiftly.
In short, the Overview Dashboard isn’t just a pretty report, it’s a working command center that makes key security insights more accessible and more actionable, helping lean security teams prioritize and respond with confidence.
Real-time response: integration with Okta via SSF
Another exciting development is our new integration with Okta through their Security Signals Framework (SSF). We know from countless conversations with security teams that one of the biggest challenges isn’t the lack of alerts, but lag between an alert and a meaningful response. This integration closes the gap by connecting our high-fidelity detections to Okta’s identity management in real time.
In practice, whenever Material detects a security issue in your cloud office, say a suspicious mailbox forwarding rule or a risky login, it immediately sends a signal to your Okta tenant via SSF. Okta listens for these signals and can automatically launch predefined “if-this-then-that” workflows in response.
By piping Material’s detections into Okta’s identity platform, we enable instant, automated containment actions that shrink an attack’s blast radius before your team even has time to reach for the keyboard. The integration effectively lets your tools do the first wave of response for you at machine speed. For a small security team, this provides true defense-in-depth without the overhead. As we’ve heard from users, it delivers enterprise-grade protection without the complexity or manual toil. We’re thrilled to see how organizations use this capability to craft creative, powerful security playbooks that make their cloud office safer by default.
Smoother phishing triage and investigation
Email remains the top threat vector, so catching and managing malicious messages is core to any security program. This quarter, we rolled out a series of UI improvements to make phishing review and investigation faster and easier than ever.
When a user reports a suspicious email or when Material flags a malicious message, the new Analysis section in the case view now provides a wealth of insight at a glance. We’ve revamped the layout to show all relevant details of the message in one place – you can inspect the email content, links, attachments, and headers side-by-side with a contextual timeline of events. To assist analysts, an AI-powered explainer now interprets technical email header data into plain-language insights, so you can quickly understand why a message was deemed suspicious without needing to be an email protocol expert.
We’ve also added more flexibility in how related messages are handled. The system automatically finds similar emails across your entire organization, so if an attacker blasted out variants of the same phish, you’ll see them grouped together. You can remediate them all with a single action instead of tackling each one-by-one. This not only saves time but ensures consistency – no lingering copies of a phish hiding in someone’s inbox.
.png)
And speaking of remediation, we’ve made it possible to take decisive action with fewer clicks. From the issue view, admins can now quickly block a malicious sender or conversely mark a sender as trusted if it was a false alarm, right then and there.
.png)
In essence, triaging a phishing incident in Material has become a frictionless experience: identify, decide, and act in one streamlined flow. Early feedback indicates these changes are reducing the average time to investigate and respond to phishing incidents significantly, which means less manual toil and faster protection for your users. As one customer put it, “Material’s getting them before it gets to the users,” allowing their team to focus on strategic work instead of firefighting.
Smarter phishing detection with AI & heuristics
Catching advanced threats is a constantly evolving game, and we’ve continued to sharpen our detectors on multiple fronts. On the AI side, our platform’s sender reputation modeling has grown more sophisticated. We’re using machine learning to notice subtle shifts in communication patterns that might indicate an impersonation or account takeover attempt – things like a normally quiet vendor suddenly emailing many employees, or an executive’s account sending atypical requests.
The system also remembers context, such as whether a given sender’s past emails have been flagged by users or caught in our filters before, to inform the risk scoring of new messages. By incorporating hundreds of signals about each email and sender, our models can pick likely phishing attempts out of noise with a fine-toothed comb, making it much harder for novel or AI-generated attack emails to slip through.
Material’s use of AI is pragmatic: we leverage it where it genuinely improves security outcomes, and the payoff is more accurate detection of threats like business email compromise (BEC) and socially-engineered attacks that legacy filters often miss.
At the same time, we know that machine learning isn’t a silver bullet, so we continue to invest heavily in our heuristic detection rules and threat research. Over the last quarter, our team has added and refined hundreds of expert-written rules to catch emerging phishing tactics. These rules are built from real-world intel – our researchers analyze new scams and craft precise signatures for the telltale signs of malicious emails.
We rigorously test each rule on large volumes of messages to ensure high accuracy (so we’re stopping bad emails, not good ones) before deploying it. From new PDF phishing lures, to cleverly obfuscated links, to the latest twists in credential-harvesting schemes, our rule library is continuously updated to recognize them. This ongoing expansion of our rule set means Material’s detection engine gets smarter every day: not just when the ML model retrains.
Why both AI and rules? Because the most effective defense is layered. We’ve learned that relying on any single technique will leave gaps – rules alone struggle to scale, and ML alone can be slow to adapt to brand new attacks. By combining multiple approaches in harmony, Material provides a safety net with far fewer holes.
Our models amplify the reach and speed of our rules, and vice versa, yielding a detection system stronger than the sum of its parts. It’s this balanced philosophy – blending human intelligence, machine intelligence, and even user-reported intelligence – that enables us to catch a wide array of threats with quiet confidence. As we like to say, no single approach can stop every modern attack, but a well-orchestrated mix of techniques can come pretty close.
Conclusion: building resilience across your cloud office
Each of these updates, from the new dashboard to the Okta integration to the detection upgrades, is a step forward in our mission to deliver resilient security for your entire cloud office. We’re continuing to move beyond the old “secure the gateway” mentality and toward a model where prevention, detection, and response work in unison across email, identities, and data.
It’s heartening to see our customers validate this direction – many tell us they immediately feel the difference in protection and efficiency when using Material versus more traditional tools. With Material’s focus on the full threat lifecycle (before, during, and after an incident), and our ability to safeguard the sensitive data and accounts that attackers target, organizations gain a level of security depth that stands out in the industry.
We’re proud of the quiet momentum we’ve maintained over the last few months. Rather than flashy one-off features, it’s this steady cadence of thoughtful improvements that strengthens the platform day by day.
For the lean security lead at a midsized company, this means you can rely on Material as a force multiplier – a solution that not only keeps up with sophisticated threats, but actually makes your job easier in the process. As the threat landscape continues to evolve, we remain confident and focused on what comes next. In the meantime, we invite you to explore these new capabilities, see how they fit into your workflows, and witness how Material Security is quietly redefining what it means to protect the cloud office. Here’s to building resilience, one update at a time.
.png)