Continuous Detection and Response
Cloud Email Protection’s Continuous Detection and Response (CDR) feature allows organizations to protect against dormant, malicious messages, and to prevent or mitigate data breaches as new threat intelligence is discovered.
CDR discovers latent malicious email messages in inboxes across the organization, automatically removes the malicious messages by deleting or quarantining them, and determines how widespread the incident of malicious messages is within your organization.
The CDR indicator on the right of the Cloud Email Protection dashboard indicates how many threats CDR has detected.
The Discovered Messages number represent the messages in your organization that have been found via CDR.
Continuous Detection and Response Details
The threat intelligence comes into CDR from multiple feeds:
CDR works within the Cloud Email Protection ecosystem to identify and remove phishing campaigns identified through multiple methods which include BEC threat research, confirmed indicators from user reported phishing, and email threat operations analysts.
When threats are detected, CDR can quarantine or delete messages that contain those threats from inboxes throughout your organization, similar to the way explicitly created policies perform these actions.
NOTE: If a message matches multiple policies with different enforcement actions, the Move to Inbox action takes highest precedence, followed by the Delete action, followed by the label with the highest position in Enforcement Settings. See Policies for more information.
Continuous Detection and Response Requirements
Continuous Detection and Response requires the Cloud Email Protection Sensor configured to journal messages. (Also known as dual delivery. See Sensor Deployment for details.)