KnowBe4 launches AI-powered Prevent to tackle email risk
The company stated that the new tool uses advanced machine learning, neural networks, and behavioural analytics to help employees avoid sending emails and attachments to unintended recipients. The release follows the earlier deployment of Prevent Enterprise and represents a broader offering now available to suit organisations of varying sizes.
AI for outbound security
According to KnowBe4, increasing digital communications amplify the risk of human error, which remains the leading contributor to data breaches. Quoting industry data, the company noted that "In 2025, human error remains the leading cause of data breaches (according to Verizon, 60% of incidents involve the 'human element')." Risks from email include exposing sensitive information to the wrong individuals, misattaching files, or including confidential data inadvertently. Penalties for such breaches reportedly include financial losses and reputational harm.
Traditional data loss prevention solutions, KnowBe4 asserted, often rely on static rules and lack the real-time contextual sensitivity required to track what is being sent, to whom, and when.
Prevent aims to address these limitations. It alerts users in real time when they are on the verge of sending information to unintended recipients, and actively detects a range of outbound email security threats. These include misdirected emails, unauthorised sharing of sensitive data, responses to suspicious emails and new domains, as well as attempts at data exfiltration from malicious insiders or compromised accounts. For customers using the Prevent Enterprise version, additional controls are available against the unauthorised disclosure and the transmission of hidden data within attachments.
Reporting and behavioural analytics
The product also incorporates detailed reporting and analytics tools. These give security teams visibility into organisation-wide outbound security risks, chart users' interactions with Prevent's prompts, and quantify the incidents averted to help demonstrate the product's efficacy and return on investment. Outbound email risk continues to be one of the most persistent and costly challenges an organization can face – one that requires smarter, more adaptive approaches to effectively address them. KnowBe4 has a proven track record of effectively addressing Human Risk Management, so we are proud to expand that coverage to include outbound email risk. Prevent is the most intelligent and proactive outbound email security product among today's email data loss prevention methods. Unlike traditional products, it uses advanced machine learning and contextual understanding of user behavior to identify risky actions in real time and prevent a data breach before it occurs. This allows organizations to stop incidents at the source, empower employees to make safer decisions, and enable security teams to manage and reduce risk at scale.
These remarks were made by Greg Kras, Chief Product Officer at KnowBe4, as part of the launch statement.
Market context
The arrival of KnowBe4 Prevent comes as businesses across sectors face increasing regulatory expectations on data protection, particularly with rising numbers of incidents attributed to employee mistakes in digital communications. The implementation of technologies that support real-time monitoring and adaptive intervention is emerging as a trend in organisational approaches to human risk management.
With over 70,000 organisations worldwide reportedly using KnowBe4's broader platform, the introduction of Prevent represents the company's continued emphasis on combining technological and human factors in cybersecurity protocols. The platform's range includes awareness and compliance training, email security, real-time coaching, anti-phishing capabilities, and defence agents driven by artificial intelligence, with the intention to help organisations move from being vulnerable to becoming more resilient assets within their own systems.
Try Our AI Features
Explore what Daily8 AI can do for you:
Comments
No comments yet...
Related Articles
Techday NZ
a day ago
- Techday NZ
KnowBe4, Microsoft add real-time security to Edge for Business
KnowBe4 and Microsoft have announced a new integration between the KnowBe4 SecurityCoach platform and Microsoft Edge for Business aimed at addressing risky online user behaviours. The integration is designed to provide real-time security guidance to users when potentially dangerous actions are detected in the browser, such as reusing passwords, visiting blocked sites, or attempting to bypass security warnings. By leveraging native security signals and browser activity, the solution delivers learning opportunities within seconds of an at-risk behaviour occurring. Industry reports indicate an increasing threat landscape associated with browser usage. Menlo Security recently reported a 140% increase in browser-based phishing attacks, highlighting the importance of strengthening defence mechanisms at the browser level. The collaboration makes KnowBe4 one of the few human risk management platforms featuring a built-in reporting connector for Microsoft Edge for Business. This function is intended to support organisations operating within the Microsoft ecosystem, helping them maximise investments in their current security technologies while encouraging a stronger culture of security awareness. "This new integration presents an ideal opportunity to turn people-centric cybersecurity risks into teachable moments that will ultimately help to better protect businesses. This integration continues KnowBe4 innovation with Microsoft, building upon our successful KnowBe4 Defend integration with Microsoft Defender for Office 365 that launched earlier this year. It also bridges the gap between a company's technical defenses and its users, transforming the biggest potential vulnerability into the strongest asset. We look forward to offering this to our global SecurityCoach customers to help them enhance their security efforts," said Stuart Clark, VP of Product Strategy at KnowBe4. As an increasing number of organisations rely on the browser for primary work activities, the need to ensure proper protection at this endpoint has become more pressing. The new integration targets human error and behaviour - the common weak point in many cyber defence strategies - by combining technical monitoring with immediate user education. "As the browser becomes the primary workspace for users, securing this critical endpoint is essential. We're pleased to see KnowBe4 SecurityCoach integrate with Microsoft Edge to help organizations improve management of human risk and strengthen their security posture," said Arunesh Chandra, Principal Product Manager for Microsoft Edge for Business. The integration with Microsoft Edge for Business builds on previous collaborations between KnowBe4 and Microsoft, including the earlier launch of KnowBe4 Defend compatibility with Microsoft Defender for Office 365. Together, these harmonised solutions are positioned to support organisations in countering the growing array of cyber threats that target human behaviour as much as technological infrastructure. By prompting employees to recognise and correct unsafe practices instantly, organisations can better address the human element of information security. The approach is aligned with broader trends in cybersecurity which seek to reinforce defensive measures not only through technical controls but also through targeted education and user engagement. KnowBe4 reports that it is trusted by more than 70,000 organisations worldwide, providing a range of solutions built around shaping employee behaviour to reduce security risks. Its HRM+ platform includes components such as awareness and compliance training, AI-driven response tools, and real-time user coaching. Follow us on: Share on:
Techday NZ
3 days ago
- Techday NZ
Tenable adds AI to VPR for sharper, real-time risk detection
Tenable has announced enhancements to its Vulnerability Priority Rating (VPR), focusing on precise risk identification and remediation for security teams. The updated VPR, now driven by generative artificial intelligence, provides organisations with contextual threat intelligence and real-time prioritisation to highlight vulnerabilities that pose the most significant risk to business operations. The changes aim to address longstanding challenges in vulnerability management. Sharper risk focus The company's VPR was first introduced in 2019 as a counterpoint to the broad scoring provided by the Common Vulnerability Scoring System (CVSS). While CVSS designates approximately 60% of vulnerabilities as high or critical, the original VPR narrowed the focus to just 3%. With the latest enhancements, Tenable reports that only 1.6% of vulnerabilities are now marked as representing genuine business risk, supported by real-time data and improved analytics. Jorge Orchilles, Senior Director, Readiness and Proactive Security at Verizon, described the practical impact that targeted vulnerability data has had on operational efficacy. "Our biggest problem was noise. We had thousands of vulnerabilities, and no clear way to know which ones posed a genuine threat," said Orchilles. "Tenable VPR changed that by showing us what attackers are actually exploiting right now. It lets us focus our resources on the handful of issues that truly matter, which has made a real, measurable difference in how quickly we can get critical patches out." AI-driven insights and explainability The enhancements are underpinned by generative AI, which produces tailored threat summaries and remediation advice. VPR's AI-powered insights are designed to help users quickly interpret why a particular vulnerability matters, its weaponisation by threat actors, and what actions are immediately necessary to mitigate risk. The technology delivers instant clarity to enable faster remediation and more strategic use of resources. Eric Doerr, Chief Product Officer at Tenable, outlined the strategic value of these new capabilities for organisations managing cyber risk. "We're taking our game-changing Tenable VPR to the next level with these AI-powered enhancements," said Doerr. "Tenable VPR brings an unmatched precision and depth of threat intelligence, context and explainability to cyber operations. With these critical insights at their fingertips, organisations can clearly visualise why an exposure matters, where they are vulnerable and how to close their priority risks." Industry and regional context A key feature of the updated VPR is its ability to apply industry- and region-specific threat context. Enhanced filtering, querying and use of metadata enable organisations to refine vulnerability prioritisation by relevance to their sector or area of operation. This approach ensures that security teams can address the exposures most relevant to their business environment, rather than relying on generic risk scores. According to the company, these changes are expected to support reduced mean-time-to-remediation and more strategic alignment between cybersecurity efforts and broader organisational goals. By providing more precise, context-rich data, Tenable aims to help organisations allocate security resources where they have the greatest impact. The latest iteration of Tenable's VPR builds on its previous reputation for prioritising threats and reducing the noise associated with vulnerability management. Through the addition of AI-driven explainability and tailored risk measures, the update is intended to allow cybersecurity and risk management teams to respond faster and more effectively to emerging threats. Follow us on: Share on:
Techday NZ
6 days ago
- Techday NZ
ManageEngine AD360 adds identity risk & MFA to combat breaches
ManageEngine has announced the general availability of new identity risk exposure management and local user multifactor authentication (MFA) features in its AD360 identity and access management platform. The new features are intended to help security teams detect privilege escalation risks and secure unmanaged local accounts, two attack vectors that are frequently targeted by threat actors. These additions come amid continuing concern over identity-centric breaches, as reported in Verizon's 2025 Data Breach Investigations Report, which found that credential abuse was the initial access vector in 22% of breaches and highlighted ongoing exploitation of mismanaged local accounts and privilege chains. Manikandan Thangaraj, Vice President of ManageEngine, said, With this release, ManageEngine AD360 moves beyond traditional IAM by embedding identity threat defences into core identity operations. By turning identity data into actionable security insights, we're helping customers make IAM the first line of defence, not a check box. The update to AD360 introduces risk exposure mapping using attack path analysis, as well as the ability to enforce MFA on local accounts. According to ManageEngine, these capabilities are designed to assist enterprises in closing attack paths that may otherwise go undetected, thereby advancing the role of identity management from basic access control to active security enforcement. Risk exposure management The identity risk exposure management feature operates using graph-based analysis to map lateral movement and privilege escalation paths within Active Directory (AD). By representing AD objects as nodes and privilege inheritance as lines, the system models and visualises attack chains in real time. It automatically prioritises risky AD configurations and provides IT staff with actionable remediation steps, enabling organisations to address threats proactively. Local account MFA enforcement The new local user MFA capability extends adaptive MFA protections beyond domain-joined devices, allowing enterprises to secure credentials on local accounts that reside on non domain-joined servers, assets in demilitarised zones (DMZ), and in test environments. This move is intended to mitigate risks associated with credential stuffing and persistence techniques, which have proven effective in attacks on unmanaged local accounts. Machine learning-driven recommendations ManageEngine has also incorporated machine learning (ML) into AD360 to support access recommendations. During both provisioning and periodic access review campaigns, the software now analyses permission patterns and suggests adjustments designed to enforce least privilege access. This is expected to reduce the incidence of excess entitlements and consequently limit attackers' ability to move laterally following an initial compromise. Access certification and governance Enhancements to the platform's access certification module include expanded entitlements for more comprehensive review coverage. The risk assessment capabilities now feature additional indicators for improved identity risk monitoring across both Active Directory and Microsoft 365 environments. ManageEngine states that these changes are aimed at improving compliance reporting and strengthening access governance across enterprise environments. The newly added features in AD360 are intended to support compliance with NIST SP 800-207 for Zero Trust architecture, align with PCI DSS Version 4.0 Requirement 8, and facilitate controls for SOX, HIPAA and GDPR regulations. AD360 is positioned by ManageEngine as a single-console, unified identity platform designed to provide visibility and control over enterprise identity infrastructure. The platform offers automated lifecycle management, secure single sign-on (SSO), adaptive MFA, risk-based governance, auditing, compliance and identity analytics, with built-in integrations and support for custom connectors to fit into existing IT environments.
