Package Architecture & Components
Inbound Phishing Defense (INKY): Kali365 relies heavily on high-fidelity, AI-generated phishing emails impersonating trusted brands like DocuSign, Adobe, or SharePoint. INKY sits inline to catch these sophisticated lures. Using computer vision and machine learning, INKY dynamically analyzes email headers and body context, injecting clear, color-coded warning banners directly into the user's view to stop them from interacting with the device code instructions.
Identity & Session Monitoring (SaaS Alerts): If a user accidentally approves a Kali365 device code, the attacker immediately gains an active OAuth session. SaaS Alerts acts as our real-time behavioral watchdog. It monitors account activity 24/7, immediately flagging or automatically blocking suspicious behavior downstream—such as a sudden login from an unauthorized device, atypical geographic locations (impossible travel), or the immediate creation of malicious inbox forwarding rules designed to hide the breach.
Management & Hardening (Kaseya IT Complete Suite): The FBI’s primary technical recommendation to stop Kali365 is restricting or blocking the device code flow entirely. Through Kaseya, we centrally manage and deploy hardened security baselines across your environment. We configure Microsoft Entra ID Conditional Access policies to disable device code authorization for standard users, effectively shutting the door on the primary mechanism Kali365 exploits.
Resiliency & Data Recovery (SaaS Protection): Should a sophisticated threat actor successfully bypass perimeter controls and attempt to delete or exfiltrate corporate data within Outlook, Teams, or SharePoint, SaaS Protection (Datto/Kaseya) ensures continuity. It provides independent, automated cloud-to-cloud backups, allowing us to rapidly restore mailboxes and cloud drives to a clean state prior to the compromise.
Key Benefits
Bypasses the Bypass: Standard MFA is no longer enough. This package directly addresses token-theft and session hijacking.
Zero-Trust Identity Hardening: Restricts risky authentication protocols without disrupting day-to-day operations.
Immediate Blast Radius Control: If a token is stolen, SaaS Alerts minimizes dwell time by instantly detecting and killing anomalous sessions.
This product is a monthly subscription charged for each protected email account.