Skip to content
Email Security

Your mailbox already has a filter. It was never built to stop this.

Default mailbox filtering catches spam. It was never designed to catch a targeted business-email-compromise attempt written specifically for your finance team. We layer dedicated email security, powered by Check Point, over the mailbox you already run.

Engagement snapshotGMAN IT
#1Attack vector into Australian businesses
Check PointEnterprise email security, managed
EnquirePer endpoint/mo, resold & managed
ManagedConfigured, tuned & monitored by us
The layer your provider assumes is enough

“We have spam filtering” is not an email-security programme.

Business email compromise doesn't look like spam. It looks like your supplier, your CEO, or your bank, sent from a lookalike domain that passed every default check. Default mailbox filtering was built for volume, not for the one targeted email that matters.

How GMAN protects

Layers your default filter was never built to run.

Each layer closes a gap the one before it leaves open. Nothing relies on a single check passing.

  1. 01

    We assume the default filter already failed

    Advanced threat protection sandboxes attachments and rewrites links, catching what a bulk-spam filter was never built to see.

  2. 02

    We stop your own domain being spoofed

    SPF, DKIM and DMARC are enforced, not just configured, so a lookalike send of your own domain is rejected outright.

  3. 03

    We hunt impersonation, not just malware

    Business-email-compromise detection flags the language patterns and lookalike domains a virus scanner has no reason to check.

  4. 04

    We close the loop with your people

    A one-click report button feeds every near-miss back into your awareness training, so the human layer keeps improving.

What’s deployed

6 controls. One accountable partner.

Every line below is deployed, monitored, and maintained by us — not a part-time attention split across your other vendors.

Deployed and maintained by us

Email Security — Inclusions Ledger

  1. Advanced threat protection (attachment sandboxing, link rewriting)Content is detonated and links checked at the moment of click, not just at delivery.
  2. SPF / DKIM / DMARC enforcement on your domainEnforced, not merely configured — a spoofed send of your own domain is rejected.
  3. Business-email-compromise & impersonation detectionFlags the lookalike domain and the language pattern, not just the malware.
  4. Quarantine management, tuned to your businessFalse positives are tuned out over time instead of trained staff ignoring every warning.
  5. One-click phishing reporting, staff-facingFeeds every near-miss back into your awareness-training loop.
  6. Monthly filtering & incident reportWhat was stopped, what was reported, and what changed — in plain English.
Layered defence
The signature peak

What gets through, layer by layer.

Start at the default filter everyone already has. Watch the gap close as each layer is added.

  1. L0

    Default mailbox filter

    Gap remains

    Stops

    • Bulk spam
    • Known malware attachments

    Still gets through

    • Lookalike-domain BEC
    • Invoice-fraud requests
    • Credential-phishing links
    • Executive impersonation
  2. L1

    Advanced threat protection

    Gap remains

    Stops

    • Malicious attachments, sandboxed rather than just scanned
    • Malicious links, rewritten and checked at click-time

    Still gets through

    • Lookalike-domain BEC
    • Executive impersonation
  3. L2

    Domain authentication (SPF / DKIM / DMARC)

    Gap remains

    Stops

    • Spoofed sends of your own domain

    Still gets through

    • Lookalike-domain BEC
    • Executive impersonation
  4. L3

    Impersonation & BEC detection

    Fully closed

    Stops

    • Lookalike-domain BEC
    • Executive-impersonation language patterns
  5. L4

    The reporting habit

    Fully closed

    Stops

    • The one that still looks legitimate — reported by a trained employee before anyone acts on it
Operational security excellence

We don't describe the work. We show it.

Case file · Legal · Melbourne · redacted

A lookalike domain, one character different, caught before the transfer.

  • An email from a domain one character removed from a real counterpart requested updated trust-account details.
  • Domain-authentication enforcement flagged the send as failing DMARC alignment.
  • The email was quarantined before it reached the trust-account administrator.

The fraudulent transfer was never initiated, and the firm's professional-indemnity insurer was notified as a non-event.

Read the full file

The complete teardown — every gap found and closed — sent to your inbox. No call required.

One email, the file, nothing else. We don't sell lists — discretion is the work.

The next targeted email is already written. Make sure it never lands.

A Cyber Risk Assessment shows exactly where you stand, and what it takes to close it. Credited toward your first year of protection.