Loading...
Material Security logo

Material Security

material.security ↗ Enterprise 2 sectors

About Material Security

Material Security provides phishing protection, account takeover prevention, and email DLP for Google Workspace and Microsoft 365. The company offers a detection and response platform built specifically for cloud workspaces, providing holistic security and automation to protect sensitive data and prevent incidents. Founded by engineers who experienced the limitations of traditional tools firsthand, Material is designed to be intuitive and scalable.

Why Notable

Email DLP; workspace detection & response

Sector Coverage

Feature Coverage

Account Security

Account takeover containment full Detects and contains unauthorized account access to limit breach damage.
Blast-radius reduction full Designed on an assume-compromise model to minimize downstream damage.
Mailbox-sensitive-data protection full Prevents immediate access to the most sensitive mailbox data after compromise.
Cloud-file-sensitive-data protection full Prevents immediate access to the most sensitive cloud-file data after compromise.
Protection beyond password compromise full Assumes a stolen password alone should not unlock sensitive data.
Protection beyond MFA-token compromise full Designed to reduce damage even when MFA tokens are compromised.
OAuth app monitoring full Monitors and helps restrict third-party OAuth apps.
Account activity monitoring full Monitors account activity and risk signals.
Google Security Center workflow support full Positions Material alongside Google Security Center workflows.
Investigation support for takeover risk full Supports investigation of account-takeover indicators in cloud workspace context.
Forwarding-rule change monitoring full Can alert on new forwarding-rule creation or modification.
Event subscriptions full Supports event-subscription-based alerting for selected behaviors.
Slack alert delivery full Can deliver certain alerts to Slack.
Email alert delivery full Can deliver alerts by email.
Webhook alert delivery full Can deliver alerts by webhook.
Email-behavior compromise signals full Uses email behavior such as forwarding changes as account-compromise indicators.
Behavioral anomaly detection full Highlights subtle timing, recipient, data-access, device, and location anomalies after takeover.
Recipient-pattern anomaly detection full Uses unusual recipient behavior as an ATO signal.
Device anomaly detection full Uses device changes as a possible compromise signal.
Location anomaly detection full Uses location changes as a possible compromise signal.

Data Protection

Sensitive email classification full Automatically classifies sensitive email content in inboxes.
In-place email redaction full Redacts sensitive email content in place after a configured period.
Out-of-band MFA to unlock email full Requires out-of-band MFA to access protected sensitive email.
Unlock audit logging full Logs successful and unsuccessful attempts to unlock protected email.
Email DLP for mailbox content full Protects sensitive mailbox content with additional controls.
On-demand retrieval for legitimate users full Allows legitimate users to retrieve protected content when needed.
Duo integration for email unlock full Supports Duo as an extra-authentication method for protected email retrieval.
Okta integration for email unlock full Supports Okta as an extra-authentication method for protected email retrieval.
Modern cloud-workspace DLP full Frames DLP as identity-aware, automation-driven protection for cloud workspaces.
Monitor unauthorized sharing of Docs/Drive/Sheets full Supports monitoring for unauthorized sharing across Google collaboration assets.
AI-driven scans and alerts full Uses AI-driven scans and alerts for risky behavior or potential breaches.
Automated incident management full Automates incident management to respond quickly to data risk.

Deployment & Security

API-based deployment full Connects via native Google Workspace and Microsoft 365 APIs.
No MX record changes full Deploys without changing mail routing or MX records.
Zero-downtime rollout full Designed for rollout with no downtime.
Fast deployment full Advertised as deployable in minutes.
Selective implementation full Features can be enabled selectively for specific users or teams.
Group sync for targeted rollout full Syncs groups from Active Directory, Google, or identity providers for staged rollout.
Default opt-in deployment model full Supports opt-in style deployment at the user or team level.
Agent-free architecture full No agents, plug-ins, or end-user software installs required.
Admin console controls full Features are enabled and managed directly through the admin console.
Single-tenant deployment option full Can be deployed in an isolated single-tenant instance.
Fully managed deployment full Material-operated SaaS deployment option.
Semi-managed deployment full Material operates it, while customer has full access to infrastructure.
Customer-managed deployment full Customer owns infrastructure access while Material deploys updates.
Infrastructure control full Customers can audit usage, manage data and access, and add security tooling.
Role-based access control full Built-in admin roles help prevent abuse.
Immutable audit logs full Tracks admin activity and application events in immutable audit logs.
Single sign-on for admin console full Admin-console access can be gated with existing IdP via SSO.
SOC 2 Type II controls full Has a SOC 2 Type II report for security-control design and operation.
Regular penetration testing full Undergoes recurring external penetration testing.
Private bug bounty program full Runs a private HackerOne bug bounty program.

Email Security

API-first email security full Replaces perimeter-only SEG approach with direct cloud-workspace integration.
Post-delivery visibility full Sees what happens to messages after delivery inside mailboxes.
Internal mail visibility full Analyzes internal email activity in addition to inbound mail.
Historical email visibility full Uses historical message context to improve threat understanding.
Behavior-aware email detection full Incorporates user behavior into threat detection.
Business Email Compromise detection full Designed to detect BEC attacks that lack obvious payloads.
Spear phishing detection full Detects targeted spear-phishing attacks.
Partner-account abuse visibility full Helps catch attacks coming from compromised legitimate accounts.
No added mail latency full Avoids SEG-style mail-flow routing delays.
Preserves native workflows full Avoids breaking native Google Workspace or Microsoft 365 workflows.
Automated message finding full Can find every instance of a malicious message across inboxes.
Delete message remediation full Can delete malicious messages as a response action.
Move-to-spam remediation full Can move malicious messages to spam.
Speedbump remediation full Can place friction controls on suspicious email based on risk appetite.
Continuous in-mailbox monitoring full Provides ongoing monitoring inside delivered mailboxes.
Real-time environment visibility full Maintains real-time view of the mail environment.
Cloud-workspace-native email response full Uses cloud APIs to investigate and act inside the user environment.
Internal BEC prevention full Locks down compromised accounts in real time to reduce internal BEC launch risk.
Cloud-workspace-native BEC response full Approaches BEC through direct workspace visibility rather than gateway-only controls.
Phishing protection for Google Workspace full Extends anti-phishing coverage beyond the inbox into Drive, Docs, and Sheets exposure risk.
Calendar invitation attack coverage full Addresses phishing attacks delivered through calendar invitations.
Google calendar-attack relevance full Frames calendar invite attacks as relevant to Google Workspace accounts.
Microsoft 365 calendar-attack relevance full Frames calendar invite attacks as relevant to Microsoft 365 accounts.

Email Security / User Report Response

User-reported phishing automation full Automates the lifecycle of user-reported phishing investigations.
AI agent for report triage full Uses an AI agent to triage reported email.
AI agent for investigation full AI agent investigates reported threats.
AI agent for remediation full AI agent carries through to remediation actions.
Abuse mailbox automation full Turns a user-report mailbox into an automated defense workflow.
Duplicate report collapse full Reduces repeated analyst work when many users report the same campaign.
Instant workforce-wide protection full Uses one report to protect the broader user base quickly.
Queue reduction full Cuts volume and toil in the phishing-report queue.
Header-analysis assistance full Automates parts of the message-analysis process that analysts usually do manually.
Link-analysis assistance full Automates link investigation for reported messages.
Sender-reputation investigation assistance full Automates sender review steps in reported message triage.

File Security

Google Drive file-security controls full Secures sensitive Google Drive files without broad restrictive blocking.
Deep file-sharing visibility full Shows how files are shared and who has access.
Pragmatic automated controls full Applies automated risk controls instead of blunt blocking.
Collaboration-preserving file security full Designed to reduce risk without hampering legitimate collaboration.
Context-aware file decisions full Lets teams distinguish low-risk shared files from truly sensitive documents.
Continuous file-risk management full Avoids stale periodic audits with ongoing risk monitoring.
Drive data classification full Analyzes Google Drive content to identify sensitive data.
Overexposure detection full Detects sensitive Drive content that is overexposed.
Public-sharing detection full Identifies publicly shared sensitive data.
Risky-third-party-access detection full Identifies sensitive files accessible by risky third parties.
Automated least-privilege remediation full Revokes unnecessary access to enforce least privilege.
Drive security gap analysis full Frames Drive protection as an ongoing process requiring visibility and automation.
Automated remediation for Drive full Automates responses to Google Drive exposure issues.

File Security / AI Governance

Gemini labeling enhancement for Drive full Improves sensitive-data labeling in Google Drive for AI-era workflows.
AI-search-era Drive lockdown full Positions Drive controls to reduce exposure before enterprise AI search broadens data access.

Google Workspace Operations

Unified view across Google security domains full Unifies visibility across email, identity, data, posture, and files in Google Workspace.
Reduction of manual phishing triage full Automates triage of user-reported phishing in Google Workspace.
Reduction of manual data-exposure audits full Reduces manual auditing of sensitive Google Drive files and permissions.
Google misconfiguration risk reduction full Helps surface and fix configuration complexity and misconfiguration.
Google-drive toxic-combination detection full Identifies combinations of sensitive data, excessive permissions, and risky external sharing.
Automated revoke-access workflow full Can revoke access when a risky file-sharing condition is found.
File quarantine workflow full Can quarantine a risky file when conditions warrant.
Zero-trust mailbox access protection full Requires MFA to access sensitive mailbox data even after compromise.
No in-house engineering requirement full Aims to operationalize Google security without custom in-house engineering work.
Risk analysis of user behaviors full Assesses user-behavior risk in Google Workspace.
Risk analysis of sensitive data in files full Assesses sensitive-data risk in shared files.
Risk analysis of posture settings full Assesses risky posture settings.
Google API integration support full Integrates directly with Google via API to streamline security operations.
Detection and response for strategy gaps full Adds detection and response where native controls need operational help.

Google Workspace Security

Gmail protection full Protects Gmail as part of unified Google Workspace coverage.
Google Drive protection full Protects Google Drive as part of unified workspace coverage.
Account protection for Google full Protects Google accounts and related identity risks.
Configuration visibility for Google full Covers Google Workspace configuration and posture visibility.
Automatic issue fixing full Designed to identify and fix issues across email, files, and accounts.
Automated investigation and response full Provides automated investigation and response to email attacks.
Flexible message remediation options full Supports multiple remediation choices for detected messages.
Search and investigate incidents in real time full Includes interactive incident search and investigation workflows.
Out-of-box protection full Positioned as providing immediate protection without lengthy tuning.
Control over Drive sharing full Extends visibility and control into Drive-sharing risk.

Integrations

Cloud Office integrations full Provides integration category for core cloud-office platforms.
SIEM and logging integrations full Provides integration category for SIEM and log-management tools.
SOAR and automation integrations full Provides integration category for SOAR and automation tools.
IT and ticketing integrations full Provides integration category for IT and ticketing tools.
Cloud platform integrations full Provides integration category for cloud platforms.
Team notification integrations full Provides integration category for team-notification tools.
Identity integrations full Provides integration category for identity tools.
High-fidelity enriched context export full Exports workspace events with user behavior, file exposure, malicious-artifact details, and other context.
Noise reduction before downstream export full Filters noise before sending intelligence into the rest of the stack.
Flexible architecture for broad interoperability full Designed to connect with virtually any tool in the environment.
Webhook-based universal connection model full Uses flexible webhooks to enable near-universal connections.

Material Integrations

Cloud workspace intelligence full Exports cloud-workspace detection and response context into the rest of the security and IT ecosystem.
Real-time event streaming full Pushes workspace events to SIEM or SOAR in real time for faster response.

Material Platform

Cloud workspace security platform full Unified detection and response platform for email, identity, and data threats in Google Workspace and Microsoft 365.
Google Workspace support full Protects Gmail, Drive, accounts, configuration, and posture for Google Workspace environments.
Microsoft 365 support full Adds advanced visibility and controls across Microsoft 365 for email threats, data sprawl, posture, and risky user behavior.
Built for cloud workspaces full Positioned as purpose-built for Google Workspace and Microsoft 365 instead of retrofitted legacy gateway tooling.
Unified detection and response full Combines visibility plus automatic remediation across email, files, and accounts.
Continuous security posture visibility full Delivers ongoing visibility into workspace security posture, not just point-in-time checks.
5 Minute Workspace Evaluation full Free scorecard workflow that evaluates email, file, and account security and returns actionable recommendations.
Actionable recommendations full Scorecard produces recommended fixes for gaps in email, file, account, and configuration security.

Microsoft 365 Security

Advanced Microsoft 365 visibility full Adds visibility in hard-to-address areas of Microsoft 365 security.
AI/ML threat detection full Uses AI/ML techniques to identify advanced email attacks.
Threat-research-backed detections full Combines proactive threat research with automated detection.
Impersonation attack detection full Detects impersonation threats.
Smart data classification full Automatically classifies sensitive data.
Sensitive-content protection full Protects sensitive content against unauthorized access.
Security posture maintenance full Detects misconfiguration and risky behavior across the cloud office.
Deep context for Microsoft 365 issues full Provides broader visibility and deeper context for remediation.
Contain lateral movement after takeover full Helps limit attacker expansion and lateral movement after account compromise.
Resource-level controls full Applies controls at the resource level, not just account level.
Open-source library enriched detections full Detection engine incorporates open-source libraries.
IOC-enriched detections full Detection engine incorporates indicators of compromise.
Native-alert-enriched detections full Detection engine incorporates native alerts.
User-report-enriched detections full Detection engine incorporates user-reported signals.

Operations / Investigation

Actionable-signal focused UX full Design philosophy emphasizes removing friction and surfacing actionable signal clearly.
Security-data visualization emphasis full Focuses on clear visualizations to make complex security data easier to use.
Simplified investigation search full January 2026 update highlights simpler search during investigations.
Cross-risk context linking full Connects disparate risks across the cloud workspace for faster triage.
Faster triage workflows full Improves triage speed by correlating related risks.
Automated remediation across calendar, inbox, and Drive full Latest updates highlight automated remediation spanning calendar invites, inboxes, and Google Drive.
Deeper detection context full Adds deeper context and transparency into detection logic.
Detection-logic transparency full Provides more transparency into why detections fired.

Shadow IT / AI Governance

Shadow IT discovery from email metadata full Discovers third-party app usage by analyzing password resets, account confirmations, and security alerts in email.
Unauthorized AI tool discovery full Surfaces use of unauthorized AI tools connected to the workspace.
Third-party app inventorying full Helps create visibility into applications employees are using.
SSO-independent app discovery full Can identify tools even when they are not managed by SSO.
Third-party app risk understanding full Helps teams understand employee usage of connected apps.
Controls to reduce third-party data leakage full Supports controls intended to prevent data leakage through connected apps.
Controls to reduce third-party ATO risk full Supports controls intended to reduce account-takeover risk introduced by third-party apps.
OAuth scope risk visibility full Surfaces the risk of overly broad OAuth scopes granted to third-party apps.
Compliance exposure visibility for shadow apps full Highlights compliance risks from use of unvetted applications.
Unsanctioned-app ATO risk management full Describes containing and remediating risky app data access linked to shadow OAuth apps.
Shadow-app attack-surface visibility full Shows how untracked apps expand the attack surface.

Related Security Awareness Vendors

Vendor Directory
Lookup Tools
Analysis
Bulk & Enterprise
Resources
Close