Account takeover attacks often begin with subtle anomalies in user behavior. LibraCyber ESG 5.6 addresses this with an adaptive, self-tuning ATP Automatic Quota Engine. The system continuously analyzes your organization’s historical email patterns to learn normal email activity and dynamically assign appropriate quotas to each user. When behavior deviates from those learned patterns, the system identifies potential compromise earlier and triggers protective actions automatically, minimizing the need for manual rule tuning while maximizing detection accuracy over time.

Administrators have full flexibility with two operational choices: you can manually assign email addresses to specific quota levels, or you can rely on the adaptive algorithm to adjust user quotas automatically based on recent email delivery behavior. All quota levels remain fully customizable, both per level and per domain, to precisely fit your organization's security profile.

Second Sight acts as an AI-assisted virtual security consultant right within the inbox, transforming email security into a collaborative process between end-users and security teams. When an email looks unusual or potentially malicious, users can request a deeper analysis directly within the LibraCyber environment. LibraCyber’s detection engines then perform an expanded inspection using contextual signals, behavioral patterns, and semantic analysis driven by the
Esvalabs AI engine to determine whether the message represents a genuine threat.

Instead of forcing users to immediately escalate every concern to the SOC, Second Sight provides an understandable overview for the end-user and a comprehensive technical breakdown for IT/SOC teams. This capability gives users immediate reassurance when evaluating high-risk communications—such as sensitive data submissions, new invoices, or suspicious supply-chain emails—while significantly reducing unnecessary SOC escalations and investigation workloads.

Administrators retain complete control and can manage access to this feature through granular permissions, ensuring only authorized users request and view security insights.

Whaling attacks focus on high-profile executives, representing one of the most dangerous and financially damaging forms of Business Email Compromise (BEC). This update introduces Automatic C-Suite Identification to streamline executive protection by automatically importing high-value targets from directory information within Microsoft 365 and Google
Workspace.

The system automatically recognizes C-level and executive users based on security group membership or job title patterns, removing the administrative burden of manually configuring individual security policies. This ensures all high-risk personas and relevant accounts—including secondary email addresses—are automatically wrapped in enhanced protections, reducing the likelihood that attackers can exploit leadership identities in targeted impersonation attacks.
Configuration stays completely up to date via automatic synchronization.

Version 5.6 introduces advanced controls to tighten email infrastructure and network security. Every incoming connection to LibraCyber ESG is automatically classified into a firewall zone according to the source IP’s network policy. The new configuration interface lets you easily review and customize the local firewall, check which services and ports are open for each zone, and block malicious networks (IoCs) directly at the firewall level. The LibraCyber security team ensures continuous protection by distributing automated, real-time IoC updates.

Additionally, infrastructure security is strengthened by allowing administrators to restrict SMTP authentication to defined network ranges. This ensures authentication is only allowed from trusted locations, shrinking the attack surface for credential abuse and preventing compromised accounts from being exploited outside authorized environments.