cloudflare · Maddy-Cloudflare · Oct 7, 2025 · Sep 29, 2025 · Oct 1, 2025 · Oct 1, 2025
@@ -5,7 +5,19 @@ sidebar:
   order: 18
 ---
 
-PhishGuard is a managed email security service that provides resources for end-to-end phish and targeted attack management and response. With PhishGuard, you can preemptively block [phishing attacks](https://www.cloudflare.com/en-gb/learning/access-management/phishing-attack/), [malware](https://www.cloudflare.com/en-gb/learning/ddos/glossary/malware/), [Business Email Compromise (BEC)](https://www.cloudflare.com/en-gb/learning/email-security/business-email-compromise-bec/), and vendor email fraud.
+PhishGuard is a team of analysts that routinely inspects your email environment and responds to threats that come through your email inbox.
+
+While Email Security uses advanced technologies to protect your email inbox, PhishGuard offers an additional human component to protect your email environment against impersonation events, suspicious items, false negatives/false positives, and any new event that automated intelligent systems may miss due to a lack of context (for example, a compromised account activity).
+
+PhishGuard only works on a post-delivery environment (only emails that have already landed in your email inbox are reviewed). As a result, PhishGuard analysts may perform a [reclassification](/cloudflare-one/email-security/email-monitoring/search-email/#reclassify-messages) or [auto-move](/cloudflare-one/email-security/auto-moves/) based on their findings.
+
+PhishGuard coordinates with the email detections team, allowing you to directly request immediate detection for specific items and implement custom detections unique to your needs. An example of this is requesting to block all PayPal traffic if you do not use PayPal for invoicing. This capability allows you to take ownership over the rules governing your email environment through PhishGuard's human intervention.
+
+Additionally, PhishGuard analysts:
+
+- Use real-time threat data to identify malicious activity. Email-based threats are responded to rapidly, and immediately reported and documented. 
+- Review every [user](/cloudflare-one/email-security/email-monitoring/search-email/#user-submissions) and [team](/cloudflare-one/email-security/email-monitoring/search-email/#team-submissions) submission so your security team can focus on more critical activites.
+- Help you detect and mitigate threats faster, reducing the time attacks have access to your network. This also helps reducing business impact, because it prevents data breaches, financial loss, and reputational damage.
 
 To use PhishGuard:
 
@@ -35,15 +47,17 @@ The ROI Calculator displays:
 
 ## Insider threat defense
 
-An [insider threat](https://www.cloudflare.com/en-gb/learning/access-management/what-is-an-insider-threat/) is a risk to an organization's security stemming from someone associated with the organization.
+An [insider threat](https://www.cloudflare.com/en-gb/learning/access-management/what-is-an-insider-threat/) is a risk to an organization's security stemming from someone associated with the organization. PhishGuard looks for threat actor groups.
 
 Insider threat defense on the dashboard displays **Insider leads** and **Insider reports generated**. **Insider leads** displays the number of emails identified as potential insider threat email. **Insider reports generated** displays the number of reports created based on insider leads.
 
 ## Email threat hunting
 
-Email threat hunting displays previously unknown phishing attacks.
+PhishGuard reviews suspicious and highly malicious activity in your email environment.
+
+On the Zero Trust dashboard, email threat hunting displays previously unknown phishing attacks.
 
-Email threat hunting displays **Threat leads generated** and **Total reposts generated**.
+Email threat hunting also gives you information on **Threat leads generated** and **Total reposts generated**.
 
 ## Actions