Automated mitigation of electronic message based security threats

What is claimed is: 1. A system comprising: a security enforcement point device disposed within a managed network, wherein the security enforcement point device applies a security policy to protect computing devices on the managed network from security threats; and a security decision point device disposed within a computational instance of a remote network management platform, wherein the computational instance is dedicated to serving the managed network, and wherein the security decision point device is configured to: receive a message by way of the managed network, wherein the message was obtained by a particular computing device of the computing devices, parse the message to identify observable indicators of one or more of the security threats, wherein the observable indicators include at least one of a network address, a hyperlink, or a representation of an attached file, remotely query a security threat database for the observable indicators, receive, from the security threat database, an indication that the observable indicators are not associated with any security threats, and transmit, to the security enforcement point device, a command to update the security policy applied to future messages received at the security enforcement point device and that have the observable indicators, such that the future messages having the observable indicators are classified as spam and not forwarded to the security decision point application. 2. The system of claim 1 , wherein the message is an email message containing the network address and the hyperlink, wherein the network address is contained within a header of the email message and is an Internet Protocol (IP) address from which the email message was sent, and wherein the hyperlink is a uniform resource locator (URL) contained within a body of the email message. 3. The system of claim 1 , wherein the message is an email message containing the network address and the hyperlink, wherein the network address is contained within a header of the email message and is a source email address, and wherein the hyperlink is a uniform resource locator (URL) contained within a body of the email message. 4. The system of claim 1 , wherein the representation of the attached file is a hash computed by applying a one-way function to the attached file. 5. The system of claim 1 , wherein the representation of the attached file is a name of the attached file. 6. The system of claim 1 , wherein receiving the message by way of the managed network comprises receiving the message as a forwarded email from the particular computing device. 7. The system of claim 1 , wherein the message is an email message that contains the attached file, wherein the email message was received by an email server device associated with the managed network, and wherein the security decision point device is configured to: query the email server device to determine a number of times that the attached file has been received by the email server device, a number of email accounts to which the attached file was delivered, or the email accounts to which the attached file was delivered. 8. The system of claim 1 , wherein the security decision point device is configured to: receive a second message by way of the managed network; parse the second message to identify second observable indicators of one or more of the security threats, wherein the second observable indicators include at least one of a second network address, a second hyperlink, or a second representation of a second attached file; remotely query the security threat database for the second observable indicators; receive, from the security threat database, a second indication that the second observable indicators are associated with a particular security threat; and transmit, to the security enforcement point device, a command to update the security policy such that the particular security threat is mitigated and that second future messages received at the security enforcement point device and that have the second observable indicators are blocked from being delivered. 9. The system of claim 8 , wherein the security enforcement point device is an email server device that receives email messages on behalf of the managed network, and wherein the updated security policy causes the email server device to prevent delivery of any of the received email messages that contain the second network address, the second hyperlink, or any file with characteristics that match the second representation of the second attached file. 10. The system of claim 8 , wherein the security enforcement point device is a firewall device on the managed network, and wherein the updated policy causes the firewall to block incoming network traffic from the second network address that contains the second hyperlink or any file with characteristics that match the second representation of the second attached file. 11. A method comprising: receiving, at a security decision point device disposed within a computational instance of a remote network management platform, a message by way of a managed network, wherein the message was obtained by a particular computing device disposed within the managed network, and wherein the computational instance is dedicated to serving the managed network; parsing, by the security decision point device, the message to identify observable indicators of one or more of the security threats, wherein the observable indicators include at least one of a network address, a hyperlink, or a representation of an attached file; remotely querying, by the security decision point device, a security threat database for the observable indicators; receiving, by the security decision point device and from the security threat database, an indication that the observable indicators are not associated with any security threats; and transmitting, by the security decision point device and to a security enforcement point device disposed within the managed network, a command to update a security policy applied to future messages received at the security enforcement point device and that have the observable indicators, such that the future messages having the observable indicators are classified as spam and not forwarded to the security decision point application. 12. The method of claim 11 , wherein the message is an email message containing the network address and the hyperlink, wherein the network address is contained within a header of the email message and is an Internet Protocol (IP) address from which the email message was sent, and wherein the hyperlink is a uniform resource locator (URL) contained within a body of the email message. 13. The method of claim 11 , wherein the message is an email message containing the network address and the hyperlink, wherein the network address is contained within a header of the email message and is a source email address, and wherein the hyperlink is a uniform resource locator (URL) contained within a body of the email message. 14. The method of claim 11 , comprising: receiving, at the security decision point device, a second message by way of the managed network; parsing, by the security decision point device, the second message to identify second observable indicators of one or more of the security threats, wherein the second observable indicators include at least one of a second network address, a second hyperlink, or a second representation of a second attached file; remotely querying, by the security decision point device, the security threat database for the second observable indicators; receiving, by the security decision point device and from the se