In a further expansion of the Agari Trust Network’s data exchange program, Agari and Palo Alto Networks have partnered to exchange email-based threat data. The idea is simple, but incredibly powerful.
1) Time to detection accelerated
Agari detects potential email-based malware in near real-time. This leads to faster detection of email-based malware than previously possible by any security solution. In two separate studies conducted at a major global and a major national bank, Agari has detected suspicious emails with potential malware first, 90% of the time. This is important for several reasons. The first reason is obvious: the faster an attack is detected, the more limited the damage, and the sooner the remediation can begin. The second reason has an even larger potential impact: Agari is able to detect attacks during the criminals’ testing period, before the actual attack occurs, protecting the victim from any damage. The ability to detect even a small amount of “beta” tests by criminals is relatively unique, and blocking an attack before it scales to millions of emails is highly effective.
2) Data footprint is unique, and therefore expands the ability to detect new attack vectors
Agari’s approach to email security is unique. Most email security approaches are based on knowing a sender’s reputation or decomposing lines of code in the attachments/sites that the email links to in order to look for malicious intent. Agari, by contrast, looks to validate the sender of an email. The concept is, “If I know who is sending the email, I can make a reasonable judgment on how safe this email is.” If the sender fails validation, the email is considered suspect. This results in some false positives, which through a variety of techniques Agari has been able to reduce to sub-1% levels. The resulting data Agari analyzes is vastly different than the data traditional security companies are able to access. It therefore leads to new, low-overlapping sets of data and expands our partners’ visibility into email-based malware.
How do Agari’s clients benefit? By exchanging email-based threat data, Agari is able to receive a judgment on the suspicious emails and allows us to classify the emails and any links embedded in the suspicious email for our clients. We already do so with data from numerous partners including Cisco, IID, several malware companies, and now Palo Alto Networks. These judgments can help our clients determine the urgency of propagating the embedded URLs to protect their clients and employees. Collaborating with a broader set of partners accelerates the speed, accuracy, and propagation of data on email-based attacks, thereby leading to higher detection and remediation rates.
The Agari/Palo Alto Networks agreement is another compelling example of Agari’s effort to build a broad coalition to combat email-based attacks. We are excited to have a company with the market presence and reputation Palo Alto Networks commands, and look forward to working with them to advance the fight against email, brand, and domain abuse.
About the Agari Trust Network TM
Agari Trust Network is a coalition of Email Solution Providers, Consumer Email Services, Security Companies, Brand Protection Companies, and Domain Management Providers united with the goal of reducing phishing and email-based malware attacks. Members include market leaders such as Google, Yahoo!, AOL, Microsoft, MarkMonitor, Neustar, Cisco, Epsilon, SilverPop, Experian, Palo Alto Networks. Cybercriminals collaborate, so should the good guys.TM
Contact AgariTrustNetwork@agari.com for more information.