Email Security Blog

Agari Fall ‘ 20 Release Boosts CISO Confidence in Enterprise DMARC deployment

Michael Paiko September 29, 2020 DMARC

With cyber gangs leveraging business email compromise (BEC) attacks that actively exploit their targets’ level of DMARC adoption, CISOs have been ratcheting up email security.

Until now, the need to dial up defenses against imposters posing as senior executives in email attacks has been increasingly forcing legitimate business correspondence into quarantine. The chain reaction kneecaps commerce, sparks anxiety among business partners over blocked emails, and buries security analysts in false positives.

With the Fall ’20 release, Agari enables organizations to solve longtime challenges that have grown exponentially worse in today’s blistering email threat landscape: understanding the risks associated with their own domains, and the ability to customize risk scoring in real time.

This new code release changes all that by empowering Agari customers to locally tailor email risk immediately to ensure attacks get blocked and business-critical email gets delivered. And it couldn’t arrive at a better moment.

Phishing and BEC: Email Quarantine in the Age of COVID

According to the FBI, successful phishing, business email compromise (BEC) scams, and other advanced email threats have resulted in more than $700 million in business losses each month since 2016.

But the COVID pandemic and subsequent work-from-home mandates have seen email threat actors ramping up their attacks using ingenious new techniques. From March through June, we documented a 3,000% increase in email attacks specifically designed to exploit the coronavirus pandemic through impersonations of trusted individuals or businesses.

More troubling: The Agari Cyber-Intelligence Division (ACID) was the first to uncover the rise of sophisticated BEC scams run by Eastern European crime lords. This includes the group we’ve dubbed Cosmic Lynx, which factors a company’s use of Domain-based Message Authentication, Reporting, and Conformance (DMARC), or lack thereof, into its plans to impersonate corporate executives in email schemes that can rake in millions.

It doesn’t help that 80% of the Fortune 500 haven’t yet fully implemented this standard email authentication protocol, which prevents cybercriminals from hijacking their domains for use in email-based impersonation attacks targeting their employees, customers, partners, and the public at large.

Even organizations that have properly deployed DMARC can face challenges—including far too many internal emails not reaching employees.. Until now.

Inbound DMARC and More: Letting the Right Ones In

Our Fall 2020 Release includes Inbound DMARC visibility, a new enhancement to Agari Brand Protection™ that provides CISO organizations with enhanced visibility and confidence that must-see emails sent from their own domains to internal addresses—including those distributed by third-party email partners—are delivered to employee inboxes.

Agari Phishing Defense™ now comes with new scoring adjustment features, which empower customers to locally tailor email risk scoring immediately, reducing false positives—and making phishing defense more effective, while helping to ensure business-critical messages aren’t trapped in transit.

Meanwhile, Agari customers can use new Agari Phishing Response™ capabilities to tag investigations with custom-defined attack classifications. By customizing attacks to their own specific threat taxonomy, customers can deliver more transparency to their organization, faster. Not only is phishing simulation training enhanced through a consistent nomenclature, but incident response grows more efficient.

Plus, Agari Active Defense™ provides CISO teams with new global insights and analysis of BEC attacks that adds critical context to the specific threats targeting their organizations.

Truth or Consequences: Facing Down Rapidly-Evolving Threats

Put together, our latest enhancements provide Agari customers with more knowledge and detailed insights into the specific challenges their organizations face, and the flexibility they need to conquer them.

I’m obviously biased, but I think this is powerful stuff. Especially when you factor in the rising costs associated with successful email attacks. I’ve already mentioned the direct financial losses. But email impersonations are also implicated in 7 of 10 corporate data breaches.

According to Ponemon Institute’s 2020 Cost of a Data Breach Report, the costs associated with a breach now average $8.6 million per incident—and that’s before factoring in fines like those mandated under GDPR or the new California Consumer Privacy Act (CCPA).

Spoiler alert: They’re astronomical. But Agari has you covered. With enhanced visibility and control, our Fall 2020 Release gives CISO teams customizable solutions designed to help them meet their unique company and industry requirements, as well as rising compliance needs.

That includes powerful new Inbound DMARC visibility, and the ability to stop phishing and BEC threats faster, protect employees better, and conduct business with more confidence—at a time when employees are more reliant than ever on email.

To learn more about the Fall 2020 Release:

Read the official announcement
Watch the Fall 2020 Release Webinar for Customers and Partners
Try a Self-Service Demo Experience for:

Agari Blog Image

April 20, 2021 Autumn Tyr-Salvia

What is DMARC? Effects on Email Spoofing & Deliverability

Wondering how DMARC affects email? Here’s a comprehensive guide explaining what DMARC is, how it…

Agari Blog Image

February 11, 2021 Crane Hassold

Cosmic Lynx Returns in 2021 with Updated Tricks

In July 2020, we published a report on a Russian-based BEC group we called Cosmic…

Agari Blog Image

February 9, 2021 Michael Paiko

DMARC 101 (Part II) – DMARC Fills the Holes Left by SPF and DKIM

You can catch up on Part 1 here. As we discussed in part one of…

Agari Blog Image

February 3, 2021 Michael Paiko

DMARC 101 (Part I) – S/MIME, SPF, and DKIM

Why do you need DMARC to protect your email domains from being leveraged in phishing…

Agari Blog Image

December 18, 2020 Brent Sleeper

DMARC: 3 Best Practices for Capturing Next-Level Business Value

Implementing DMARC at its highest enforcement level is critically important to security and messaging operations.…

mobile image