Email Security Blog

Agari Fall ‘ 20 Release Boosts CISO Confidence in Enterprise DMARC deployment

Michael Paiko September 29, 2020 DMARC

With cyber gangs leveraging business email compromise (BEC) attacks that actively exploit their targets’ level of DMARC adoption, CISOs have been ratcheting up email security.

Until now, the need to dial up defenses against imposters posing as senior executives in email attacks has been increasingly forcing legitimate business correspondence into quarantine. The chain reaction kneecaps commerce, sparks anxiety among business partners over blocked emails, and buries security analysts in false positives.

With the Fall ’20 release, Agari enables organizations to solve longtime challenges that have grown exponentially worse in today’s blistering email threat landscape: understanding the risks associated with their own domains, and the ability to customize risk scoring in real time.

This new code release changes all that by empowering Agari customers to locally tailor email risk immediately to ensure attacks get blocked and business-critical email gets delivered. And it couldn’t arrive at a better moment.

Phishing and BEC: Email Quarantine in the Age of COVID

According to the FBI, successful phishing, business email compromise (BEC) scams, and other advanced email threats have resulted in more than $700 million in business losses each month since 2016.

But the COVID pandemic and subsequent work-from-home mandates have seen email threat actors ramping up their attacks using ingenious new techniques. From March through June, we documented a 3,000% increase in email attacks specifically designed to exploit the coronavirus pandemic through impersonations of trusted individuals or businesses.

More troubling: The Agari Cyber-Intelligence Division (ACID) was the first to uncover the rise of sophisticated BEC scams run by Eastern European crime lords. This includes the group we’ve dubbed Cosmic Lynx, which factors a company’s use of Domain-based Message Authentication, Reporting, and Conformance (DMARC), or lack thereof, into its plans to impersonate corporate executives in email schemes that can rake in millions.

It doesn’t help that 80% of the Fortune 500 haven’t yet fully implemented this standard email authentication protocol, which prevents cybercriminals from hijacking their domains for use in email-based impersonation attacks targeting their employees, customers, partners, and the public at large.

Even organizations that have properly deployed DMARC can face challenges—including far too many internal emails not reaching employees.. Until now.

Inbound DMARC and More: Letting the Right Ones In

Our Fall 2020 Release includes Inbound DMARC visibility, a new enhancement to Agari Brand Protection™ that provides CISO organizations with enhanced visibility and confidence that must-see emails sent from their own domains to internal addresses—including those distributed by third-party email partners—are delivered to employee inboxes.

Agari Phishing Defense™ now comes with new scoring adjustment features, which empower customers to locally tailor email risk scoring immediately, reducing false positives—and making phishing defense more effective, while helping to ensure business-critical messages aren’t trapped in transit.

Meanwhile, Agari customers can use new Agari Phishing Response™ capabilities to tag investigations with custom-defined attack classifications. By customizing attacks to their own specific threat taxonomy, customers can deliver more transparency to their organization, faster. Not only is phishing simulation training enhanced through a consistent nomenclature, but incident response grows more efficient.

Plus, Agari Active Defense™ provides CISO teams with new global insights and analysis of BEC attacks that adds critical context to the specific threats targeting their organizations.

Truth or Consequences: Facing Down Rapidly-Evolving Threats

Put together, our latest enhancements provide Agari customers with more knowledge and detailed insights into the specific challenges their organizations face, and the flexibility they need to conquer them.

I’m obviously biased, but I think this is powerful stuff. Especially when you factor in the rising costs associated with successful email attacks. I’ve already mentioned the direct financial losses. But email impersonations are also implicated in 7 of 10 corporate data breaches.

According to Ponemon Institute’s 2020 Cost of a Data Breach Report, the costs associated with a breach now average $8.6 million per incident—and that’s before factoring in fines like those mandated under GDPR or the new California Consumer Privacy Act (CCPA).

Spoiler alert: They’re astronomical. But Agari has you covered. With enhanced visibility and control, our Fall 2020 Release gives CISO teams customizable solutions designed to help them meet their unique company and industry requirements, as well as rising compliance needs.

That includes powerful new Inbound DMARC visibility, and the ability to stop phishing and BEC threats faster, protect employees better, and conduct business with more confidence—at a time when employees are more reliant than ever on email.

To learn more about the Fall 2020 Release:

Read the official announcement
Watch the Fall 2020 Release Webinar for Customers and Partners
Try a Self-Service Demo Experience for:

Leave a Reply

Your email will not be published. All fields are required.

man working at computer

October 9, 2020 Zohar Gillai

DMARC Setup Guide: How to Add DMARC Step by Step

We'll explain how to configure DMARC for your company's email, including what you'll need and…

Agari Blog Image

September 15, 2020 Armen Najarian

Why Full DMARC Protection is a Pressing Business Imperative in 2020 and Beyond

If you haven't deployed Domain-based Messaging Authentication, Reporting, and Conformance (DMARC) to protect your brand…

Person using Google AMP for Email

September 3, 2020 Michael Cichon

Implement DMARC for Trust Before Google AMP for Email

With marketers more dependent on digital channels, many may accelerate their tests of Google's AMP…

Happy african man working on DMARC

August 17, 2020 Armen Najarian

DMARC Adoption Slows, 80% of Fortune 500 Email Senders Remain Unauthenticated

The first half of 2020 saw 25 additional Fortune 500 companies adopt Domain-based Messaging, Reporting…

Agari Blog Image

July 23, 2020 Michael Paiko

DMARC: How Phishing Rings Can Use Your Email Authentication Controls Against You

In the first reported case of its kind, a phishing ring in Eastern Europe is…

mobile image