Email Security Blog

Identity is the New Perimeter. Do You Trust It?

Armen Najarian June 21, 2018 Brand Protection, Online Brand Protection

The announcement that Agari has secured a $40 million growth capital round is all about trust. Our investors, led by Goldman Sachs, trust that Agari has established itself as the clear leader at preventing identity deception attacks. As a CMO, I understand that nothing is more vital to a company’s brand than the trust we place in it, yet identity deception makes it trivial for impersonation attacks to erode that trust.

The traditional (and now decades old) security model was to build a network perimeter with a corporate firewall, intrusion detection/prevention systems, and many layers of “defense-in-depth.” But with the rise of cloud computing, mobile apps, a distributed workforce, and bring-your-own-device, that ship has long since sailed.

Today the network perimeter extends to every user and every possible location – and email remains the killer app. Just think about how often you check your email: as soon as you wake up, before you go to sleep, every time you need to reset a password, and so on and so forth. Email truly represents the key to the kingdom – and an email compromise could compromise your very identity. Agari customers trust that we will keep this deeply personal channel secure for them.

Unfortunately, humans are a much softer target for cybercriminals than a firewall. Attackers can trick humans to work against their own best interests with social engineering, with a dash of trust and a sprinkle of context. And the barrier to entry is low: it’s trivial for a cybercriminal to set up a free webmail account and send an email impersonating a trusted contact to phish credentials, install malware or even wire money.

Unfortunately, email is even older than the decades old and now defunct network security model designed to protect the enterprise. And despite more recent efforts to authenticate email, the vast majority remains vulnerable to spoofing. As long as criminals are capable of impersonating anyone else on the internet, our identity is not safe.

Identity Perimeter

Email is complex and messy, so it is unlikely we could ever truly “solve” all of its security gaps, which is why secure email gateways are failing to prevent identity deception. Today, the primary email security model is to allow messages by default unless you detect something malicious like malware, but cybercriminals have adapted by no longer sending malware.

The newest attack trends include business email compromise, which spoofs invoices to finance teams, at the cost of billions of dollars per year. Even more pernicious, account takeover attacks leverage compromised email accounts as a foothold to launch further and more damaging attacks, such as man-in-the-middle escrow schemes.

At Agari, we stop business email compromise and account takeover by modeling trusted email behavior and the trusted relationships you have with other senders at the individual, group and organizational levels. By understanding the trusted relationships and authentic identity of email senders – “modeling the good” as we describe it — we can ensure that only trusted email is entering employee inboxes.

On the other side of the coin, as I mentioned, is the importance of trust for brands. It is elementary for cybercriminals to spoof and impersonate that largest brands in the world, so it is likewise imperative to take steps to prevent it. After all, if you have taken the steps to protect yourself, it makes sense to take the time to protect your good name, in order to prevent it from being used in email fraud.

Email is powerful because it is a ubiquitous communication channel, but if our brand is used to launch phishing attacks, the trust our customers place in our brand is undermined. A great brand reputation across all communication channels is critically important to me as a marketer because the efficacy of email marketing is linked to the credibility of my brand.

When users get phishing emails claiming to be from my brand it erodes their trust and undermines my business. Consequently, when organizations eliminate phishing emails, they obtain higher email click through rates, reduce customer support costs and achieve cybersecurity cost reduction.

One such initiative to eliminate phishing emails is DMARC, which authenticates the sender of an email to prevent domain name spoofing. Agari has been a champion of DMARC for many years, having worked closely in the creation of the standard, and boasting the most DMARC deployments of any vendor.

As organizations embrace digital transformation, it is clear that decades old security models will no longer protect them. And as identity emerges as the key to authentication and authorization it is clear that preventing identity deception is of the utmost importance. Today, with a $40M Series E investment led by Goldman Sachs, Agari emerges as the clear leader, the only cloud delivered predictive AI solution to prevent advanced email attacks that leverage identity deception. We are encouraged by the trust our investors have placed in Agari, as we continue to build models of trust into Agari Identity Intelligence to deliver the greatest value to our customers and partners.

Agari Blog Image

April 27, 2022 Monica Delyani

5 Big Myths about DMARC, Debunked

With email attacks contributing to billions of lost dollars each year, a growing number of…

Computer Showing Secure Email Server

March 9, 2022 John Wilson

Securing Your Email with DMARC

Understanding the What, How, and Why of DMARC You probably already know this, but it…

Agari Blog Image

March 4, 2022 Jessica Ellis

Top Social Media Threats Targeting the Retail Industry

Social media threats targeting enterprises more than doubled last year. Attacks on the retail industry specifically…

Laptop with multiple paddle locks with key holes

January 24, 2022 John Wilson

2022 Data Privacy Week – Education and Inspiration

As the world becomes more and more dependent on online resources to complete daily tasks,…

Woman-shopping on cell phone

November 30, 2021 Mike Jones

It’s the Most Wonderful Time of the Year… for Cybercriminals

The holiday season is upon us, which means it’s also the busiest time of the…

mobile image