The secure email gateway (SEG) worked for decades, no doubt. It was truly the first line of defense against email-based threats that took advantage of people and technology to enable fraud. Those of us who have dedicated our lives to improving this industry are grateful for the work of companies like Symantec and Proofpoint, which have spent years protecting people and organizations from viruses and malware spread through malicious links and attachments.
Those solutions, though, no longer work against the new identity-based threats that dominate the email threat ecosystem today. Email and the threats against it are changing faster than ever before. To keep up, email security must do the same.
Legacy email security defenses worked for a number of years, but cybercriminals have since learned how to evade the systems that organizations put in place to protect against them. They have changed tactics, using new types of emails to con their victims out of millions. They no longer focus on spreading malware and viruses but instead use identity deception to trick their targets. In fact, the FBI estimates that 20,000 victims lost as much as $1.3 billion from business email compromise last year alone. And that’s just in the United States.
Attackers exploit security gaps in the underlying email protocols or the user interface constraints of email clients. As a result, they are able to send email messages that leverage the identity markers of trusted people and use deception techniques informed by social engineering to manipulate recipients into taking the desired action. These messages hide in plain sight, easily bypassing legacy security systems undetected, and use personal and professional context to defraud businesses and individuals.
Criminals scour websites like LinkedIn to determine relationships between people to make an email appear believable. The last barrier they encounter is figuring out ways to bypass the email security defenses, to score big. After all, once the email has been delivered, they can easily prey on human emotions to trick the recipient into wiring money or divulging sensitive information. As a result, email security protocols must be hardened to this type of attack.
At the same time that cybercriminals are evolving their tactics, businesses are shedding on-premises infrastructure, moving en masse to cloud-based platforms such as Microsoft Office 365 or G Suite. These platforms provide native support for anti-spam, virus and malware blocking, email archiving, content filtering, and even sandboxing—a natural evolution as new technologies are developed in a better way than the preceding technologies. In the case of email, this means integrating services into the base platform that in the past were bolted on.
Designed to assess incoming emails by analyzing content and infrastructure reputation, these platform-native controls are proving essential to ferreting out spam, malicious URLs and malware, certain keywords, or a high volume of attacks from a single IP address. That said, they lack when it comes to protecting against the advanced email threats that use identity deception techniques. Clearly, a better solution—one designed for the cloud—is needed.
This move to cloud-based email and the onslaught of zero-day attacks that successfully penetrate the inbox are shifting email security from signature-based inspection of email on receipt to continuous detection and response using machine learning to detect fraudulent emails and to hunt down latent threats that escaped initial detection or have activated post-delivery.
Enter the Secure Email Cloud. Through the power of predictive AI and advanced machine learning, the Secure Email Cloud fundamentally transforms email security from event-based inspection of incoming messages on receipt to continuous detection and response for new and latent threats in all inboxes. In actual deployments, this unique technology approach, combined with real-time cloud delivery, performs with high efficacy in detecting rapidly evolving advanced attacks—including those that are highly-personalized and from time-to-time use custom variants of malware, viruses, Trojans, and worms.
In a similar fashion to commercial-grade AI solutions in other industries, the high-performance Agari Identity Graph at the center of Secure Email Cloud maps trust and authenticity of relationships and behavioral patterns between individuals, brands, businesses, services, and domains using hundreds of characteristics that define trusted communications.
The novelty in this approach is that the Agari solution functions in near the exact opposite fashion as legacy systems designed to detect known signatures of malicious email or that operate using static lists of trusted senders or domains. Unlike these static legacy approaches, the Agari Identity Graph dynamically models and scores good email and sending behavior to the level of around 300 million model updates each day.
A combination of a human-labeled big data, semi-automated learning algorithms, and real-time cloud-based delivery makes the Secure Email Cloud smarter and more reliable with each email analyzed. This dynamic approach to email security outsmarts fraudsters even as they change behavior—moving from domain to domain, jettisoning blocked accounts, reformulating email messages, switching out display name strategies, recompiling malware, and more.
It is also an approach that can’t readily be faked or spoofed because a fraudster typically doesn’t have a trusted pattern of communications with those they are intent on attacking. Even in scenarios where accounts have been compromised, behavioral anomalies can be detected. And once organizations adopt the Agari solution, there are simply easier targets in organizations that use less-effective alternatives. By using the Secure Email Cloud to become a hardened target, attackers tend to turn their attention toward easier prey.
Learn more about the changing email security landscape and how Agari is prepared to protect against new threats in our exclusive white paper.