At a Glance

Agari Advanced Threat Protection stops 99.9% of all advanced email threats.


  • Stop business email compromise from tricking unsuspecting employees and partners.
  • Prevent impersonation of your CEO and other high-profile executives.
  • Detect account takeovers before they result in financial or information loss.
  • Block zero-day attacks from becoming a serious problem for your organization.

The Agari Advantage

  • The Agari Identity Graph™ uses predictive artificial intelligence to model trustworthy communications, based on 300+ million daily updates.
  • Best-in-class BEC protectioncombines Rapid DMARC, advanced display name protection, and look-alike domain detection to stop attacks.
  • Partner fraud preventionmodels supply chain partners, auto-generating and continuously updating policies to prevent trusted partner fraud.
  • Account takeover ID models ATO threat behavior to block attacks originating from compromised email accounts.
  • Intelligent content inspection integrates signature-less, URL, and file analysis to detect malicious content that evades SEGs and other legacy systems.
  • Email forensics and enforcementprovides customizable policies to enforce actions or report malicious activity to security operations teams.
  • Insider impersonation protection simultaneously scans outgoing and internal employee-to-employee traffic to stop threats originating from inside the organization.

New and emerging email threats employ identity deception to easily bypass existing security controls such as secure email gateways, sandbox environments, URL rewriting processes, and imposter classifiers. These technologies are predicated on a failed security paradigm of attempting to model known bad signals, whether by volume, sender identity, or content.

Anatomy of a Business Email Compromise Attack

Attackers know they can easily evade these protections by impersonating trusted individuals, partners, or brands while avoiding the use of malicious content. This is why Agari Advanced Threat Protection takes a different approach—modeling the email-sending behavior of all legitimate senders across the Internet. By combining advanced machine learning techniques, Internet-scale telemetry, and real-time data pipelines, this method allows only email from your organization’s unique set of trusted customers, partners, and employees to be received. With Agari, you escape the legacy approaches that simply can’t react fast enough to stop the newest types of attacks.

Detecting Deception With Machine Learning

Agari Advanced Threat Protection, powered by the Agari Identity Graph™, leverages three phases of machine learning modeling:

Determines which identities the recipient perceives is sending the message.

Based on the perceived identity analyzes the expected sending behavior for anomalies relative to that identity.

Measures relationships to determine expected sending behavior; highly engaged relationships (such as between coworkers) have tighter behavioral anomaly thresholds since they have higher overall risk if spoofed.

By incorporating each phase, the final Identity Graph score determines whether the message should be accepted. Those that are accepted are delivered to the inbox, while malicious emails are filtered out.

Remove Latent Threats, Even After Delivery

Agari Continuous Detection and Response technology brings together Agari Advanced Threat Protection and Agari Incident Response to automatically remove latent email threats and provide visibility into the attack blast radius. The technology takes threat intelligence sourced from the world’s top SOC teams, the Agari Cyber Intelligence Division (ACID), and best-of-breed threat intelligence feeds to search for indicators of compromise (IOCs) in employee inboxes and then remove them in order to prevent or mitigate data breaches.

Simultaneously Scan Incoming, Outgoing, and Internal Employee-to-Employee Traffic

Agari Advanced Threat Protection deploys as a lightweight sensor via the cloud or on-premise.

  1. Sensor receives a copy of all incoming, outgoing and internal messages within your email environment.
  2. Leveraging the Agari Identity Graph, Agari Advanced Threat Protection scans and determines if the message is untrusted.
  3. Pre-configured policies immediately block or redirect the message for further incident investigation.

Learn more about Agari Advanced Threat Protection.


Mail Letter

Would you like the confidence to trust your inbox?