Agari Advanced Threat Protection stops 99.9% of all advanced email threats.
New and emerging email threats employ identity deception to easily bypass existing security controls such as secure email gateways, sandbox environments, URL rewriting processes, and imposter classifiers. These technologies are predicated on a failed security paradigm of attempting to model known bad signals, whether by volume, sender identity, or content.
Attackers know they can easily evade these protections by impersonating trusted individuals, partners, or brands while avoiding the use of malicious content. This is why Agari Advanced Threat Protection takes a different approach—modeling the email-sending behavior of all legitimate senders across the Internet. By combining advanced machine learning techniques, Internet-scale telemetry, and real-time data pipelines, this method allows only email from your organization’s unique set of trusted customers, partners, and employees to be received. With Agari, you escape the legacy approaches that simply can’t react fast enough to stop the newest types of attacks.
Agari Advanced Threat Protection, powered by the Agari Identity Graph™, leverages three phases of machine learning modeling:
Determines which identities the recipient perceives is sending the message.
Based on the perceived identity analyzes the expected sending behavior for anomalies relative to that identity.
Measures relationships to determine expected sending behavior; highly engaged relationships (such as between coworkers) have tighter behavioral anomaly thresholds since they have higher overall risk if spoofed.
By incorporating each phase, the final Identity Graph score determines whether the message should be accepted. Those that are accepted are delivered to the inbox, while malicious emails are filtered out.
Agari Continuous Detection and Response technology brings together Agari Advanced Threat Protection and Agari Incident Response to automatically remove latent email threats and provide visibility into the attack blast radius. The technology takes threat intelligence sourced from the world’s top SOC teams, the Agari Cyber Intelligence Division (ACID), and best-of-breed threat intelligence feeds to search for indicators of compromise (IOCs) in employee inboxes and then remove them in order to prevent or mitigate data breaches.
Agari Advanced Threat Protection deploys as a lightweight sensor via the cloud or on-premise.