Agari Phishing Defense leverages the Agari Identity Graph, an advanced artificial intelligence and machine learning system that ingests data telemetry from more than two trillion emails per year to model email senders’ and recipients’ identity characteristics, behavioral norms, and personal, organizational, and industry-level relationships.
Agari incorporates machine learning algorithms to model ATO-based behavior in the Agari Identity Graph. For example, when a message is received, it is subjected to the phases of analysis and scoring discussed on the previous pages.
To support this modeling, Agari has leveraged the elasticity enabled by its cloud-native architecture to drive over 300 million daily model updates, allowing the system to maintain a real-time understanding of this type of email behavioral pattern.
Agari Phishing Defense is the first to model the four types of account takeover behavior: stranger email, employee webmail, trusted third, and insider business accounts.
The final Identity Graph Score of a message is a combination of the features and indicators of the three phases that determines whether the attack is indeed originating from a compromised account.
To support this modeling, Agari leverages the elasticity enabled by its cloud-native architecture to drive over 300 million daily model updates, allowing the system to maintain a real-time understanding of this type of email behavioral pattern.
Agari Phishing Defense is the only product on the market with the ability to model the four types of account takeover behavior—stranger, acquaintance/brand, trusted customer/partner/vendor, and executive or coworker.
Agari Phishing Defense deploys as a lightweight sensor either on-premises or in the cloud to integrate with the existing secure email gateway (SEG). Working as the last line of defense, Agari Phishing Defense receives all messages considered clean by the SEG and analyzes the messages for the existence of ATO threat signals.
Upon confirmation that the message is a malicious email, security operations teams can configure policies to immediately block or quarantine the message. Finally, email forensic information can also be extracted via email alerts or an API for further incident investigations—including assisting in recovering or taking down the compromised account.
The right strategy to protect against account takeover-based email attacks is at the email gateway. Existing security solutions should be evaluated to meet the following:
Given the effectiveness of account takeover-based email attacks and the lack of legacy protections, attackers will be highly motivated to increase their attack rate in the coming year. Organizations must place a higher priority on this threat and re-evaluate whether their existing controls can protect against this attack category—or risk becoming the next victim.