While new business communication and collaboration tools emerge every day, email remains the most popular method of intra- and inter-company communication. However, the ubiquity of email, along with well-known limitations in its technology underpinnings, make it a leading attack vector for cybercriminals.
Traditional approaches to corporate email security focus largely on inspecting message content and assessing the reputation of a message’s infrastructure of origin. These techniques have become ineffective in recent years as attacks have grown more targeted in nature and increasingly blend in with legitimate email traffic delivered from trusted, mainstream email platforms.
In addition to their effectiveness at circumventing first-generation email defenses, email attacks that explicitly target senior executives or IT administrators have a much greater likelihood of causing financial and reputational damage with C-Suite or even boardroom-level ramifications.
Criminals have evolved the techniques they use for email-based attacks from content deception to identity deception. They use the identity markers of trusted individuals and brands to convince victims to take actions such as wiring money or disclosing sensitive information. The current generation of email security solutions is not able to detect these attacks, resulting in a significant rise in financial and data loss over the last few years.
The best way to protect your organization from the latest generation of targeted email attacks is to deploy a protection model that focuses less on just email content and infrastructure reputation and more on people, relationships, and predictable human and system behavior
The Agari Identity Graph™ achieves this by combining Internet-scale data telemetry with advanced artificial intelligence and machine learning techniques to model email senders’ and recipients’ identity characteristics, expected behavior, and personal, organizational, and industry-level relationships.
By modeling the good and reacting to anomalies rather than trying to detect the bad, the Agari Identity Graph™ can protect your IT environment from both known and unknown security threats, reducing the risk that an emailbased attack will negatively affect your business.
The traditional approach to email security was driven by the type of attack circa 2000-2005: spam, scattershot credential phishing, and broad-based virus and worm attacks. The attacks had wide distribution, were launched from botnets and compromised servers, and had content signatures that were distinct from legitimate email. The primary secure email gateway (SEG) vendors built Generation 1 solutions using models based on content analysis and infrastructure reputation to detect these attacks and were quite successful in blocking the vast majority of them.
In the timeframe of 2010-2015, we saw a significant increase in the sophistication of attackers. The attacks became more targeted and often leveraged advanced polymorphic malware. These attacks evaded detection based on traditional content and antivirus signatures. The result was the development of Generation 2 solutions leveraging the malware sandbox and more sophisticated dynamic analysis to address the sophisticated malware attack.
In the last few years, we’ve seen a fundamental drop in efficacy of the previous two generations of detection, driven by the following trends:
The modern email attack primarily leverages identity deception. Specifically, the attacker sends a message that seems to come from a known identity – an individual, organization, or brand that is often trusted by the recipient. Leveraging security gaps in the underlying email protocols or user interface constraints of email clients, attackers are increasingly able to convince recipients to respond or take action based on the trust associated with the perceived identity of the sender of an email. Identity deception attacks, including its variants that leverage social engineering and carry out business email compromise, have resulted in significant financial and data losses in the last few years.
The next generation of email security solutions has to take a fundamentally different approach than used by the previous two generations to detect the modern, sophisticated, identity-based attacks.