Can you trust your inbox? Can your employees? Attackers have moved beyond sending malicious payloads to impersonating trusted senders in ways that are hard for even security-conscious people to detect—and easy for legacy email security tools to miss. These new attacks can steal funds and account credentials while also eroding trust in your organization.

Download this white paper to learn how Agari Identity Graph™ stops these social-engineering email attacks with:

  • Identity Mapping that examines identity markers and maps them to your company’s organizational identity;
  • Behavioral Analytics that uses multiple models to evaluate the expected email behavior of your employee, partner, and customer identities; and
  • Trust Modeling that clarifies the relationship between sending identities and recipients to secure your organization’s email channel.

Executive Summary
Modeling the Good to Detect the Bad

While new business communication and collaboration tools emerge every day, email remains the most popular method of communication. However, the ubiquity of email, along with well-known limitations in its technology underpinnings, make it the leading attack vector for cybercriminals.

Traditional approaches to corporate email security focus largely on inspecting message content and assessing the reputation of a message’s infrastructure of origin. These techniques have become ineffective in recent years as attacks have grown more targeted in nature and increasingly blend in with legitimate email traffic delivered from trusted, mainstream email platforms.

Criminals have evolved the techniques they use for email-based attacks from content deception to identity deception. They use the identity markers of trusted individuals and brands to convince victims to take an action such as wiring money or disclosing sensitive information. The current generation of email security solutions is not able to detect these attacks, resulting in a significant rise in financial and data loss over the last few years.

Criminals have evolved the techniques they use for email-based attacks from content deception to identity deception. They use the identity markers of trusted individuals and brands to convince victims to take actions such as wiring money or disclosing sensitive information. The current generation of email security solutions is not able to detect these attacks, resulting in a significant rise in financial and data loss over the last few years.

The best way to protect your organization from the latest generation of targeted email attacks is to deploy a protection model that focuses less on email content and infrastructure reputation and more on people, relationships, and predictable human and system behavior.

The Agari Identity Graph™ achieves this by combining Internet-scale data telemetry with advanced artificial intelligence and machine learning techniques to model email senders’ and recipients’ identity characteristics, expected behavior, and personal, organizational, and industry-level relationships.

By modeling the good and reacting to anomalies rather than simply trying to detect the bad, the Agari Identity Graph can protect your IT environment from both known and unknown security threats— reducing the risk that an email-based attack will negatively affect your business.

Criminals have evolved the techniques they use for email-based attacks from content deception to identity deception, making it easy to bypass secure email gateways and other legacy systems.

The Next Generation of Email Security
Moving Into a New Era

Generation 1 — 2000-2010
The traditional approach to email security was driven by the type of attack of the early 2000s—spam, scattershot credential phishing, and broad-based virus and worm attacks. The attacks had wide distribution, were launched from botnets and compromised servers, and had content signatures that were distinct from legitimate email. The primary secure email gateway (SEG) vendors built Generation 1 solutions using models based on content analysis and infrastructure reputation to detect these attacks and were quite successful in blocking the vast majority of them.

Generation 2 — 2010-2015
In the timeframe of 2010-2015, we saw a significant increase in the sophistication of attackers. The attacks in the early 2010s became more targeted and often leveraged advanced polymorphic malware. These attacks evaded detection based on traditional content and anti-virus signatures. The result was the development of Generation 2 solutions leveraging the malware sandbox and more sophisticated dynamic analysis to address the sophisticated malware attack.

Next Generation — 2015-Present
In the last few years, we’ve seen a fundamental drop in efficacy of the previous two generations of detection, driven by the following trends:

  • Criminal Cloud Adoption: Attackers are increasingly using legitimate cloud platforms and services, or even compromised accounts, to launch their attacks, making infrastructure reputation less useful. If attackers use Google or Microsoft infrastructure to launch attacks, a solution cannot simply blacklist these services, as they also send a large amount of legitimate email.
  • Targeted Attacks: The messages sent by attackers are increasingly hard to differentiate from legitimate business email. This is especially true for targeted attacks that are highly personalized, seem to come from trusted identities, have content that is almost identical to regular business email, and leverage social engineering, making traditional content analysis largely ineffective.
  • Sandbox-Aware Malware and “No Payload” Attacks: Finally, the latest malware families are increasingly becoming sandbox-aware, and many types of attacks do not leverage any type of active payload. This makes dynamic analysis significantly less effective for the modern attack.

The modern email attack primarily leverages identity deception. Specifically, the attacker sends a message that seems to come from a known identity—an individual or brand that is often trusted by the recipient. Leveraging security gaps in the underlying email protocols or user interface constraints of email clients, attackers are increasingly able to convince recipients to respond or take action based on the trust associated with the perceived identity of the sender. Identity deception attacks, including its variants that leverage social engineering and carry out business email compromise, have resulted in significant financial and data losses in the last few years.

 

As a result, the next generation of email security solutions has to take a fundamentally different approach than used by the previous two generations to detect the modern, sophisticated, identity- based attacks.

 

 

123
Mail Letter

Would you like the confidence to trust your inbox?