While new business communication and collaboration tools emerge every day, email remains the most popular method of communication. However, the ubiquity of email, along with well-known limitations in its technology underpinnings, make it the leading attack vector for cybercriminals.
Traditional approaches to corporate email security focus largely on inspecting message content and assessing the reputation of a message’s infrastructure of origin. These techniques have become ineffective in recent years as attacks have grown more targeted in nature and increasingly blend in with legitimate email traffic delivered from trusted, mainstream email platforms.
Criminals have evolved the techniques they use for email-based attacks from content deception to identity deception. They use the identity markers of trusted individuals and brands to convince victims to take an action such as wiring money or disclosing sensitive information. The current generation of email security solutions is not able to detect these attacks, resulting in a significant rise in financial and data loss over the last few years.
Criminals have evolved the techniques they use for email-based attacks from content deception to identity deception. They use the identity markers of trusted individuals and brands to convince victims to take actions such as wiring money or disclosing sensitive information. The current generation of email security solutions is not able to detect these attacks, resulting in a significant rise in financial and data loss over the last few years.
The best way to protect your organization from the latest generation of targeted email attacks is to deploy a protection model that focuses less on email content and infrastructure reputation and more on people, relationships, and predictable human and system behavior.
The Agari Identity Graph™ achieves this by combining Internet-scale data telemetry with advanced artificial intelligence and machine learning techniques to model email senders’ and recipients’ identity characteristics, expected behavior, and personal, organizational, and industry-level relationships.
By modeling the good and reacting to anomalies rather than simply trying to detect the bad, the Agari Identity Graph can protect your IT environment from both known and unknown security threats— reducing the risk that an email-based attack will negatively affect your business.
Generation 1 — 2000-2010
The traditional approach to email security was driven by the type of attack of the early 2000s—spam, scattershot credential phishing, and broad-based virus and worm attacks. The attacks had wide distribution, were launched from botnets and compromised servers, and had content signatures that were distinct from legitimate email. The primary secure email gateway (SEG) vendors built Generation 1 solutions using models based on content analysis and infrastructure reputation to detect these attacks and were quite successful in blocking the vast majority of them.
Generation 2 — 2010-2015
In the timeframe of 2010-2015, we saw a significant increase in the sophistication of attackers. The attacks in the early 2010s became more targeted and often leveraged advanced polymorphic malware. These attacks evaded detection based on traditional content and anti-virus signatures. The result was the development of Generation 2 solutions leveraging the malware sandbox and more sophisticated dynamic analysis to address the sophisticated malware attack.
Next Generation — 2015-Present
In the last few years, we’ve seen a fundamental drop in efficacy of the previous two generations of detection, driven by the following trends:
The modern email attack primarily leverages identity deception. Specifically, the attacker sends a message that seems to come from a known identity—an individual or brand that is often trusted by the recipient. Leveraging security gaps in the underlying email protocols or user interface constraints of email clients, attackers are increasingly able to convince recipients to respond or take action based on the trust associated with the perceived identity of the sender. Identity deception attacks, including its variants that leverage social engineering and carry out business email compromise, have resulted in significant financial and data losses in the last few years.
As a result, the next generation of email security solutions has to take a fundamentally different approach than used by the previous two generations to detect the modern, sophisticated, identity- based attacks.