Malicious emails that use identity deception continue to bypass the legacy SEG and the native controls of Office 365 because they are notoriously difficult to detect. Consisting of only a few words, emails reach the targeted end user because there is no malicious content to identify. Those security systems looking for previously recognized signatures of malicious content can find nothing wrong with the email.
Once the email passes through security to the inbox, the scam becomes easy to perpetuate. Cybercriminals count on the human emotions of fear, curiosity, and anxiety to convince the recipient to reply. Once engaged in a conversation, the scammer simply needs to ask for a wire transfer, gift card purchase, or payroll diversion to complete their scam.
A way to prevent these attacks from reaching the inbox comes from understanding the perceived identity of the sender and the relationship between sender and recipient. To understand identities and relationships between senders, machine learning models identity graph relationships and behavioral patterns between individuals, businesses, services, and domains using hundreds of different characteristics at a global scale.
Using these machine learning models, automation, and expert human decision-making informed by massive sets of labeled data, the technology can score each message for convergence or divergence from historic patterns. In this way, the analysis identifies emails as conforming to normal “good” patterns and is thus a legitimate email. Those that diverge beyond a given threshold from established patterns are then potentially malicious or “bad”—no matter whether they contain malicious attachments or something as simple as five words. Instead of looking for the proverbial needle in a haystack, this innovative approach removes the hay to reveal the needle. It models the good to detect the bad.
This new approach gets more effective with every email analyzed. As a result, it effectively transitions the email security paradigm from one that was designed to address isolated events to one that continuously protects the organization against evolving email threats, as quickly as they emerge. And because this technology is always on, it becomes possible to continuously rescore messages and remove those that evaded initial detection from inboxes.
So while Microsoft Office 365 stops the vast majority of the most common types of attacks, Agari provides the defense needed to stop the most dangerous and sophisticated attacks. With this combination of the Secure Email Cloud and Microsoft Office 365, email attacks are stopped with 99.9% efficacy—enabling users to trust their inbox and SOC teams to quickly and efficiently identify and respond to emerging threats.