Through the power of predictive AI and advanced machine learning, the Secure Email Cloud Architecture fundamentally transforms email security from event-based inspection of incoming messages on receipt to continuous detection and response for new and latent threats in all inboxes. In actual deployments, this unique technology approach, combined with real-time cloud delivery, detects rapidly evolving advanced attacks—including those that are highly-personalized and from time-to-time use custom variants of malware, viruses, Trojans, and worms.
A New Kind of Security System
In a similar fashion to commercial-grade AI solutions in other industries, the high-performance Agari Identity Graph™ at the center of Secure Email Cloud Architecture maps trust and authenticity of relationships and behavioral patterns between individuals, brands, businesses, services, and domains using hundreds of characteristics that define trusted communications.
The novelty in this approach is that the Agari solution functions in near the exact opposite fashion as legacy systems designed to detect known signatures of malicious email or that operate using static lists of trusted senders or domains. Unlike these static legacy approaches, the Agari Identity Graph dynamically models and scores good email and sending behavior to the level of around 300 million model updates each day.
Then, based on mathematical divergence in the scoring from known good patterns buried deep in the communication, the Secure Email Cloud Architecture applies human-like intelligence and decision making based on tailorable policies to detect and respond to malicious messages. At the same time, it analyzes each email at a depth and scale way beyond the capability of any human or other machine-based approaches.
This is possible not just because of AI tools or expertise alone, but also because of the scale and quality of the underlying labeled data set. Around 2 trillion emails are analyzed annually across a highly diverse set of industries and geographies.
The vast majority of these messages turn out to be legitimate. These good messages reach their intended recipients without delay, and continuously enable automated learning. Messages that reach a threshold of divergence are first blocked from reaching the inbox, then labeled along with indicators of compromise via automated workflows from a global network of analysts. This always-on semiautomated machine learning takes place around the clock—24/7/365.
Prevent Zero-Day Attacks Every Day
It is this combination of a human-labeled big data, semi-automated learning algorithms, and real-time cloud-based delivery that makes solutions based on the Secure Email Cloud Architecture smarter and more reliable with each email analyzed. This dynamic approach to email security outsmarts fraudsters even as they change behavior—moving from domain to domain, jettisoning blocked accounts, reformulating email messages, switching out display name strategies, recompiling malware, and more.
It is also an approach that can’t readily be faked or spoofed because a fraudster typically doesn’t have a trusted pattern of communications with those they are intent on attacking. Even in scenarios where accounts have been compromised, behavioral anomalies can be detected. And once organizations adopt the Agari solution, there are simply easier targets in organizations that use less-effective alternatives. By blocking malicious messages and becoming a hardened target, attackers tend to turn their attention toward easier prey
The engine of a system designed to defend against sophisticated identity deception attacks requires advanced machine learning techniques, Internet-scale email telemetry, and real-time data pipelines that make it possible to individualize email protection using the kind of deeper, more relevant intelligence an organization needs in order to detect imposters.
As it becomes increasingly pointless to monitor an ever-expanding attack surface for phishing links or malware in search of “the bad,” it only makes sense that the next-generation solution seeks to characterize normative, legitimate behaviors that define the “good” in each email communication.
Based on those data-driven models, the Agari Identity Graph derives insights and intelligence to model good behavior and block everything else. As the ecosystem of customers grows, there is a network effect that improves the models and delivers higher levels of efficacy to stop more complex and zero-day attacks.
The Three Factors of Identity
With the behavioral baseline established, anomalies that signal fraud immediately reveal themselves, enabling businesses to focus interdiction based on identity instead of the obvious, overt attack methods. The three factors assessed by the Agari Identity Graph include a continuous cycle of three phases:
Identity Mapping: In this phase, deep data and predictive AI algorithms are used to model relationships and behaviors between individuals, organizations, and infrastructures in order to answer the question, “Does this message match the expected behavior for that identity?” Individual email messages are analyzed to determine the perceived identity and map it to a corresponding behavioral model.
Behavioral Analytics: This phase answers the question, “Does this message match the expected behavior for that identity?” The features of a message are analyzed within the context of a behavioral signature for that detected sender identity in order to determine whether it reflects anomalous behavior.
Trust Modeling: This phase answers the question, “How is the perceived sender identity related to the recipient?” The closer the relationship, the less tolerance for anomalous behavior, since there is greater potential damage stemming from an attack.
Each of these phases is predicated on leveraging a variety of algorithms and machine learning models to come up with accurate answers to their corresponding questions. The resulting identity intelligence is then combined to assign an overall risk score for an email message. The final score represents the probability that the message can be used to make fast and accurate policy-based action.
The Agari Identity Graph is unlike any technology behind a secure email gateway because of its AI-driven defense system, which recognizes and blocks identity deception tactics including business email compromise and spear phishing. This approach means that targeted email attacks never reach the inbox, providing a level of protection unparalleled by any other email security system on the market.
In real-world deployments, the Secure Email Cloud Architecture has been shown to have high efficacy in protecting against advanced email attacks. In fact, around two-thirds of organizations find that combining it with native email security embedded in platforms such as Office 365 not only provides better security, but also reduces capital equipment costs and operational overhead—often to a fraction of the price.
To understand more about how the Secure Email Cloud Architecture protects against threats that target employees, partners, and customers and helps remediate threats that bypass all defenses or activate post-delivery, let’s explore the entire suite of products.
Reporting of newly discovered threats along with the indicators of compromise from the Agari SOC Network, analysts can pinpoint latent threats in the inbox that evaded prior detection and automatically remove those malicious email messages from the inbox.
The Secure Email Cloud Architecture makes Agari solutions easy to deploy and manage, with most organizations seeing rapid time to benefit, often in as little thirty days. To help, the Agari team provides guidance and support through every step of the process from onboarding to deployment to ensure quick and efficient return on investment.
Better Together: Office 365 + Agari
With the legacy secure email gateway capabilities now present in Microsoft Office 365 and other cloud-based platforms, as well as the new security features available with the Secure Email Cloud Architecture, this combination is all organizations need to ensure that employees and consumers alike can open, click, and trust everything in their inbox.
The Secure Email Cloud Architecture supports all the capabilities needed for any modern organization to fight cybercrime, including email authentication to prevent spoofing, context inspection to stop zero-day attacks, URL and attachment analysis to stop known attacks, and automated post-delivery remediation to quickly remove malicious emails that get through initial controls. That is the reason why leading organizations across the globe use Agari to protect their inboxes.
After all, email and the threats against it are changing fast. Agari is here to ensure that email security does the same.