New and emerging email threats employ identity deception to easily bypass existing security controls such as secure email gateways, sandbox environments, URL rewriting processes, and imposter classifiers. These technologies are predicated on a failed security paradigm of attempting to model known bad signals, whether by volume, sender identity, or content.
Anatomy of a Business Email Compromise Attack
Attackers know they can easily evade these protections by impersonating trusted individuals, partners, or brands while avoiding the use of malicious content. This is why Agari Phishing Defense takes a different approach—modeling the email-sending behavior of all legitimate senders. By combining advanced machine learning techniques, Internet-scale telemetry, and real-time data pipelines, this method allows only email from your organization’s unique set of trusted customers, partners, and employees to be received. With Agari, you escape the legacy approaches that simply can’t react fast enough to stop the newest types of attacks.
Detecting Deception With Machine Learning
Agari Phishing Defense, powered by the Agari Identity Graph, leverages three phases of machine learning modeling:
Determines which identities the recipient perceives is sending the message.
Based on the perceived identity analyzes the expected sending behavior for anomalies relative to that identity.
Measures relationships to determine expected sending behavior; highly engaged relationships (such as between coworkers) have tighter behavioral anomaly thresholds since they have higher overall risk if spoofed.
By incorporating each phase, the final Identity Graph score determines whether the message should be accepted. Those that are accepted are delivered to the inbox, while malicious emails are filtered out.
Remove Latent Threats, Even After Delivery
Agari Continuous Detection and Response technology brings together Agari Phishing Defense and Agari Phishing Response to automatically remove latent email threats and provide visibility into the attack blast radius. The technology takes threat intelligence sourced from the world’s top SOC teams, the Agari Cyber Intelligence Division (ACID), and best-of-breed threat intelligence feeds to search for indicators of compromise (IOCs) in employee inboxes and then remove them in order to prevent or mitigate data breaches.
Simultaneously Scan Incoming, Outgoing, and Internal Employee-to-Employee Traffic
Agari Phishing Defense deploys as a lightweight sensor via the cloud or on-premise.
- Sensor receives a copy of all incoming, outgoing and internal messages within your email environment.
- Leveraging the Agari Identity Graph, Agari Phishing Defense scans and determines if the message is untrusted.
- Pre-configured policies immediately block or redirect the message for further incident investigation.