Organizations should demand more from their email security
In response to a more complex threat landscape, businesses should consider email security as a critical part of their defense-in-depth strategy, rather than defending the inbox alone with a traditional secure email gateway (SEG). . Organizations need more than a traditional gateway – which doubles, rather than replaces, the capabilities provided by the native security provider – and require an equally granular degree of analysis across all messaging, including inbound mail. , outgoing and lateral, as well as Teams messages.
Darktrace/Email is the industry’s most advanced cloud email security, powered by self-learning AI. It combines AI techniques to exceed the accuracy and effectiveness of leading security solutions, and is the only security designed to elevate, not duplicate, native email security.
With its largest update ever, Darktrace/Email introduces the following innovations, finally enabling security teams to look beyond secure email gateways with autonomous AI:
- Data loss prevention reinforced by AI to stop all threats linked to outgoing mail
- a simple way to quickly deploy DMARC with AI
- Major improvements to streamline SOC workflows and increase detection of sophisticated phishing links
- Expanding Darktrace’s Leading AI Prevention to Sidemail, Account Compromise, and Microsoft Teams
Data loss prevention
Block all outgoing email threats with advanced data loss prevention that leverages native email beacons to stop unknown, accidental, and malicious data loss.
Darktrace understands what’s normal at the level of individual users, groups, and organizations with proven AI that detects abnormal user behavior and dynamic content changes. With this understanding, Darktrace/Email processes outgoing emails to stop unknown, accidental, and malicious data loss.
Traditional DLP solutions only consider classified data, which relies on manually entering the labeling of each data element or creating rules to detect pattern matches that attempt to prevent data from certain types of leaving the organization. But in today’s world of constantly evolving data, regular expressions and fingerprint detection are no longer enough.
- Human error – Because it understands what is normal for each user, Darktrace/Email can recognize instances of misdirected emails. Even if data is correctly labeled or insensitive, Darktrace recognizes when the context in which it is sent could be a case of data loss and warns the user.
- Unclassified data – While traditional DLP solutions can only act on classified data, Darktrace analyzes the range of data that is awaiting labeling or cannot be labeled with typical features due to its understanding of content and context of each email.
- Insider threat – If a malicious actor has compromised an account, data exfiltration can still be attempted on encrypted data, intellectual property, or other forms of unlabeled data to avoid detection. Darktrace analyzes user behavior to detect cases of unusual exfiltration of data from individual accounts.
And the classification efforts already in place are not in vain: Darktrace/Email extends Microsoft Purview policies and sensitivity labels to avoid duplicate workflows for the security team, combining the best of both approaches to ensure that organizations maintain control and visibility over their data.
End user and security workflows
Improve the quality of end-user phishing reporting and detection of sophisticated malicious web links by more than 60%.1
Darktrace/Email fundamentally improves end-user reporting to save security team resources. Employees will always be on the front lines when it comes to email security. While other solutions assume that end user reporting is automatically low quality, Darktrace prioritizes improving user security awareness to increase the quality of end user reporting right from the start. first day.
Users are empowered to assess and report suspicious activity with Cyber AI Analyst-generated pop-up banners and stories for potentially suspicious emails, resulting in a 60% reduction in reported innocuous emails.
Of the higher quality emails that end up being flagged, the next step is to reduce the number of emails that reach the SOC. Darktrace/Email’s Mailbox Security Assistant automates mailbox sorting with secondary analysis combining additional behavioral signals (using 20x more metrics than before) with advanced link analysis to detect 70% of mailbox links more sophisticated malicious phishing.2 This directly eases the burden of manual sorting for security analysts.
For emails received by the SOC, Darktrace/Email uses automation to reduce the time spent investigating each incident. With Live Inbox View, security teams have access to a centralized platform that combines intuitive search capabilities, Cyber AI Analyst reporting, and mobile app access. Analysts can take corrective action from Darktrace/Email, eliminating console jumps and speeding up incident response.
Microsoft Teams
Detect threats within your Teams environment, such as account compromise, phishing, malware, and data loss.
About 83% of Fortune 500 companies rely on Microsoft Office products and services, particularly Teams and SharePoint.3
Darktrace now leverages the same behavioral AI techniques for Microsoft customers in 365 and Teams, enabling organizations to detect threats and signals of account compromise within their Teams environment, including social engineering, malware and data loss.
The primary use case for Microsoft Teams protection is as a potential vector of entry. While messaging has traditionally been reserved internally, as organizations open up, it becomes a vector of entry that must be treated with the same level of caution as email. That’s why we’re applying our proven AI approach to Microsoft Teams, which understands the user behind the message.
Abnormal email behavior is also a very relevant indicator of whether a user has been compromised. Unlike other solutions that analyze Microsoft Teams content and focus on payloads, Darktrace goes beyond basic link and sandbox analysis and examines real user behavior from a user perspective. content and context. This linguistic understanding is not tied to the requirement to match a signature to a malicious payload, but rather looks at the context in which the message was transmitted. From this analysis, Darktrace can detect early symptoms of account compromise, such as social engineering at an early stage, before a payload is delivered.
Side mail analysis
Detect and respond to internal mail flow with multi-layered AI to prevent account takeover, lateral phishing and data leaks.
The industry’s most robust account takeover protection now prevents lateral compromise of email accounts. Darktrace has always examined internal mail to inform inbound and outbound decisions, but will now detect suspicious lateral mail behavior using the same AI techniques for inbound, outbound, and Teams analysis.
Unlike other solutions that only analyze payloads, Darktrace analyzes a range of signals to detect lateral movement before a payload is delivered. By adding an additional layer to the AI behavioral profile for each user, security teams can now use sidemail signals to detect early symptoms of account takeover and take autonomous action to prevent further compromise.
DMARC
Gain deep visibility and control over third parties using your domain with industry-first AI-assisted DMARC.
Darktrace has created the easiest path to brand protection and compliance with the new Darktrace/DMARC. This new feature permanently stops spoofing and phishing from within the corporate domain, while automatically improving email security and reducing the attack surface.
Darktrace/DMARC helps perfect businesses by providing step-by-step guidance and automated recording suggestions provide a clear and efficient path to enforcement. It allows organizations to quickly comply with requirements from Google, Yahoo and others to ensure their emails reach mailboxes.
At the same time, Darktrace/DMARC helps reduce the overall attack surface by providing visibility into shadow-IT and third-party vendors sending on behalf of an organization’s brand, while notifying recipients when emails from their domains are sent from an unauthenticated DMARC source.
Darktrace/DMARC integrates with the broader Darktrace product platform, sharing information to help you further secure your business in email attack path and attack surface management.
Conclusion
To learn more about the new innovations in Darktrace/Email download the solution file here.
All new Darktrace/Email updates can be found in the new Darktrace ActiveAI Security Platform, creating a feedback loop between email security and the rest of digital assets for better protection. Click to learn more about the Darktrace ActiveAI security platform or to hear about it the latest innovations from Darktrace/OT, the most comprehensive prevention, detection and response solution specifically designed for critical infrastructure.
Learn about the intersection of cybersecurity and AI by downloading the State of AI Cybersecurity 2024 report to discover global findings that might surprise you, insights from security leaders, and recommendations for tackling today’s top challenges you might also face.
The references
(1) Internal search on Darktrace
(2) Internal search on Darktrace
(3) Essential Microsoft Office Stats in 2024