Overview
Antigena Email uses Darktrace’s core artificial intelligence to stop the most advanced email threats, intervening to protect employees from the full range of threats targeting the inbox.
Understands the human
Learns the unique ‘pattern of life’ for every email user to identify anomalies
Stops advanced spear phishing and digital fakes
Protects the workforce from email impersonation attacks, however convincing
Installs in 5 minutes
Cloud-delivered, effective within hours
Email Threats That Antigena Email Catches
- Spear phishing
- Social engineering & impersonation
- Business Email Compromise
- Supply chain account takeover
- External data loss
- Novel, unknown malware
Novel Email Threats Are Getting Through
Email attacks are getting more and more sophisticated, with offensive AI threatening to supercharge email attack campaigns in the near future. It is becoming almost impossible to distinguish targeted spoof emails from genuine communications.
Novel attacks are consistently getting through traditional email security tools, which observe individual emails in isolation, and compare them against rules and signatures of known malicious attacks. With supply chains becoming more complex and employees more distributed and mobile, the need for an AI-driven, self-learning approach to email security is ever more necessary.
The World’s First Self-Defending Inbox
Antigena Email is the world’s first Cyber AI solution for the inbox. By learning the normal ‘pattern of life’ for every user and correspondent, the technology builds an evolving understanding of the ‘human’ within email communications.
While traditional defenses ask whether elements of an email have been observed in historical attacks, Antigena Email is the only solution that can reliably ask whether it would be unusual for a recipient to interact with a given email, in the context of their normal ‘pattern of life’, as well as that of their peers and the wider organization.
This contextual knowledge enables the AI to make highly accurate decisions and neutralize the full range of email attacks, from ‘clean’ spoofing emails that seek to wire a fraudulent payment, to sophisticated spear phishing attempts.
Understanding the Human in the Email
Inspired by the human immune system, Antigena Email uses Darktrace’s core artificial intelligence to learn a sense of ‘self’ for every internal and external user, analyzing both inbound and outbound communications together with lateral, internal-to-internal communications.
By treating recipients as dynamic individuals and peers, Antigena Email uniquely spots subtle deviations from ‘the norm’ that reveal seemingly benign emails to be unmistakably malicious.
Features
The front door to your organization
Email is relied upon more than ever as a collaboration tool for the dynamic workplace. It is also the source of 94% of cyber-attacks, with attackers increasingly leveraging:
Trusted by thousands of companies
Due to its self-learning approach, Antigena Email works effectively in any email environment, from 10-person charities to multinational corporations with tens of thousands of email users.
The AI technology scales with your organization, without requiring manual configuration or fine-tuning.
Understanding the human
Rather than measuring inbound emails against pre-defined rules and signatures, a modern approach to email security uses AI to understand the human beings behind email interactions, learning their typical ‘patterns of life’ in order to spot anomalous behaviour.
A layered AI approach
Darktrace uses a combination of supervised and unsupervised machine learning to detect subtle deviations indicative of a cyber-threat that other tools miss. The AI then actions a surgical and proportionate response to contain the threat, while allowing normal business interactions to continue.
Installed in minutes
Uses Microsoft 365’s API
No MX changes required
Antigena Email for Microsoft 365
Microsoft 365 customers using E3, E5 and similar licences have recently enabled the unlimited archiving included in their subscriptions, sunsetting third-party email gateways.
Microsoft’s journaling functionality has quickly become the modern deployment method for email security as it provides real-time email visibility without the risk of operational outages that traditional email gateways pose – and at an additional cost. Organizations are finding that combining Microsoft’s included unlimited archiving with Antigena Email offers the most favorable and efficient approach to email security, retention, and compliance.
Antigena Email is also available for Google Workspace and Microsoft Exchange.
Use Case
Supply chain account takeover
One of the most difficult attacks to detect is an external account takeover, where a criminal hijacks the email credentials of a trusted contact and gains access to their inbox.
Once inside, the attacker can access historical correspondence and produce highly convincing emails – embedding a malicious link or attachment in the conversation at just the right moment.
While traditional defenses assume this is a trusted user, Antigena Email sees that it is not. It analyzes each email in the context of learned patterns of life, and detects even the most subtle deviations. These include (but are not limited to):
Unusual login location – Antigena Email can extract the geo-locatable IP address of the genuine sender and determine whether this is rare given the trusted contact’s historical pattern of life. While a rare login location by itself may not trigger an alert or autonomous response, it will figure in the system’s overall calculation and anomaly score.
Link rarity – People often share links to the websites they visit and trust. By observing these links in lateral mail, Antigena Email can determine which links and domains are rare in the context of the organization. This is also useful in other threat scenarios, when determining whether a given sender’s email domain has been observed in shared internal links.
Unusual recipients – Antigena Email models graphbased relationships between internal and external users and peers and understands their relationships at a granular level. If the attacker sends multiple emails to a range of recipients in the organization, Antigena Email can estimate the likelihood that this particular group would be receiving an email from the same source.
Behavioral anomalies – Over time, Antigena Email learns how different senders construct their emails, analyzing both hidden email metadata and patterns in the body content. By applying AI to every inbound email, Darktrace identifies subtle changes that might be indicative that the email has been sent by someone other than the true account holder.
By correlating these weak indicators, Antigena Email quickly arrives at a comprehensive anomaly score, determining with confidence that the email is malicious, and neutralizing the attack before it can make an impact.
Documentation
Download the Darktrace Antigena Email Datasheet (.PDF)
