A new era of reputation-aware, unified email security

Darktrace / EMAIL is redefining email defense with new innovations that close email security silos and empower SOC teams to stop multi-stage attacks – without disrupting business operations.  

By extending visibility across interconnected domains, Darktrace catches the 17% of threats that leading SEGs miss, including multi-stage attacks like email bombing and cloud platform abuse. Its label-free behavioral DLP protects sensitive data without reliance on manual rules or classification, while DMARC strengthens brand trust and authenticity. With native integrations for Microsoft Defender and Security Copilot, SOC teams can now investigate and respond faster, reducing risk and maintaining operational continuity across the enterprise.

Summary of what’s new:

• Cross-domain AI-native detection unifying email, identity, and SaaS
• Label-free behavioral DLP for effortless data protection
• Microsoft Defender and Security Copilot integrations for streamlined investigation and response

Why email security must evolve

Today’s attacks don’t stop at the inbox. They move across domains – email to identity, SaaS, and network – exploiting the blind spots between disconnected tools. Yet most email security solutions still operate in isolation, unable to see or respond beyond the message itself.

In 2024, Darktrace detected over 30 million phishing attempts: 38% targeting high-value individuals and almost a third using novel social engineering, including AI-generated text. Generative AI is amplifying the realism and scale of social engineering, while customers face a wave of new techniques like email bombing, where attackers flood inboxes to distract or manipulate users, and polymorphic malware, which continuously evolves to evade static defenses.

Meanwhile, defenders are exposed to traditional DLP tools that create operational drag with high false positives and rigid policies. Accidental insider breachers remain a major risk to organizations: 6% of all data breaches are caused by misdelivery, and 95% of those incidents involve personal data.

Tool sprawl compounds the issue. The average enterprise manages around 75 security products, and 69% report operational strain as a result. This complexity is counterproductive – and with legacy SEGs failing to adapt to detect threats that exploit human behavior, analysts are left juggling an unwieldy patchwork of fragmented defenses.

The bottom line? Siloed email defenses can’t keep pace with today’s AI-driven, cross domain attacks.

Beyond detection: AI built for modern threats

Darktrace / EMAIL is uniquely designed to catch the threats SEGs miss, powered by Self-Learning AI. It learns the communication patterns of every user – correlating behavioral signals from email, identity, and SaaS – to identify the subtle, context-driven deviations that define advanced social engineering and supply chain attacks.

Unlike tools that rely on static rules or historical attack data, Darktrace’s AI assumes a zero trust posture, treating every interaction as a potential risk. It detects novel threats in real time, including those that exploit trusted relationships or mimic legitimate business processes. And because Darktrace’s technology is natively unified, it delivers precise, coordinated responses that neutralize threats in real time.

Powerful innovations to Darktrace / EMAIL

Improved, multi-domain threat detection and response

With this update, Darktrace reveals multi-domain detection linking behavioral signals across email, identity, and SaaS to uncover advanced attacks. Darktrace leverages its existing agentic platform to understand behavioral deviations in any communication channel and take precise actions regardless of the domain.  

This innovation enables customers to:

• Correlate behavioral signals across domains to expose cross-channel threats and enable coordinated response
• Link email and identity intelligence to neutralize multi-stage attacks, including advanced email bombing campaigns

Detection accuracy is further strengthened through layering with traditional threat intelligence:

• Integrated antivirus verdicts improve detection efficacy by adding traditional file scanning
• Structured threat intelligence (STIX/TAXII) enriches alerts with global context for faster triage and prioritization

Expanded ecosystem visibility also includes:

• Salesforce integration, enabling automatic action on potentially malicious tickets auto-created from emails – accelerating threat response and reducing manual burden

Advancements in label-free DLP

Darktrace is delivering the industry’s first label-free data loss prevention (DLP) solution powered by a proprietary domain specific language model (DSLM).  

This update expands DLP to protect against both secrets and personally identifiable information (PII), safeguarding sensitive data without relying on status rules or manual classification. The DSLM is tuned for email/DLP semantics so it understands entities, PII patterns, and message context quickly enough to enforce at send time.

Key enhancements include:

• Behaviorally enhanced PII detection that automatically defines over 35+ new categories, including personal, financial, and health data  
• Added detail to DLP alerts in the UI, showing exactly how and when DLP policies were applied
• Enhanced Cyber AI Analyst narratives to explain detection logic, making it easier to investigate and escalate incidents

And for further confidence in outbound mail, discover new updates to DMARC, with support for BIMI logo verification, automatic detection of both MTA-STS and TLS records, and data exports for deeper analysis and reporting. Accessible for all organizations, available now on the Azure marketplace.

Streamlined SOC workflows, with Microsoft-native integrations

This update introduces new integrations that simplify SOC operations, unify visibility, and accelerate response. By embedding directly into the Microsoft ecosystem – with Defender and Security Copilot – analysts gain instant access to correlated insights without switching consoles.

New innovations include:

• Unified quarantine management with Microsoft Defender, centralizing containment within the native Microsoft interface and eliminating console hopping
• Ability to surface threat insights directly in Copilot via the Darktrace Email Analysis Agent, eliminating data hunting and simplifying investigations
• Automatic ticket creation in JIRA when users report suspicious messages
• Sandbox analysis integration, enabling payload inspection in isolated environments directly from the Darktrace UI

Committed to innovation

These updates are part of the broader Darktrace release, which also included:

1. Major innovations in cloud security with the launch of the industry’s first fully automated cloud forensics solution, reinforcing Darktrace’s leadership in AI-native security.
2. Redefining NDR with industry-first autonomous threat investigation from network to endpoint  
3. Innovations to our suite of Exposure Management & Attack Surface Management tools

As attackers exploit gaps between tools, the Darktrace ActiveAI Security Platform delivers unified detection, automated investigation, and autonomous response across cloud, endpoint, email, network, and OT. With full-stack visibility and AI-native workflows, Darktrace empowers security teams to detect, understand, and stop novel threats before they escalate.

Join our Live Launch Event

When? December 9, 2025

What will be covered? Join our live broadcast to experience how Darktrace is eliminating blind spots for detection and response across your complete enterprise with new innovations in Agentic AI across our ActiveAI Security platform. Industry leaders from IDC will join Darktrace customers to discuss challenges in cross-domain security, with a live walkthrough reshaping the future of Network Detection & Response, Endpoint Detection & Response, Email Security, and SecOps in novel threat detection and autonomous investigations.

Darktrace is proud to be named as a Leader in the Gartner® Magic Quadrant™ for Email Security Platforms (ESP). We believe this recognition reflects what our customers already know: our product is exceptional – and so is the way we deliver it.

In July 2025, Darktrace was named a Customers’ Choice in the Gartner® Peer Insights™ Voice of the Customer for Email Security, a distinction given to vendors who have scores that meet or exceed the market average for both axes (User Interest and Adoption, and Overall Experience). To us, both achievements are testament to the customer-first approach that has fueled our rapid growth. We feel this new distinction from Gartner validates the innovation, efficacy, and customer-centric delivery that set Darktrace apart.

A Gartner Magic Quadrant is a culmination of research in a specific market, giving you a wide-angle view of the relative positions of the market’s competitors. CIOs and CISOs can use this research to make informed decisions about which email security platform can best accomplish their goals. We encourage our customers to read the full report to get the complete picture.

This acknowledgement follows the recent recognition of Darktrace / NETWORK, also designated a Leader in the Gartner Magic Quadrant for Network Detection & Response and named the only Customers’ Choice in its category.

Why do we believe Darktrace is leading in the email security market?

Our relentless innovation which drives proven results  

At Darktrace we continue to push the frontier of email security, with industry-first AI-native detection and response capabilities that go beyond traditional SEG approaches. How do we do it?

• With a proven approach that gets results. Darktrace’s unique business-centric anomaly detection catches advanced phishing, supply chain compromises, and BEC attacks – detecting them on average 13 days earlier than attack-centric solutions. That’s why 75% of our customers have removed their SEG and now rely on their native email security provider combined with Darktrace.
• By offering comprehensive protection beyond the inbox. Darktrace / EMAIL goes further than traditional inbound filtering, delivering account and messaging protection, DLP, and DMARC capabilities, ensuring best-in-class security across inbound, outbound, and domain protection scenarios.  
• Continuous innovation. We are ranked second highest in the Gartner Critical Capabilities research for core email security function, likely thanks to our product strategy and rapid pace of innovation. We’ve release major capabilities twice a year for nearly five years, including advanced AI models and expanded coverage for collaboration platforms.

We deliver exceptional customer experiences worldwide

Darktrace’s leadership isn’t just about excelling in technology, it’s about delivering an outstanding experience that customers value. Let’s dig into what makes our customers tick.

• Proven loyalty from our base. Recognition from Gartner Peer Insights as a Customers’ Choice, combined with a 4.8-star rating (based on 340 reviews as of November 2025), demonstrates for us the trust of thousands of organizations worldwide, not just the analysts.  
• Customer-first support. Darktrace goes beyond ticket-only models with dedicated account teams and award-winning service, backed by significant headcount growth in technical support and analytics roles over the past year.
• Local expertise. With offices spanning continents, Darktrace is able to provide regional language support and tailored engagement from teams on the ground, ensuring personalized service and a human-first experience.

Darktrace enhances security stacks with a partner-first architecture

There are plenty of tools out there than encourage a siloed approach. Darktrace / EMAIL plays well with others, enhancing your native security provider and allowing you to slim down your stack. It’s designed to set you up for future growth, with:

• A best-in-breed platform approach. Natively built on Self-Learning AI, Darktrace / EMAIL delivers deep integration with our / NETWORK, / IDENTITY, and / CLOUD products as part of a unified platforms – that enables and enhances comprehensive enterprise-wise security.
• Optimized workflows. Darktrace integrates tightly with an extended ecosystem of security tools – including a strategic partnership with Microsoft enabling unified threat response and quarantine capabilities – bringing constant innovation to all of your SOC workflows.  
• A channel-first strategy. Darktrace is making significant investments in partner-driven architectures, enabling integrated ecosystems that deliver maximum value and future-ready security for our customers.

Analyst recognized. Customer approved.  

Darktrace / EMAIL is not just another inbound email security tool; it’s an advanced email security platform trusted by thousands of users to protect them against advanced phishing, messaging, and account-level attacks.  

As a Leader, we believe we owe our positioning to our customers and partners for supporting our growth. In the upcoming years we will continue to innovate to serve the organizations who depend on Darktrace for threat protection.  

To learn more about Darktrace’s position as a Leader, view a complimentary copy of the Magic Quadrant report, register for the Darktrace Innovation Webinar on 9 December, 2025, or simply request a demo.

‍

Gartner, Gartner® Magic Quadrant™ for Email Security Platforms, Max Taggett, Nikul Patel, 3 December 2025

GARTNER is a registered trademark and service mark of Gartner, Inc. and/or its affiliates in the U.S. and internationally and is used herein with permission. All rights reserved. Magic Quadrant is a registered trademark of Gartner, Inc. and/or its affiliates and is used herein with permission. All rights reserved.

Gartner does not endorse any vendor, product or service depicted in its research publications, and does not advise technology users to select only those vendors with the highest ratings or other designation. Gartner research publications consist of the opinions of Gartner’s research organization and should not be construed as statements of fact. Gartner disclaims all warranties, expressed or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose.

This graphic was published by Gartner, Inc. as part of a larger research document and should be evaluated in the context of the entire document. The Gartner document is available upon request from Darktrace.

[related-resource]