Email gateways: A legacy approach
Traditional email security tools look for known indicators of ‘bad’ through blacklisted IP addresses, domains, and other indicators around the email — this is the approach relied upon by gateways such as Mimecast and Proofpoint.
Darktrace for Email: A self-learning approach
Darktrace for Email doesn’t rely on rules and signatures, instead using a combination of supervised and unsupervised machine learning to learn ‘normal’ for every email, user and device. This enables it to recognize deviations from their learned ‘pattern of life’ that are indicative of a threat.