Darktrace for Google Workspace

Darktrace’s AI understands normal ‘patterns of life’ to detect threats that other tools miss, protecting the dynamic workforce across email, SaaS and the cloud.

As attackers continue to target remote workers via spear phishing, wire fraud and SaaS account takeover, Darktrace learns on the job, securing your entire Google Workspace environment with a single AI engine.

Self-learning

Single, unified AI platform that provides complete coverage

Understands the human

Every user analyzed for behavioral modeling

Proportionate response

Catches costly attacks missed by legacy security tools

Installs in 5 minutes

Virtual or hardware deployment available

Darktrace for Email: Secure your inbox with AI

Darktrace for Email is the world’s first Self-Learning AI email security solution. By learning the normal ‘pattern of life’ for every user within Google Workspace, the technology builds an evolving understanding of the human behind email communications.

While legacy email security tools look for known email attack vectors, Darktrace for Email is able to identify novel email threats that get through, including sophisticated phishing, business email compromise (BEC) and data leakage.

Advanced spear phishing

Supply chain attack

Spoofing and solicitation

Employee account takeover

Spear phishing attacks typically aim to deceive employees into clicking malicious links or attachments in an email, aiming to harvest credentials or deploy malware into an organization.Unknown correspondentNobody in the organization has had previous contact with the sender.Unusual recipient groupThe email chain was sent to a group of contacts within the organization not usually associated with one another.Suspicious attachmentIndicates behavior consistent with an attempt to deliver a payload via an attachment.By hijacking the account of a trusted contact in your supply chain, threat actors can easily gain the trust of a user and coax them into clicking a malicious link, or even wiring money out of the business.False replyDarktrace for Email can distinguish genuine replies from fake ones, whereby a manufactured email thread is pasted below the offending email.Suspicious URLNeither the recipient nor anyone in their peer group has visited the suspect domain before, raising a high-confidence alert.Suspicious locations of linkThe same suspicious URL appears in multiple locations within the email, including behind this misleading hyperlink.Spoofing attacks usually involve an attempt at impersonation, where disguised attackers prompt the recipient to reply, with a goal to either solicit a fraudulent payment or gather intel on an organization.Unusual correspondentNeither the recipient nor anyone in the organization has had any previous interaction with this sender.SolicitationA time constraint invokes a sense of urgency, a sign of possible solicitation attempt.Suspicious linkNeither the recipient nor anyone in their peer group has visited the suspect domain before, raising a high-confidence alert.Employee’s email accounts can be compromised either through fake login pages that record keystrokes, or data leakages containing credentials. Once inside, attackers may pillage an inbox for valuable information, or launch a string of malicious emails from the compromised account.Unusual email processing rulesThis email was sent just minutes after unusual inbox processing rules were created on the account.Unusual login locationDarktrace’s SaaS Module has picked up on the unusual login location and flagged it to Darktrace for Email.Unusual outbound attachmentIndicates behavior consistent with an attempt to deliver a payload via an attachment.

Installed in minutes.

Uses Google’s API.

No MX changes required.

Getting started with Darktrace for Google Workspace is easy and fast. Google Workspace’s data and metadata is immediately processed on configuration, allowing Darktrace for Email to gain an immediate knowledge of users, email addresses, correspondents, and routine operations.

Complete Google Workspace Coverage

Organizations trialing Darktrace for Email benefit from extended visibility and protection provided by Darktrace’s Google SaaS Module. Additional insights learned across Google Workspace allow Darktrace’s AI to accurately identify cases of account takeover, autonomously locking the account of the compromised user before harm can be done to the organization.

With unified understanding across email, SaaS and the cloud, the Darktrace Immune System can correlate activity across multiple environments, enabling greater detection, investigation and response capabilities.

Featured Blog

Darktrace email finds: Impersonation attack of board member targets Gmail account

Darktrace recently stopped three related email attacks in a Gmail environment of a Darktrace for Email customer. The attacks attempted to impersonate high-profile executives and bypassed legacy tools, but the anomalous activity was identified and neutralized by AI.

Darktrace for Google Workspace

Darktrace for Email: Secure your inbox with AI

Complete Google Workspace Coverage

Featured Blog

Technology

Products

Resources

Company

Darktrace for Google Workspace

Darktrace for Email: Secure your inbox with AI

Complete Google Workspace Coverage

Featured Blog

Related Resources

Technology

Products

Resources

Company