Antigena Email
Antigena Email uses Darktrace’s core artificial intelligence to stop the most advanced email threats, intervening to protect employees from the full range of threats targeting the inbox.
Learns the unique ‘pattern of life’ for every email user to identify anomalies
Protects the workforce from email impersonation attacks, however convincing
Cloud-delivered, effective within hours
A diverse landscape
Modern cyber-criminals employ a range of methods to achieve their goals, from impersonating trusted employees to compromising email accounts. Darktrace’s self-learning AI catches email attacks regardless of their nature, and takes targeted, proportionate action to contain the threat.
- Advanced spear phishing
- Employee account takeover
- Spoofing and solicitation
- Supply chain attack
Phishing attacks typically aim to deceive employees into clicking malicious links or attachments in an email, with the ultimate aim of harvesting credentials or deploying malware into an organization.
These attacks are becoming increasingly well-crafted and customized to the recipient, with malicious payloads often concealed behind plausible links and disguised buttons.
Antigena Email: Learning the pattern of life
Without relying on knowledge of previously identified threats, Antigena Email analyzes links and attachments in connection with all email communication across the business. In cases of phishing, Antigena will recognize that neither the recipient nor anyone in their peer group has visited the suspect domain before.
The technology also analyzes where the potentially malicious payload is located within an email, noting for instance if it is disguised behind various buttons designed to look like trusted sites.
Blog: AI catches phishing attack disguised as Microsoft Teams notification
Once email account credentials are compromised – either through a successful phishing attack or a wide scale data breach – an attacker’s options are endless.
In many cases, attackers will pillage your inbox for the valuable data it contains: customer lists, pricing documents, and even roadmap and IP details are often just a few searches away. In other cases, criminals will use the account as a launching point for the next stages of an attack.
Complete SaaS coverage with Cyber AI
In addition to the AI-powered phishing protection provided by Antigena Email, Darktrace’s Microsoft 365 Module identifies misuse and account takeover across SaaS applications like Exchange and Microsoft Teams, delivering unprecedented visibility and protection with a dedicated SaaS console.
Blog: How Darktrace caught an email takeover that was missed by other tools
Posing as a trusted contact can help attackers elicit a response and quickly gain a foothold in an organization – whether to wire a fraudulent payment or coax an employee into sharing sensitive information.
These attacks typically come in the form of ‘clean’ emails, with no malicious links or payloads, which makes them even harder to detect. The goal is often to take the conversation offline and bypass traditional security measures.
Antigena Email: A self-learning AI approach
Darktrace learns ‘normal’ communication between every sender and recipient, and catches anomalous behavior as soon as it occurs. Even with ‘clean’ emails, the AI recognizes visually similar email domains and solicitation attempts in the body of the email.
Blog: The advanced email spoofing attacks of hackers-for-hire group Dark Basin
By hijacking the account details of a trusted contact in your supply chain, sophisticated threat actors can gain the trust of a recipient and coax them into clicking a malicious link or transferring millions out of the business. Legacy email defenses assume trust, which means that sophisticated account takeovers often go completely unnoticed.
Antigena Email: Telling friend from foe
Analyzing patterns of communication across inbound, outbound, and lateral mail, Antigena Email uses a wide range of metrics to confidently identify cases of account takeover. The AI will then action an autonomous response, which according to the severity of the threat can range from locking suspicious links and attachments to withdrawing an email from an employee’s inbox entirely.
Blog: Fake Siemens invoice costs academic institution $60,000