.jpg)
A new era of reputation-aware, unified email security
Darktrace / EMAIL is redefining email defense with new innovations that close email security silos and empower SOC teams to stop multi-stage attacks – without disrupting business operations.
By extending visibility across interconnected domains, Darktrace catches the 17% of threats that leading SEGs miss, including multi-stage attacks like email bombing and cloud platform abuse. Its label-free behavioral DLP protects sensitive data without reliance on manual rules or classification, while DMARC strengthens brand trust and authenticity. With native integrations for Microsoft Defender and Security Copilot, SOC teams can now investigate and respond faster, reducing risk and maintaining operational continuity across the enterprise.
Summary of what’s new:
- Cross-domain AI-native detection unifying email, identity, and SaaS
- Label-free behavioral DLP for effortless data protection
- Microsoft Defender and Security Copilot integrations for streamlined investigation and response
Why email security must evolve
Today’s attacks don’t stop at the inbox. They move across domains – email to identity, SaaS, and network – exploiting the blind spots between disconnected tools. Yet most email security solutions still operate in isolation, unable to see or respond beyond the message itself.
In 2024, Darktrace detected over 30 million phishing attempts: 38% targeting high-value individuals and almost a third using novel social engineering, including AI-generated text. Generative AI is amplifying the realism and scale of social engineering, while customers face a wave of new techniques like email bombing, where attackers flood inboxes to distract or manipulate users, and polymorphic malware, which continuously evolves to evade static defenses.
Meanwhile, defenders are exposed to traditional DLP tools that create operational drag with high false positives and rigid policies. Accidental insider breachers remain a major risk to organizations: 6% of all data breaches are caused by misdelivery, and 95% of those incidents involve personal data.
Tool sprawl compounds the issue. The average enterprise manages around 75 security products, and 69% report operational strain as a result. This complexity is counterproductive – and with legacy SEGs failing to adapt to detect threats that exploit human behavior, analysts are left juggling an unwieldy patchwork of fragmented defenses.
The bottom line? Siloed email defenses can’t keep pace with today’s AI-driven, cross domain attacks.
Beyond detection: AI built for modern threats
Darktrace / EMAIL is uniquely designed to catch the threats SEGs miss, powered by Self-Learning AI. It learns the communication patterns of every user – correlating behavioral signals from email, identity, and SaaS – to identify the subtle, context-driven deviations that define advanced social engineering and supply chain attacks.
Unlike tools that rely on static rules or historical attack data, Darktrace’s AI assumes a zero trust posture, treating every interaction as a potential risk. It detects novel threats in real time, including those that exploit trusted relationships or mimic legitimate business processes. And because Darktrace’s technology is natively unified, it delivers precise, coordinated responses that neutralize threats in real time.
Powerful innovations to Darktrace / EMAIL
Improved, multi-domain threat detection and response
With this update, Darktrace reveals multi-domain detection linking behavioral signals across email, identity, and SaaS to uncover advanced attacks. Darktrace leverages its existing agentic platform to understand behavioral deviations in any communication channel and take precise actions regardless of the domain.
This innovation enables customers to:
- Correlate behavioral signals across domains to expose cross-channel threats and enable coordinated response
- Link email and identity intelligence to neutralize multi-stage attacks, including advanced email bombing campaigns
Detection accuracy is further strengthened through layering with traditional threat intelligence:
- Integrated antivirus verdicts improve detection efficacy by adding traditional file scanning
- Structured threat intelligence (STIX/TAXII) enriches alerts with global context for faster triage and prioritization
Expanded ecosystem visibility also includes:
- Salesforce integration, enabling automatic action on potentially malicious tickets auto-created from emails – accelerating threat response and reducing manual burden
Advancements in label-free DLP
Darktrace is delivering the industry’s first label-free data loss prevention (DLP) solution powered by a proprietary domain specific language model (DSLM).
This update expands DLP to protect against both secrets and personally identifiable information (PII), safeguarding sensitive data without relying on status rules or manual classification. The DSLM is tuned for email/DLP semantics so it understands entities, PII patterns, and message context quickly enough to enforce at send time.
Key enhancements include:
- Behaviorally enhanced PII detection that automatically defines over 35+ new categories, including personal, financial, and health data
- Added detail to DLP alerts in the UI, showing exactly how and when DLP policies were applied
- Enhanced Cyber AI Analyst narratives to explain detection logic, making it easier to investigate and escalate incidents
And for further confidence in outbound mail, discover new updates to DMARC, with support for BIMI logo verification, automatic detection of both MTA-STS and TLS records, and data exports for deeper analysis and reporting. Accessible for all organizations, available now on the Azure marketplace.
Streamlined SOC workflows, with Microsoft-native integrations
This update introduces new integrations that simplify SOC operations, unify visibility, and accelerate response. By embedding directly into the Microsoft ecosystem – with Defender and Security Copilot – analysts gain instant access to correlated insights without switching consoles.
New innovations include:
- Unified quarantine management with Microsoft Defender, centralizing containment within the native Microsoft interface and eliminating console hopping
- Ability to surface threat insights directly in Copilot via the Darktrace Email Analysis Agent, eliminating data hunting and simplifying investigations
- Automatic ticket creation in JIRA when users report suspicious messages
- Sandbox analysis integration, enabling payload inspection in isolated environments directly from the Darktrace UI
Committed to innovation
These updates are part of the broader Darktrace release, which also included:
- Major innovations in cloud security with the launch of the industry’s first fully automated cloud forensics solution, reinforcing Darktrace’s leadership in AI-native security.
- Redefining NDR with industry-first autonomous threat investigation from network to endpoint
- Innovations to our suite of Exposure Management & Attack Surface Management tools
As attackers exploit gaps between tools, the Darktrace ActiveAI Security Platform delivers unified detection, automated investigation, and autonomous response across cloud, endpoint, email, network, and OT. With full-stack visibility and AI-native workflows, Darktrace empowers security teams to detect, understand, and stop novel threats before they escalate.
Join our Live Launch Event
When? December 9, 2025
What will be covered? Join our live broadcast to experience how Darktrace is eliminating blind spots for detection and response across your complete enterprise with new innovations in Agentic AI across our ActiveAI Security platform. Industry leaders from IDC will join Darktrace customers to discuss challenges in cross-domain security, with a live walkthrough reshaping the future of Network Detection & Response, Endpoint Detection & Response, Email Security, and SecOps in novel threat detection and autonomous investigations.
.jpg)
