Creating a Self-Defending Inbox with Mariana Pereira of Darktrace
With spear phishing, impersonation attacks, and account takeovers becoming more sophisticated year on year, email security has skyrocketed to the top of the priority list for businesses. No matter if you're a large corporation or a small-to-medium enterprise, email threats are now estimated to cost companies $1.77 billion every year. Security leaders such as CISOs need to seriously review their current security measures, as protection beyond traditional email gateways is evidently needed in order for businesses to survive. Advanced email security solutions are necessary.
In light of this, we spoke to Mariana Pereira, Director of Darktrace, to find out how Darktrace's Antigena Email - the world's first Cyber AI solution for the inbox – is working to save companies from malicious email attacks and extensive email threat financial loses. Founded in 2013 by mathematicians and cyber experts, Darktrace was the first company to apply AI to the challenge of cybersecurity, in which they primarily specialize in email threat detection and response.
Adversaries are constantly evolving and keeping up with different forms of malware, and this is a day-to-day challenge for security teams. How can we as users anticipate what forms these attacks will take in regards to email?
There are two key trends to bear in mind: attack lifecycles are getting shorter, and phishing attacks themselves are getting more targeted and sophisticated.
Attack infrastructure once lasted for weeks or months, but our research found that the average lifespan of an email attack has dropped from 2.1 days in 2018 to just 12 hours today. Attackers can easily purchase new email domains with just a few pennies, and a brand-new domain, with no malicious activity on its record, will pass most traditional reputation checks with ease.
In addition, the sheer availability of information online and across a plethora of social media platforms has allowed attackers to send well-researched, tailored emails that have a considerably higher chance of succeeding.
Many users feel concerned about adopting new security solutions as deployment can be time-consuming. How does Antigena simplify this often complicated process?
Antigena Email installs in 5 minutes in the cloud, and because it is self-learning, it immediately starts building an understanding of your email environment, without a manual or lengthy set-up process.
We're aware that many email providers such as Microsoft 365 have inbuilt security that filters out malware. With that said, I read on Darktrace's website that email is still responsible for 94% of cybersecurity attacks. What limitations do email providers currently have and how does Darktrace's Antigena Email assist them?
The vast majority of tools in place still rely on signatures and deny-lists - measuring inbound emails in isolation against lists of previously encountered attacks. This approach fails to catch new threats which are only discernible through understanding a sense of ‘self', moving away from asking “is this email bad?” and towards a more nuanced approach that asks “does this email belong?” in the wider context of the person in that specific organization.
Occasionally, we are blindsighted in our ability to read the behaviours of colleagues or people pretending to be someone we know and trust. What technology does Antigena Email have that can prevent this from happening?
There are two ways attackers can imitate our trusted contacts. One is by creating a fake email account that is similar to a real one and hoping we don't recognize the subtle differences in the domain. Antigena Email has measures in place to prevent these attacks, with models specifically designed to recognize visually similar or spoofed domains.
The other method is for a hacker to gain access to a real, trusted account. The recipient would recognize the sender and the email will have come from a legitimate account so here Darktrace’s AI will recognize the more subtle differences understanding that the email itself is unusual for that sender, rather than the sending address.
If one feature of Microsoft 365 is affected by an adversary, does that not mean that the rest of the infrastructure could also be compromised? How does Darktrace work to protect the entire ecosystem?
Darktrace's Microsoft 365 SaaS Module correlates insights across the whole Microsoft 365 stack: from Microsoft Teams and Outlook to OneDrive and SharePoint, meaning it can easily detect cases of systematic compromise across multiple accounts. The Darktrace Immune System protects the entire digital estate, from email, cloud and SaaS to endpoints and the corporate network, under a single AI umbrella. This holistic understanding allows the technology to recognize that a single event that may seem benign when viewed in isolation may point to a wider picture of malicious activity.
Check out our recent podcast with Mariana on the importance of email implementation here.