Email defence upgrade

Darktrace has introduced a major new upgrade to Darktrace/Email, its email offering that stops the most sophisticated email security risks through its unique understanding of you, rather than knowledge of past attacks.

  • Thursday, 6th April 2023 Posted 1 year ago in by Phil Alsop

As part of the Darktrace Cyber AI Loop™, Darktrace/Email’s new capabilities include an AI-employee feedback loop, account takeover protection, insights from endpoint, network and cloud, and behavioral detections of misdirected emails. These capabilities enhance security and productivity for employees and security teams in organizations protected by Darktrace/Email. Darktrace/Email is already a leading technology in the industry and this upgrade builds on the success of the company’s previous email product which was initially launched in 2019 and is used by over 3,000 organizations globally[1]. 

 

As organizations continue to rely on email as their primary collaboration and communication tool, email security tools that rely on knowledge of past threats are failing to future-proof organizations and their people against evolving email threats. Darktrace analysis reveals that other email security solutions, including native, cloud and ‘static AI’ tools, take an average of 13 days from an attack being launched on a victim to that attack being detected, leaving defenders vulnerable for almost two weeks if they rely solely on these tools[2]. In contrast, Darktrace/Email is capable of detecting attacks as soon as they are launched because it is not trained on what ‘bad’ has historically looked like, but instead learns you, the normal patterns of life for each unique organization.

 

This deep understanding of you is critical against the increase in both novel, ‘never seen before’ email attacks and increasingly linguistically complex malicious communication. Darktrace researchers observed a 135% increase in ‘novel social engineering attacks’ across thousands of active Darktrace/Email customers from January to February 2023, corresponding with the widespread adoption of ChatGPT[3]. These novel social engineering attacks use sophisticated linguistic techniques, including increased text volume, punctuation, and sentence length. At the same time there has been a decline in malicious emails containing links or attachments. The trend suggests that generative AI, such as ChatGPT, is providing an avenue for threat actors to craft sophisticated and targeted attacks at speed and scale.

 

With this upgrade, Darktrace Cyber AI Analyst™ now combines anomalous email activity with other data sources including endpoint, network, cloud, apps and OT, automating investigations and incident reporting. The ability to combine and analyze data sources from different parts of the organization in the same system to mutually strengthen email and network security is a Darktrace patented technology[4]. Sophisticated cyber-attacks most often start in the inbox but frequently traverse into other areas such as the network; an example being multi-stage ransomware attacks. With greater context around its discoveries, Darktrace’s AI is capable of more informed decision making. The algorithms have a full picture of what ‘normal’ looks like for a user from multiple perspectives to produce high-fidelity conclusions that are contextualized and actionable, saving human security teams’ time.

 

Darktrace/Email’s new capabilities include:

 

Account takeover and email protection in a single product.

Behavioural detections of misdirected emails, preventing intellectual property or confidential information being sent to the wrong recipient.

Employee-AI loop that leverages insights from each individual employee to inform Darktrace’s AI and brings Darktrace’s explainable AI to employees to provide real-time, in-context insights and security awareness.

Intelligent mail management for improved productivity against graymail, spam, and newsletters that clutter inboxes.

Optimized workflows & integrations for security teams, including the Darktrace mobile app.

Automated investigations of email incidents with other coverage areas with Darktrace’s Cyber AI Analyst.

 

“Email is the key vulnerability for businesses today. Defenders are up against sophisticated generative AI attacks and entirely novel scams that use techniques and reference topics that we have never seen before. In a world of increasing AI-powered attacks, we can no longer put the onus on humans to determine the veracity of communications they receive. This is now a job for artificial intelligence,” commented Max Heinemeyer, Chief Product Officer, Darktrace. “Darktrace continues to lead the evolution of the cyber security industry through its unique approach that focuses not on past attacks, but on understanding the organization and how the people within it behave in order to stop novel social engineering attacks.”