
Why Antigena Email?
94% of cyber-threats originate via email, and legacy defences at the border continue to fall short. Yet whenever Antigena Email and legacy defences are deployed in the same environment, Antigena consistently neutralizes external threats and data loss that evade email defences at the border.
Why?
1. AI that learns ‘self’
Antigena Email is the only solution that analyses individual emails in the context of a bespoke understanding of ‘self’ (what is ‘normal’) for your entire digital business – not just email:
- Because Antigena understands the normal ‘pattern of life’ of your employees across cloud, SaaS, email, and the network, it can detect sophisticated threats by spotting subtle deviations
- Antigena treats recipients as dynamic individuals and peers, not mere email addresses, and understands the full scope of their normal behaviours
- By contrast, legacy defences analyse each email in isolation and correlate it against static rules and signatures, which are based on historical attacks
- Rules and signatures are blind to sophisticated, novel attacks, which are becoming increasingly common
In short, Darktrace knows your entire digital business in a way that other tools do not, and this allows it to catch advanced email-borne threats that would otherwise go unnoticed, while allowing legitimate business email to pass uninterrupted.
2. Decisions that evolve over time
Antigena Email is the only solution that operates as a layered, unified system that updates its decisions in light of new evidence:
- Antigena’s decision-making is operative throughout the entire lifetime of an email – from delivery, through to click and execution
- Antigena’s unique knowledge of network, cloud, email, and SaaS events allows it to adjust its appraisal of a given email’s level of threat in light of new evidence, and vice versa
- Legacy email defences only operate at the border and are blind to past, present, and future network and cloud events that would greatly enhance its decision-making
- Threats that might be benign at the point of delivery can be neutralized if they present a later threat evinced in the context of the network
3. Accurate and precise action against the full range of targeted email attacks
Together, (1) and (2) drastically improve Antigena Email’s accuracy when deciding whether a given email is malicious or benign, which means that more malicious emails are stopped, and far fewer desirable emails are held back than with other solutions that do not have this context.
Thanks to this unique approach, Antigena Email will not only stop less advanced, ‘known’ threats that legacy defences would, but it is also best-in-class at stopping the sophisticated threats that evade legacy defences by design:
Social Engineering Attacks
- Traditional email defenses often fail to stop social engineering attacks, especially when they do not include links or attachments (i.e. ‘clean’ emails) that could be used to correlate against blacklists and signatures. Since Antigena Email ‘knows your network’ in a way that other tools do not, it can spot subtle deviations in the metadata that reveal seemingly benign emails to be unmistakably malicious.
Unknown Malware and Impersonation Attacks
- If an email does include a malicious link or attachment but the domain is unknown, Antigena Email will still catch it when others do not because the system does not rely on blacklists or signatures. The same logic applies to newly registered spoof domains used in subtle impersonation attacks.
External Account Hijacks
- Since Darktrace analyzes and understands your organization’s and users’ relationships with trusted external contacts, Antigena Email can pick up on subtle inconsistencies that point to a compromised account, and it can take autonomous action to protect against this. Legacy email defences assume trust, which means that account hijack attacks often go completely unnoticed.
Inbound and Outbound Data Loss Protection
- Because Antigena Email understands the full scope of your users’ ‘pattern of life’ in every corner of the business, it knows which files they should and should not have access to and where they should or should not send them. Antigena is not only neutralizing malicious inbound emails, but also alerting on malicious outbound emails – this could be an insider threat or bad leaver emailing files to themselves to send to a competitor or use in their next role, or simply a naïve employee sending work home against corporate policy.