Cloud-native email security for Microsoft and google
Darktrace DETECT + RESPOND/Email
Darktrace/Email leverages the best data source to detect and neutralize threats in emails: your employees.
UNDERSTANDING THE DATA
Stopping the bad, allowing the good.
Businesses change, and as they do it's important email security solutions can determine the difference between unusual benign and unusual malicious.
Many emails are entirely legitimate and are critical to your business, and every legitimate email is essential for understanding normal to answer determine who emails whom, tone, types of links and attachments, and other metrics.
And answer questions like has your organization ever communicated with anybody at this domain? Does the email with soliciting text appear unusual compared to previous emails?
Many emails are entirely legitimate and are critical to your business, and every legitimate email is essential for understanding normal to answer determine who emails whom, tone, types of links and attachments, and other metrics.
And answer questions like has your organization ever communicated with anybody at this domain? Does the email with soliciting text appear unusual compared to previous emails?
Contextual AI
Machine analysis. Designed for humans.
Effective email security doesn't come with baggage, and shouldn't be left to a human to decipher, triage, or adjust. Darktrace/Email uses powerful AI to not only detect and respond to unusual emails, but ensure a human's interaction and intervention are left to the absolute minimum, saving time and resources for both the security team and end users.
50%
Anomaly scores
Calculated to display to a security admin the overall ranking of an email against the understanding of normal.
0% being completely usual and 100% representing an email that doesn't belong in the environment.
0% being completely usual and 100% representing an email that doesn't belong in the environment.
Out of Character
Suspicious Link
Spam
New Contact
Contextual tags
Provide high level descriptors of an email through Darktrace/Email's eyes.
Narrative
A natural language summary of Darktrace/Email's analysis, including the key unusual metrics like links, file and attachment links.
Written to be easily understood.
Written to be easily understood.
Email security that doesn't disrupt business
È una questione di precisione.
Every email is different, with different content sent at different times to different people. What’s normal for one user may be unusual for another. Proportionate response means all data is understood, contextualized, and weighed so the right decisions are made.
When email security solutions are working, they should be invisible, working in the background to reduce risk while allowing legitimate emails to flow. Emails are protected while business flows normally.
When email security solutions are working, they should be invisible, working in the background to reduce risk while allowing legitimate emails to flow. Emails are protected while business flows normally.
Il segreto non sta nelle azioni, ma nel momento in cui le si applica.
Detto questo, ecco un assaggio della cintura degli strumenti.
Detto questo, ecco un assaggio della cintura degli strumenti.
RESPOND ACTION
Non è necessaria alcuna azione
.svg)
Move to junk
Flatten an attachment
Rewrite a suspicious link
Unspoof the sender
Completely deny access to link
Remove an attachment
Hold the message back entirely
... and many more.
CAPIRE LA NORMALITÀ
Thousands of Data Points. Every Email.
Darktrace/Email is constantly learning your normal email patterns, analyzing thousands of data points from every email to develop actionable metrics.
Punti dati grezzi
Estratto direttamente dall'e-mail
Sender IP
Sender Name
Has attachment?
Links in attachments?
. . .
Punti dati arricchiti di Darktrace
Caratteristiche dei dati matematiche e potenziate dall'intelligenza artificiale
Potential solicitation?
Potential extortion?
Is the link suspicious?
Is the tone consistent?
. . .
Once raw and calculated metrics are extracted, Darktrace Self-Learning AI works to understand the email in its entirety, with Darktrace DETECT determining unusual metrics.
For every metric DETECT asks
is it unusual for this sender or the organization?
is it unusual for this sender or the organization?
Sender IP
Sender Name
Basso
Has attachment
Has links in attachment (2)
. . .
Potential solicitation?
Basso
Potential extortion?
Link appears suspicious
Alto
Is the tone consistent?
. . .
And with its complete analysis of which elements of an email exist, Darktrace RESPOND steps in to neutralize either the risky parts of the email or the whole thing.
All metrics considered, is the email normal?
And issues the perfect counter response for the threat.
And issues the perfect counter response for the threat.
RESPOND ACTION
→
Non è necessaria alcuna azione
Riscrivere il link sospetto
Non è necessaria alcuna azione
And the best part?
This all happens in milliseconds, with no human interaction necessary.
/Email +
/Apps +
/Network
/Apps +
/Network
Employees have ever-evolving lives and work across different devices, applications, and locations.
Darktrace understands a human's complete digital footprint, without reducing them to their inbox.
The complexity of humans behind the inbox are fully contextualized, making actions even more nuanced and precise.
Darktrace understands a human's complete digital footprint, without reducing them to their inbox.
The complexity of humans behind the inbox are fully contextualized, making actions even more nuanced and precise.
Unusual Link Detection
Email communications are observed and learned to create “patterns of life” which help answer the question of whether an email belongs in the inbox. The understanding of a domain within an organization is determined by any observed domain data, which may include data outside of Email - like Network and Endpoint.
Asking questions like:
- Has anybody in the organization ever communicated with this domain?
- What do those communications look like?
- What is the typical sentiment of the emails?
Link Rewriting and Locking
Rewriting every link is never the right answer. Darktrace/Email rewrites suspicious URLs and nothing else, determining in real time whether the link belongs in the email.
Tag Spotlight
Suspicious Link
Indicates behavior consistent with an attempt to deliver a payload via a link, whether hidden, embedded in an attachment, or exposed on the email body.
Lock Link
Rewrite a suspicious link
Applied to suspicious links, users are redirected to a landing page while Darktrace/Email makes a final determination to allow or deny access to the URL.
Double lock Link
Completely deny access to link
Applied to the highly suspicious links, users are redirected to a landing page where their intent to visit the link is recorded in Darktrace/Email but access to the URL is denied.
On-click, real time webpage analysis
When a user clicks a locked link, additional checks are performed to determine the legitimacy of the end-destination to identify fake login and similarly-dangerous pages. Analyzing the webpage's overall intent to determine if the page is secure enough to send the user to.
To determine intent Darktrace/Email weighs the answers of thousands of questions and data points, like:
you might check if it's asking a user for a username and password, are there pre-populated fields, are there recognizable logos but not on their expected domains?
To determine intent Darktrace/Email weighs the answers of thousands of questions and data points, like:
you might check if it's asking a user for a username and password, are there pre-populated fields, are there recognizable logos but not on their expected domains?
Unusual Attachment Detection
Malicious attachments are qualified in two key categories: Attachments containing malicious text content like links or inducement text and those containing malware.
Asking questions like:
- Does this user typically receive attachments like this?
- Does this sender typically send attachments?
- Is this attachment what it purports to be?
- Does this attachment appear suspicious?
Attachment Conversion & Stripping
Darktrace/Email rewrites or strips attachments when a risk is identified.
Tag Spotlight
Allegato sospetto
An attachment which poses as a legitimate file may be designed to deploy malware on the recipient’s device when opened. Alternatively an attachment may not contain malicious code but could be used fraudulently to induce a bank payment or the sharing of sensitive data.
Convertire l'allegato
Appiattire l'attacco
Applied to attachments with one or several unusual components, the attachments are flattened to a neutralized version.
An example of this is the neutralization of a suspicious spreadsheet with macros enabled, it may be flattened to simply disable the macros.
An example of this is the neutralization of a suspicious spreadsheet with macros enabled, it may be flattened to simply disable the macros.
Strip attachment
Remove the attachment
Applied to the highly suspicious emails/attachments where the attachment is completely removed from the email.
Spoof Mitigation
Darktrace/Email's understanding doesn't stop at your users. Learning about who they correspond with, and how, is crucial to combating potential spoofing.
Leveraging established email security techniques, like SPF and DKIM, and combining them with rich contextual information about a user, their correspondents, and their organization, Darktrace/Email is able to detect when an email is sent from a user posing to be someone else.
Darktrace/Email reveals the true sender to the end user, stopping spoofing attempts.
Unspoof
Mitigate the psychological impact of a spoofed email address.
Tag Spotlight
Spoofing
Elements of these emails contain some weak indicators which are suggestive of spoofing attempts where an attacker may be masquerading as a known contact or commonly used service.
Tag Spotlight
Spoofing Indicators
Lo spoofing consiste nel correggere alcuni aspetti visivi delle intestazioni delle e-mail per farle apparire come provenienti da una persona riconoscibile dal destinatario, ad esempio un membro del personale senior o il team di supporto interno. Una volta suscitato l'interesse dell'utente, è possibile che gli venga chiesto di scaricare un file o di divulgare informazioni sensibili.
Azione Unspoof
Rimuovere l'impatto dello spoof
Darktrace/Email eliminerà l'impatto di un'intestazione From falsificata sostituendola con la busta, rendendo chiaro all'utente da chi proviene l'e-mail.
Un caso d'uso per ogni cosa
Il giusto approccio può gestire qualsiasi cosa
Identificazione automatica degli utenti più esposti e a rischio
Valutazioni dinamiche del rischio al di là della vostra C-Suite, per identificare in ogni momento i soggetti più a rischio e più esposti.
Trends you can do something with
Dashboard personalizzabili che visualizzano gli ultimi 14 giorni di dati per tutte le query più importanti.
Esempi:
- Mostra tutte le e-mail non gestite dal mio gateway ma bloccate da Darktace/Email.
- Mostrami le email che sono state mandate contro i miei utenti più rischiosi
- Mostrami tutte le email legittime che il mio gateway ha spostato nella spazzatura
Executive Reporting e dati dove volete voi
I dati non drimangono in una dashboard. Ottenete i dati di cui avete bisogno ovunque ne abbiate bisogno.