Agari, the next-generation Secure Email Cloud that restores trust to the inbox, announced two complementary innovations that extends the coverage and effectiveness of the Agari Secure Email Cloud. The combined innovations from Agari not only prevent 99.9% of advanced email attacks in real-time, but also enable “time travel” to prevent previously unknown attacks from causing a data breach. Agari announced these innovations on location at RSA Conference 2019 in San Francisco.
Continuous Detection and Response is new technology from Agari that provides an always-on posture to address both known and previously unknown email threats within the enterprise, enabling a unique retroactive approach for breach remediation. This new innovation leverages the Agari SOC Network for the latest threat intelligence feeds to identify indicators of compromise.
Once the characteristics of a newly discovered threat is confirmed, Agari machine learning models analyze messages across the entire organization, as if traveling back in time to the original delivery. Agari then automatically removes all newly discovered malicious emails to eliminate potential data breaches caused by these latent threats.
The Agari SOC Network is a new cyber intelligence sharing network comprised of Agari customer SOC teams, the Agari Cyber Intelligence Division, and best-of-breed machine readable threat intelligence feeds. As new advanced email threats are detected and confirmed by Agari customers and threat researchers, the Agari SOC Network automatically analyzes the indicators of compromise across all previously delivered email for all customers in seconds and automatically removes active threats.
Participants of the Agari SOC Network can access the threat intelligence through a mobile application that sends push notifications to mobile devices and enables analysts to review and delete malicious messages related to email security incidents around the clock.
“Most implemented secure email gateways (SEGs) are not designed with post-delivery detection and remediation techniques, costing incident responder and email admin time and reducing the feedback loop from end users,” said Peter Firstbrook, VP Analyst and Neil Wynn, Principal Analyst, Gartner. “To date, most solution providers have assumed filtering is catching, and will continue to catch, all phishing messages. This is a dangerous assumption. History has shown that effective email filtering techniques result in attackers responding with new innovative attacks.”
Despite the rise in advanced email threats, existing security controls only analyze email messages at a single point in time, such as when emails are delivered, forwarded or a URL is clicked. In many cases, there may not be enough threat intelligence at that time for security systems to make a determination whether the message is malicious, allowing attacks to slip through the cracks.
When new malicious URLs, attachments or social engineering techniques are discovered, these malicious emails remain undetected and continue to pose a threat to the organization as a potential data breach.
“For decades, cyber criminals have successfully thwarted legacy defenses and year after year, email remains the primary attack vector,” said Patrick Peterson, Founder and CEO, Agari. “Agari’s community of elite cybersecurity SOC teams paired with an automated system marries human insight and machine learning to transform intelligence into action—removing latent threats after the fact is a unique approach and a big step forward for the industry.”
Both the Continuous Detection and Response technology and Agari SOC Network are part of the Agari Secure Email Cloud, a next-generation email security solution that detects, defends against and deters phishing and identity deception attacks.