From Secure Email Gateway to Secure Email Cloud

Editor’s Note: This blog was originally found on the Agari Email Security Blog.

by Patrick Peterson

The secure email gateway (SEG) worked for decades, no doubt. It was truly the first line of defense against email-based threats that took advantage of people and technology to enable fraud. Those of us who have dedicated our lives to improving this industry are grateful for the work of companies like Symantec and Proofpoint, which have spent years protecting people and organizations from viruses and malware spread through malicious links and attachments.

Those solutions, though, no longer work against the new identity-based threats that dominate the email threat ecosystem today. Email and the threats against it are changing faster than ever before. To keep up, email security must do the same.

The Shift to Identity Impersonation

Attackers exploit security gaps in the underlying email protocols or the user interface constraints of email clients. As a result, they are able to send email messages that leverage the identity markers of trusted people and use deception techniques informed by social engineering to manipulate recipients into taking the desired action. These messages hide in plain sight, easily bypassing legacy security systems undetected, and use personal and professional context to defraud businesses and individuals.

Criminals scour websites like LinkedIn to determine relationships between people to make an email appear believable. The last barrier they encounter is figuring out ways to bypass the email security defenses, to score big. After all, once the email has been delivered, they can easily prey on human emotions to trick the recipient into wiring money or divulging sensitive information. As a result, email security protocols must be hardened to this type of attack.

The Shift to Cloud-Based Email

Designed to assess incoming emails by analyzing content and infrastructure reputation, these platform-native controls are proving essential to ferreting out spam, malicious URLs and malware, certain keywords, or a high volume of attacks from a single IP address. That said, they lack when it comes to protecting against the advanced email threats that use identity deception techniques. Clearly, a better solution — one designed for the cloud — is needed.

The Rise of the Next-Generation Secure Email Cloud

Enter the Agari Secure Email Cloud. Through the power of predictive AI and advanced machine learning, the Agari Secure Email Cloud fundamentally transforms email security from event-based inspection of incoming messages on receipt to continuous detection and response for new and latent threats in all inboxes. In actual deployments, this unique technology approach, combined with real-time cloud delivery, performs with 99.9% efficacy in detecting rapidly evolving advanced attacks — including those that are highly-personalized and from time-to-time use custom variants of malware, viruses, Trojans, and worms.

In a similar fashion to commercial-grade AI solutions in other industries, the high-performance Agari Identity Graph at the center of Agari Secure Email Cloud maps trust and authenticity of relationships and behavioral patterns between individuals, brands, businesses, services, and domains using hundreds of characteristics that define trusted communications.

The novelty in this approach is that the Agari solution functions in near the exact opposite fashion as legacy systems designed to detect known signatures of malicious email or that operate using static lists of trusted senders or domains. Unlike these static legacy approaches, the Agari Identity Graph dynamically models and scores good email and sending behavior to the level of around 300 million model updates each day.

A combination of a human-labeled big data, semi-automated learning algorithms, and real-time cloud-based delivery makes the Agari Secure Email Cloud smarter and more reliable with each email analyzed. This dynamic approach to email security outsmarts fraudsters even as they change behavior — moving from domain to domain, jettisoning blocked accounts, reformulating email messages, switching out display name strategies, recompiling malware, and more.

It is also an approach that can’t readily be faked or spoofed because a fraudster typically doesn’t have a trusted pattern of communications with those they are intent on attacking. Even in scenarios where accounts have been compromised, behavioral anomalies can be detected. And once organizations adopt the Agari solution, there are simply easier targets in organizations that use less-effective alternatives. By using the Agari Secure Email Cloud to become a hardened target, attackers tend to turn their attention toward easier prey.

Learn more about the changing email security landscape and how Agari is prepared to protect against new threats in our exclusive white paper.

Agari is the Trusted Email Identity Company™, protecting companies and people from phishing and socially-engineered email attacks.

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store