Blog

Email

Unusual but benign: How Antigena Email deals with unthreatening emails from a new contact

Unusual but benign: How Antigena Email deals with unthreatening emails from a new contactDefault blog imageDefault blog image
20
Jul 2020
20
Jul 2020

Antigena Email uniquely understands employees’ patterns of life, including how they behave and communicate, in order to identify anomalous behavior that it deems threatening and neutralize malicious emails in real time. This self-learning approach has enabled the technology to stop advanced attacks that other tools missed, including a Siemens impersonation attack, a QuickBooks scam, and a fraudulent Chase fraud alert.

But how does an AI-powered approach handle the case of the ‘unusual but benign’: an email from a new contact which is highly unusual, but non-threatening?

This blog follows an employee at a marketing agency that had deployed Darktrace across its entire digital estate. The employee, Roberta, had recently organized a virtual event, and was looking to send a thank you gift to the speakers who participated. She found Patch, a leading online supplier of plants perfect for the ‘clueless urban gardener’ that Roberta felt would be a good choice.

Figure 1: The webpage of Patch, a new supplier to the organization

After visiting the website and choosing the perfect gift, Roberta signed up for the Patch newsletter with her corporate email; this was a business expense after all.

A common source of frustration often arises when a team or an employee is trying to do new things, but are stopped by security policies that pre-define what they are allowed to do or who they can contact. Some email security vendors take the approach that only known correspondents or pre-approved domains can send emails to employees’ corporate emails. This principle, while effective at keeping out many spam and spoofing emails, will also block unusual but legitimate, and potentially important, emails from making their way into the inbox, leading to frustration.

Planting the seed

Thankfully for Roberta, Darktrace’s AI contextualizes email anomalies with an understanding of the user that looks beyond the inbox and draws insights from across employees’ digital footprint. A holistic understanding of both email and network traffic enabled the AI to recognize that Roberta had visited the Patchplants.com website and signed up for the newsletter. This prior event contextualized the subsequent email and allowed Darktrace to recognize that despite being anomalous and new, this email was legitimate and no action was necessary.

Figure 2: Darktrace’s Email Dashboard surfaces a high rarity score of 99

No other employee at the company had ever received mail from this domain, with Antigena Email giving the email a rarity score of 99. However, the brief interaction with the website helped the AI decide that even though this was a highly unusual domain, it was not a threat, and the email was promptly delivered.

Figure 3: The newsletter welcome email

The good, the bad and the ugly

This example demonstrates the importance of a security stack that can discern when unusual activity or an anomalous email is acceptable, and the value of user context and insights gathered across the digital ecosystem. New business often relies on new interactions that are difficult to write into security and policy rules, and so understanding the ‘unusual but benign’ is key so that businesses, like plants, can grow and thrive.

Darktrace’s AI can make these critical determinations based on its evolving understanding of the user and the business as a whole, stopping malicious emails and only the malicious emails.


Like this and want more?

Receive the latest blog in your inbox
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.
INSIDE THE SOC
Darktrace cyber analysts are world-class experts in threat intelligence, threat hunting and incident response, and provide 24/7 SOC support to thousands of Darktrace customers around the globe. Inside the SOC is exclusively authored by these experts, providing analysis of cyber incidents and threat trends, based on real-world experience in the field.
AUTHOR
ABOUT ThE AUTHOR
Mariana Pereira
Director of Email Security Products

Mariana is the Director of Email Security Products at Darktrace, with a primary focus on the capabilities of AI cyber defenses against email-borne attacks. Mariana works closely with the development, analyst, and marketing teams to advise technical and non-technical audiences on how best to augment cyber resilience within the email domain, and how to implement AI technology as a means of defense. She speaks regularly at international events, with a specialism in presenting on sophisticated, AI-powered email attacks. She holds an MBA from the University of Chicago, and speaks several languages including French, Italian, and Portuguese.

USE CASES
No items found.
PRODUCT SPOTLIGHT
No items found.
COre coverage
No items found.
This Article
Unusual but benign: How Antigena Email deals with unthreatening emails from a new contact
Share
Twitter logoLinkedIn logo

Related Articles

No items found.

Good news for your business.
Bad news for the bad guys.

Start your free trial

Start your free trial

Flexible delivery
You can either install it virtually or with hardware.
Fast install
Just 1 hour to set up – and even less for an email security trial.
Choose your journey
Try out Self-Learning AI wherever you most need it — including cloud, network or email.
No commitment
Full access to the Darktrace Threat Visualizer and three bespoke Threat Reports, with no obligation to purchase.
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.

Get a demo

Flexible delivery
You can either install it virtually or with hardware.
Fast install
Just 1 hour to set up – and even less for an email security trial.
Choose your journey
Try out Self-Learning AI wherever you most need it — including cloud, network or email.
No commitment
Full access to the Darktrace Threat Visualizer and three bespoke Threat Reports, with no obligation to purchase.
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.