Darktrace/Email use cases
A favorite target
Phishing
Phishing attacks - which lure users into giving away their credentials - are getting more sophisticated as attackers adopt automation tools to launch targeted attacks at scale.
Darktrace/Email spots the subtle signs of a sophisticated email threat and takes action to neutralize it.
Account Takeover
A threat actor can get hold of your employees' credentials through a phishing attack, a data leak, or by purchasing them on the Dark Web.
Once inside an account, they have access to everything that user has access to, and can use the trusted contact as a springboard to launch a further assault.
Because it learns how each of your users normally behave, Darktrace can piece together multiple signs of an account takeover and put an end to the compromise.
Supply Chain Attack/Vendor Email Compromise
Email is the number one way companies communicate with one another, and a compromised partner or supplier poses a serious risk.
Attackers will hijack trusted domains in order to bypass security rules and policies. By analysing on an account by account, email by email basis, rather than relying on domain reputation, Darktrace/Email can effectively mitigate supply chain email risk.
Data Loss
Darktrace/Email has complete visibility over inbound and outbound mail flow.
It gives you oversight of potential data loss incidents that may result from account takeover or insider threat, and highlights users who are displaying unusual behavior through multiple data loss incidents.
When to RESPOND?: Large-Scale Data Exfiltration
Data exfiltration in Latin America
CEO Fraud
CEO fraud occurs when an attacker uses the authority of a CEO to solicit sensitive information or a fraudulent wire transfer.
Darktrace/Email looks specifically for spoofing attempts in which emails are sent from lookalike email addresses, and recognizes attempts at solicitation from the language in the body of an email. It then blocks the threatening component of an email or holds it back entirely.
Invoice Fraud
Invoice fraud may involve a threat actor impersonating a supplier and informing your company that their payment details have changed.
Darktrace/Email recognizes spoof attempts and detects attempts at invoice fraud through language in the body of the email, and takes action to ensure the attack does not succeed.
Extortion
An attacker may claim to have compromising information or material in order to extort crypto-currency payments from employees.
These are usually empty threats, but that doesn't stop them from succeeding. Darktrace/Email recognizes attempts at extortion from the language in the body of the email, and holds the email back from delivery.
Ransomware & Malware
Email serves as the most direct route for attackers to drop malware into an organization. Whilst in theory, email gateways and malware scanners should stop these attacks, in practice these tools are trained to spot known threats, and attackers are constantly innovating.
Darktrace/Email stops malware and ransomware at the first hurdle by recognizing subtle signs of unusual activity that points to this kind of attack. It then takes action to remove just the threatening component of the email.
Impersonation & Spoofing
An attacker might try and impersonate your CEO, your accounts team, or your HR department, in order to extract valuable information or solicit a fraudulent payment.
Darktrace/Email recognizes visually similar email addresses to those in your organization, and spots patterns in the body of an email consistent with solicitation. It takes action to hold these spoofing attempts back from the inbox.
Social Engineering
Social engineering involves psychologically manipulating a recipient to take an action they otherwise would not, often through invoking emotions such as Fear, Uncertainty, or Doubt (FUD).
Darktrace/Email recognizes patterns in the communication which indicate social engineering for malicious purposes, and holds the email back.