Email Security Blog

Identity is the New Perimeter. Do You Trust It?

Armen Najarian June 21, 2018 Brand Protection, Online Brand Protection

The announcement that Agari has secured a $40 million growth capital round is all about trust. Our investors, led by Goldman Sachs, trust that Agari has established itself as the clear leader at preventing identity deception attacks. As a CMO, I understand that nothing is more vital to a company’s brand than the trust we place in it, yet identity deception makes it trivial for impersonation attacks to erode that trust.

The traditional (and now decades old) security model was to build a network perimeter with a corporate firewall, intrusion detection/prevention systems, and many layers of “defense-in-depth.” But with the rise of cloud computing, mobile apps, a distributed workforce, and bring-your-own-device, that ship has long since sailed.

Today the network perimeter extends to every user and every possible location – and email remains the killer app. Just think about how often you check your email: as soon as you wake up, before you go to sleep, every time you need to reset a password, and so on and so forth. Email truly represents the key to the kingdom – and an email compromise could compromise your very identity. Agari customers trust that we will keep this deeply personal channel secure for them.

Unfortunately, humans are a much softer target for cybercriminals than a firewall. Attackers can trick humans to work against their own best interests with social engineering, with a dash of trust and a sprinkle of context. And the barrier to entry is low: it’s trivial for a cybercriminal to set up a free webmail account and send an email impersonating a trusted contact to phish credentials, install malware or even wire money.

Unfortunately, email is even older than the decades old and now defunct network security model designed to protect the enterprise. And despite more recent efforts to authenticate email, the vast majority remains vulnerable to spoofing. As long as criminals are capable of impersonating anyone else on the internet, our identity is not safe.

Identity Perimeter

Email is complex and messy, so it is unlikely we could ever truly “solve” all of its security gaps, which is why secure email gateways are failing to prevent identity deception. Today, the primary email security model is to allow messages by default unless you detect something malicious like malware, but cybercriminals have adapted by no longer sending malware.

The newest attack trends include business email compromise, which spoofs invoices to finance teams, at the cost of billions of dollars per year. Even more pernicious, account takeover attacks leverage compromised email accounts as a foothold to launch further and more damaging attacks, such as man-in-the-middle escrow schemes.

At Agari, we stop business email compromise and account takeover by modeling trusted email behavior and the trusted relationships you have with other senders at the individual, group and organizational levels. By understanding the trusted relationships and authentic identity of email senders – “modeling the good” as we describe it — we can ensure that only trusted email is entering employee inboxes.

On the other side of the coin, as I mentioned, is the importance of trust for brands. It is elementary for cybercriminals to spoof and impersonate that largest brands in the world, so it is likewise imperative to take steps to prevent it. After all, if you have taken the steps to protect yourself, it makes sense to take the time to protect your good name, in order to prevent it from being used in email fraud.

Email is powerful because it is a ubiquitous communication channel, but if our brand is used to launch phishing attacks, the trust our customers place in our brand is undermined. A great brand reputation across all communication channels is critically important to me as a marketer because the efficacy of email marketing is linked to the credibility of my brand.

When users get phishing emails claiming to be from my brand it erodes their trust and undermines my business. Consequently, when organizations eliminate phishing emails, they obtain higher email click through rates, reduce customer support costs and achieve cybersecurity cost reduction.

One such initiative to eliminate phishing emails is DMARC, which authenticates the sender of an email to prevent domain name spoofing. Agari has been a champion of DMARC for many years, having worked closely in the creation of the standard, and boasting the most DMARC deployments of any vendor.

As organizations embrace digital transformation, it is clear that decades old security models will no longer protect them. And as identity emerges as the key to authentication and authorization it is clear that preventing identity deception is of the utmost importance. Today, with a $40M Series E investment led by Goldman Sachs, Agari emerges as the clear leader, the only cloud delivered predictive AI solution to prevent advanced email attacks that leverage identity deception. We are encouraged by the trust our investors have placed in Agari, as we continue to build models of trust into Agari Identity Intelligence to deliver the greatest value to our customers and partners.

Agari Blog Image

May 12, 2020 Chuck Holland

Hosted DMARC: Accelerating Protection Against Email-based Brand Jacking Scams

The coronavirus pandemic is shining a spotlight on the importance of hosted Domain-based Message Authentication,…

Agari Blog Image

April 16, 2020 John Wilson

Romance Scams and Business Email Compromise in the Time of Coronavirus

As cybercrime gangs exploit COVID-19 to target the lonely, victims (and their banks) could get…

Agari Blog Image

April 7, 2020 Michael Paiko

As More Phishing Attacks Evade Detection, Increased Automation and Visibility Are Key

With a growing number of phishing attacks successfully eluding email security controls, losses for businesses…

Agari Blog Image

July 24, 2019 Armen Najarian

BIMI Moves Forward as Google Commits to Pilot Program

BIMI is going big time like never before—and brands won't want to get left behind.…

Agari Blog Image

April 24, 2019 Armen Najarian

Brand Impersonation Attacks on Law Firms Harm Clients and Cost Millions

Imagine this scenario: you call your high-profile client on your way into the office to…

mobile image