Phishing Defense™
W E L C O M E T O
Let's Begin
Let's Begin
Executive Summary
Insider Impersonation
Compromised Accounts
Brand Display Name Imposters
Real Time Dashboard
Welcome
These highlights are for illustration only — they don't appear in the actual product.
Start Your Proof of Value Now
Continue
Continue
Agari Phishing Defense™
Welcome to
This self-service demonstration will help you understand how predictive data science powered by the Agari Identity Graph™ protects organizations against phishing and BEC attacks that bypass traditional security controls. Click the blue circles to move through the guided tour.
Search Messages
Continuous Detection & Response
Learn More
Alternative investigative views for SOC analysts.
This axis shows the Authenticity Score, which ranges from 0.0 to 1.0, indicating if the message was actually sent from the purported sending domain.
Display email attack footprint in the various time frames.
Display attacks and cost savings.
Tailors dashboard view to specific domain name.
Number of messages analyzed in the selected time frame.
Messages determined to be spam or graymail.
Example: Trusted Message
Example: Domain Spoof
Real Time Dashboard
Number of messages analyzed in the selected timeframe.
Compromised Accounts
Insider Impersonation
Executive Summary
The left hand side of the dashboard displays common attack types and the number of times they have occurred during the time period selected (see upper right corner). For example, Individual Display Name Impostors are threats that spoof another individual, usually an executive. BEC attacks spoofing a CEO or CFO are examples. Let’s take a deeper look at two attack types; First, Brand Display Name Impostors and then Compromised Accounts.
Example: Individual Display Name Imposter
Example: Look-Alike Domain
Evaluate and maintain message policies.
The Real Time dashboard shows at a glance all messages analyzed and threats detected. Messages are organized on two axes by Authenticity and Trust. We call this “modeling the good”. Modeling the good identifies valid business email, the large green bubbles in the upper right hand quadrant. These are messages whose characteristics align well with historical relationships and behaviors. In contrast, messages in other quadrants scored lower because either the true sender or relationship with the recipient is questionable. Hover over each field for descriptions, then continue to move on.
This axis shows the Domain Reputation Score, which ranges from zero to 10 and indicates trustworthiness.
Enables selection of desired time frame.
Display threat and attack trends.
Messages include malicious URLs.
Continuous Detection and Response correlates indicators to automatically discover and remove advanced email threats.
Messages attempting to impersonate well-known brands.
Number of sending domains for all messages in selected time frame.
Untrusted messages not delivered.
Messages attempting to impersonate an organization's domain.
Continuous Detection & Response
Search Messages
Brand Display Name Imposters
Welcome
Messages include Malware, Trojans, or viruses within the attachments.
Messages attempting to impersonate individual users.
Start Your Proof of Value Now
Messages from accounts that have been compromised.
Messages claiming to be from high reputation domains but are sourced from inauthentic sending sources.
Learn More
Messages attempting to impersonate individual users.
This axis shows the Authenticity Score, which ranges from 0.0 to 1.0, indicating if the message was actually sent from the purported sending domain.
Alternative investigative views for SOC analysts.
Evaluate and maintain message policies.
Display attacks and cost savings.
This axis shows the Domain Reputation Score, which ranges from zero to 10 and indicates trustworthiness.
Display email attack footprint in the various time frames.
Phishing attacks that spoof the Microsoft brand.
Number of messages analyzed in the selected time frame.
Continuous Detection and Response correlates indicators to automatically discover and remove advanced email threats.
Tailors dashboard view to specific domain name.
Real Time Dashboard
Compromised Accounts
Untrusted messages not delivered.
Insider Impersonation
Executive Summary
Messages from accounts that have been compromised.
Messages claiming to be from high reputation domains but are sourced from inauthentic sending sources.
Brand Display Name Impostors impersonate well known brands like Microsoft, Amazon and Google. They utilize social engineering techniques like web scraping, mimicking the actual websites to fool people into interacting with the message. Credential phishing attacks are a good example. Agari Phishing Defense™ mitigates the risk associated with brand attacks.
Display threat and attack trends.
Number of messages analyzed in the selected timeframe.
Number of sending domains for all messages in selected time frame.
Enables selection of desired time frame.
Messages determined to be spam or graymail.
Messages include malicious URLs.
Start Your Proof of Value Now
Messages include Malware, Trojans, or viruses within the attachments.
Welcome
Messages attempting to impersonate well-known brands.
Brand Display Name Imposters
Messages attempting to impersonate an organization's domain.
Search Messages
Continuous Detection & Response
Learn More
Allows on-demand remediation to remove a malicious message from a user's inbox.
According to Agari Identity Graph™, microsoft43@gmail is not expected to send email for Microsoft. Hover over the message elements for specific explanations of each.
Real Time Dashboard
Evaluate and maintain message policies.
Compromised Accounts
Insider Impersonation
Executive Summary
Trust Score takes into account the Domain Reputation score, the Authenticity score of the message, and per-message features.
Defines message directionality; Inbound, Outbound, Internal.
Select the Enforcement state i.e. Enforced - Moved, Enforced - Deleted.
Define the hostname that sent the message.
Internet Protocol address that sourced the message.
Define the domain that sent the message.
Select one or more attack types from Agari Attack Taxonomy classification.
Search for a specific Message ID.
Define the Domain Reputation score range.
Reply-To header value.
Define start and end dates for the search.
Search for various attachment scenarios including; attachment name, attachment extension and attachment hash value.
Select the Sender Based Reputation Score (Cisco Talos IP reputation).
Match the Domains Tags as defined. Examples: internal, service, partner.
This table shows all messagesmatching search filters set above.
Alternative investigative views for SOC analysts.
Value of the From Header.
Recipient of the email.
Indication of the suspected Attack Type(s).
Topic of the email.
Start Your Proof of Value Now
Sender of the email.
Welcome
Brand Display Name Imposters
Search Messages
Authenticity Score takes into account DMARC pass and authentication values.
Continuous Detection & Response
Match the selected Agari Policy.
Learn More
Number of messages analyzed in the selected timeframe.
Enables selection of desired time frame.
Display threat and attack trends.
Messages determined to be spam or graymail.
Messages include malicious URLs.
Messages attempting to impersonate well-known brands.
Messages attempting to impersonate an organization's domain.
Messages include Malware, Trojans, or viruses within the attachments.
Messages attempting to impersonate individual users.
Messages from accounts that have been compromised.
Messages claiming to be from high reputation domains but are sourced from inauthentic sending sources.
Continuous Detection and Response correlates indicators to automatically discover and remove advanced email threats.
Untrusted messages not delivered.
Real Time Dashboard
Example: Domain Spoof
Compromised Accounts
Example: Individual Display Name Imposter
Insider Impersonation
Example: Trusted Message
Executive Summary
Number of sending domains for all messages in selected time frame.
Example: Look-Alike Domain
Number of messages analyzed in the selected time frame.
Display email attack footprint in the various time frames.
This axis shows the Domain Reputation Score, which ranges from zero to 10 and indicates trustworthiness.
Display attacks and cost savings.
This axis shows the Authenticity Score, which ranges from 0.0 to 1.0, indicating if the message was actually sent from the purported sending domain.
Alternative investigative views for SOC analysts.
Evaluate and maintain message policies.
Start Your Proof of Value Now
Welcome
Brand Display Name Imposters
A Compromised Account is a valid email account taken over by a threat actor. These attacks are also referred to as account takeover, they hold potential for outsized negative financial impact. Agari Phishing Defense™ detects messages sent from a compromised account into your organization.
Search Messages
Continuous Detection & Response
Tailors dashboard view to specific domain name.
Learn More
Messages attempting to impersonate individual users.
Number of messages analyzed in the selected timeframe.
Display threat and attack trends.
Enables selection of desired time frame.
Messages claiming to be from high reputation domains but are sourced from inauthentic sending sources.
Continuous Detection and Response correlates indicators to automatically discover and remove advanced email threats.
Number of sending domains for all messages in selected time frame.
Messages include malicious URLs.
Messages attempting to impersonate well-known brands.
Messages determined to be spam or graymail.
Real Time Dashboard
Compromised Accounts
Messages attempting to impersonate an organization's domain.
Insider Impersonation
Messages include Malware, Trojans, or viruses within the attachments.
Executive Summary
Messages from accounts that have been compromised.
Number of messages analyzed in the selected time frame.
This axis shows the Domain Reputation Score, which ranges from zero to 10 and indicates trustworthiness.
Evaluate and maintain message policies.
This axis shows the Authenticity Score, which ranges from 0.0 to 1.0, indicating if the message was actually sent from the purported sending domain.
Alternative investigative views for SOC analysts.
Display email attack footprint in the various time frames.
Display attacks and cost savings.
Untrusted messages not delivered.
Tailors dashboard view to specific domain name.
Start Your Proof of Value Now
Welcome
Brand Display Name Imposters
Messages from suspected Compromised Accounts sent from 555nok.com.
Search Messages
Continuous Detection & Response
Learn More
Select one or more attack types from Agari Attack Taxonomy classification.
Defines message directionality; Inbound, Outbound, Internal.
Define the hostname that sent the message.
Internet Protocol address that sourced the message.
Define the domain that sent the message.
This table shows all messagesmatching search filters set above.
Define the Domain Reputation score range.
Alternative investigative views for SOC analysts.
Reply-To header value.
Search for various attachment scenarios including; attachment name, attachment extension and attachment hash value.
Select the Sender Based Reputation Score (Cisco Talos IP reputation).
Match the Domains Tags as defined. Examples: internal, service, partner.
This message exhibited characteristics of email account takeover. Agari Phishing Defense™ identified and removed it from the users Inbox.
Select the Enforcement state i.e. Enforced - Moved, Enforced - Deleted.
Real Time Dashboard
Executive Summary
Compromised Accounts
Topic of the email.
Sender of the email.
Trust Score takes into account the Domain Reputation score, the Authenticity score of the message, and per-message features.
Insider Impersonation
Recipient of the email.
Indication of the suspected Attack Type(s).
Authenticity Score takes into account DMARC pass and authentication values.
Value of the From Header.
Match the selected Agari Policy.
Define start and end dates for the search.
Search for a specific Message ID.
Evaluate and maintain message policies.
Allows on-demand remediation to remove a malicious message from a user's inbox.
Results are returned via the Search Messages page.
Welcome
Start Your Proof of Value Now
Continuous Detection & Response
Brand Display Name Imposters
Search Messages
Learn More
Allows on-demand remediation to remove a malicious message from a user's inbox.
Match the selected Agari Policy.
Select the Sender Based Reputation Score (Cisco Talos IP reputation).
Define start and end dates for the search.
Trust Score takes into account the Domain Reputation score, the Authenticity score of the message, and per-message features.
Topic of the email.
Define the hostname that sent the message.
Define the domain that sent the message.
Internet Protocol address that sourced the message.
Search for various attachment scenarios including; attachment name, attachment extension and attachment hash value.
Alternative investigative views for SOC analysts.
Reply-To header value.
Evaluate and maintain message policies.
Real Time Dashboard
Compromised Accounts
Search for a specific Message ID.
Insider Impersonation
Defines message directionality; Inbound, Outbound, Internal.
Executive Summary
This table shows all messagesmatching search filters set above.
Recipient of the email.
Define the Domain Reputation score range.
Select the Enforcement state i.e. Enforced - Moved, Enforced - Deleted.
Match the Domains Tags as defined. Examples: internal, service, partner.
Authenticity Score takes into account DMARC pass and authentication values.
Search Messages provides a powerful way to locate threats via a multivariable search. This enables security teams to quickly identify threats and take the required action.
Start Your Proof of Value Now
Welcome
Brand Display Name Imposters
Sender of the email.
Search Messages
Continuous Detection & Response
Select one or more attack types from Agari Attack Taxonomy classification.
Learn More
Define start and end dates for the search.
Topic of the email.
Real Time Dashboard
Compromised Accounts
Insider Impersonation
Executive Summary
Three (3) messages are identified meeting the detailed criteria. Let’s take a look at one specific message.
Defines message directionality; Inbound, Outbound, Internal.
Alternative investigative views for SOC analysts.
Evaluate and maintain message policies.
Start Your Proof of Value Now
Select one or more attack types from Agari Attack Taxonomy classification.
Sender of the email.
Message subject.
Welcome
A security analyst looks to locate a potential phishing messages during a defined time period. The From and Subject fields contain specific characters.
Value of the From Header.
Brand Display Name Imposters
Indication of the suspected Attack Type(s).
Search Messages
Continuous Detection & Response
The phish was sent to aarmstrong@sashimibank.com spoofing the Mastercard domain with a look-alike Domain - masterdcard.com. Masterdcard.com is an impostor of mastercard.com. Multiple policies matched this message and resolved this threat.
Learn More
Date of the message.
Alternative investigative views for SOC analysts.
Executive Summary
Insider Impersonation
Compromised Accounts
Real Time Dashboard
Evaluate and maintain message policies.
Manage risk and financial impact associated with internal threats by preventing internally compromised accounts from attacking other employees. Agari’s Insider Impersonation Protection alerts and blocks lateral expansion attempts.
Match the selected Agari Policy.
A malicious URL is identified in the internal message. This message was removed from the recipient's inbox.
Indication of the suspected Attack Type(s).
Start Your Proof of Value Now
Welcome
Brand Display Name Imposters
Search Messages
Continuous Detection & Response
Learn More
Executive Summary
Insider Impersonation
Compromised Accounts
Agari Phishing Defense™ excels at automated identification and blocking of identity based attacks such as Business Email Compromises (BEC). Continuous Detection and Response technology continuously analyzes all inboxes looking for latent, previously unidentified malicious messages.
Evaluate and maintain message policies.
Alternative investigative views for SOC analysts.
Start Your Proof of Value Now
Welcome
Real Time Dashboard
Brand Display Name Imposters
Search Messages
Continuous Detection & Response
Learn More
Executive Summary
Insider Impersonation
Compromised Accounts
Real Time Dashboard
Welcome
Start Your Proof of Value Now
Alternative investigative views for SOC analysts.
Evaluate and maintain message policies.
The Agari BEC feed contains expert-verified, newly reported indicators of compromise confirmed by the Agari Cyber Intelligence Division.
Brand Display Name Imposters
Search Messages
Continuous Detection & Response
Learn More
Executive Summary
Insider Impersonation
Compromised Accounts
Confirmed latent BEC attacks that can be automatically removed minimizing exposure and risk.
Evaluate and maintain message policies.
Alternative investigative views for SOC analysts.
Start Your Proof of Value Now
Welcome
Real Time Dashboard
Brand Display Name Imposters
Search Messages
Continuous Detection & Response
Learn More
ROI calculations derived from data analysis by Forrester, Gartner, Verizon, Ponemon Institute, and the FBI. Breach cost variables can be customized to meet your organization’s requirements.
Understand savings in overhead compliance fines. Tailorable to unique buisness requirements.
Organizations invest-in and deploy security controls to protect employees and the organization. Agari Phishing Defense™ provides visibility into the value being delivered, including: What risks have been mitigated over the defined time period? What’s the return on investment? How does my organization compare to our peers?
Understand the attacks that evaded legacy emails ecurity controls.
Display threat and attack trends.
Display attacks and cost savings.
Real Time Dashboard
Compromised Accounts
Insider Impersonation
Executive Summary
Visibility into the identity-based threats your business faces.
Text needed
Enables selection of desired time frame.
Display email attack footprint in the various time frames.
Alternative investigative views for SOC analysts.
Evaluate and maintain message policies.
Welcome
Start Your Proof of Value Now
Brand Display Name Imposters
Search Messages
Continuous Detection & Response
Learn More
Evaluate and maintain message policies.
Executive Summary
Insider Impersonation
Compromised Accounts
Real Time Dashboard
Convenient benchmarking against similar organizations based on religion, industry and size.
Text needed
Enables selection of desired time frame.
Display email attack footprint in the various time frames.
Alternative investigative views for SOC analysts.
Display attacks and cost savings.
Display threat and attack trends.
Peer comparison by vertical and geography delivers insight to the threat risk and exposure facing the organization.
Start Your Proof of Value Now
Welcome
Brand Display Name Imposters
Search Messages
Continuous Detection & Response
Learn More
The Email Fraud and Identity Deception Trends report is released quarterly based on analysis of approximately 500B emails globally.
Thank you for investing time to review Agari Phishing Defense™, the market-leading phishing defense solution. We’ve just scratched the surface. Agari Phishing Defense closes the gap and stops identity based email attacks that slip past the secure email gateway.
Phishing Defense™
Register Now
Register Now
Start Over
Start Over
Want to learn more? Get a Proof of Value today!
Get the Report >
Exaggerated Lion is one of the most prolific BEC groups ever discovered, targeting more than 3,000 employees at nearly 2,100 companies throughout the US.
Get the Threat Actor Dossier >
