DMARC

A New Approach To Email Security Is Needed to Combat Advanced Email Threats

Expert Insights interviews Armen Najarian, CMO and Chief Identity Officer at Agari

Armen Najarian - Agari Interview

Agari is an email protection platform designed to remediate against sophisticated email attacks. It offers protection against phishing, business email compromise and identity deception, built on their advanced AI platform.

Modern cybercriminals have developed sophisticated techniques to avoid email security technologies like secure email gateways. To combat these threats, security teams are utilizing new technologies like Agari’s, that provide predictive security tools that can detect and remediate against advanced email attacks.

Expert Insights spoke with Armen Najarian, the Chief Identity Officer at Agari, to find out more about the Agari platform, how it protects businesses from sophisticated email attacks, and Agari’s unique perspective on the email threat landscape.

“A Fundamentally Different Approach to Email Security”

Najarian says that from the beginning, Agari has taken a fundamentally different approach to email security. Founder Patrick Peterson launched Agari in 2009 with the mission of helping organizations to solve the problem of email domain fraud.

Peterson played a prominent role in authoring the DMARC standard for email, which allows organizations to validate emails being sent from their domain, helping to prevent the problem of domain spoofing. Agari developed a “best-in-class” DMARC solution, says Najarian, which became very successful in helping large organizations around the world to protect their customers against email scams and phishing.

Recently, Agari has also moved into inbound email protection, launching two new products, Agari Phishing Defense, and Agari Phishing Response. Agari Phishing Defense protects organizations from sophisticated email attacks including phishing, business email compromise and other impersonation attacks. Agari Phishing Response handles phishing remediation, triaging of phishing attacks reported by employees and provides security teams with a way to manage workflows and drive phishing intelligence into their defense processes.

Earlier this year, Agari also launched Agari Active Defense, in which Agari interacts directly with threat actors on behalf of customers. From this Najarian says they gain “tremendous insights” into the motivations and methods threat actors are using, which can help customers build better insights and protect themselves from cyber-attacks.

Vendor Email Compromise and The Email Threat Landscape

Email threats remain the number one challenge facing organizations today, with sophisticated attacks like phishing and domain spoofing costing organizations billions every year. These attacks are growing on both sides of the email chain, with both outbound and inbound email threats creating a significant problem for organizations around the world.

On the outbound side, despite advances in awareness around DMARC and authenticating email, “there are a number of domains that are not at full enforcement,” Najarian says. This means that despite having some security controls in place, domain spoofing, credential theft and financial loss will remain a significant problem for organizations and their customers. This is one of the major problems that Agari is solving today, he says.

When it comes to inbound email threats, Najarian says that spear-phishing and business email compromise are becoming the number one attacks that every organization is facing. These inbound attacks are constantly evolving and becoming more sophisticated. New attacks are always emerging as cyber-criminals look for more lucrative scams that can bypass email security technologies.

An example of these threats Agari has recently is Vendor Email Compromise. “This is where the supply chain is impersonated as a way to get to the deep pockets of our customers,” Najarian says. “These are more sophisticated BEC attacks where the impersonation is on behalf of a trading partner.” Sophisticated attacks like this are extremely harmful to businesses and are often the cause of financial loss.

Compounding the risk of domain spoofing and business email compromise is the fact that, in many large enterprises, security teams are becoming increasingly overwhelmed by the number of employees that are reporting everything that could be suspicious coming into the inbox. This is burying teams with messages that they have to attempt to triage and remediate. “This is becoming a big, big challenge for these resource starved security teams,” Najarian says. “So Agari have been bringing a lot of relief to SOC teams, providing automation to work through employee reported phishing attacks.”

Heightened Sophistication in Email Attacks, Accelerated by the COVID-19 Pandemic

The running theme throughout the modern email threat landscape is that attacks are becoming more sophisticated and more effective. Najarian says Agari has observed a “heightened sophistication in techniques and threat actors.” Agari has revealed in research the emergence of multiple large cyber-crime rings, which bring “even more sophistication to these crimes.”

These organized crime groups are creating very sophisticated, targeted attacks, Najarian says. They are researching targets in depth, and creating automated ways of sending very realistic sounding, “perfectly timed” identity impersonation messages that Najarian argues are impossible for legacy email technologies to detect.

Agari’s research has found these sophisticated attacks have been increasing during the COVID-19 pandemic. “Starting in mid-March we saw, not surprisingly, a tremendous increase in COVID related themes emerging from inbound attacks,” Najarian says.  More strategically though, threat actors have been more commonly using social engineering to exploit employees as organizations have moved to a remote workflow. Agari is seeing more and more compromises as a result of this shift to remote working, Najarian says.

Agari Vs. Traditional Email Security Solutions

In leading research firm Gartner’s most recent report on the email security market, they recommend that organizations take a multi-layered approach to email security. As new email threats emerge which slip through the gaps in traditional email security technologies, they recommend that organizations look to platforms like Agari to maintain a rounded security infrastructure.

Najarian agrees with Gartner’s recommendation, arguing that customers need more than just a secure email gateway to be protected from modern email threats. “We’re not a secure email gateway,” he says. “We’re not doing deep content analysis, or archiving, or DLP. That’s not where we play.”

Instead, Agari takes the approach of being the “next layer of threat defense,” he says. Agari’s protection is not based on inspecting the email content, but based on detecting identity deception, using scientific methods and artificial intelligence. This is where enterprises are seeing problems today, Najarian says, rather than in traditional content-based threat detection.

Agari’s threat detection flips the issue of detecting phishing attacks on its head, Najarian says, with a concept they call “Model the Good.” Agari realized that the vast majority of messages received by an organization will actually be legitimate, with only a small fraction being suspicious or malicious.

Rather than studying malicious emails, Agari’s systems instead analyses the safe emails being delivered to users within the organization. They cross-reference these emails across other organizations within the same industry to build a baseline of ‘safe emails.’ With this baseline established, Agari knows with a high degree of certainty which emails are suspicious, or clearly malicious.

“We flipped it,” Najarian says. “By studying what an authentic message looks like, so that we can, in the moment, in real-time, discern what doesn’t match the profile of an authentic message.”

The Future of The Email Threat Landscape

When looking towards the future of the email threat landscape, Najarian sees three distinct trends that he believes will dominate.

Firstly, he believes while email will remain the number one attack vector, other communication channels with grow and bring their own challenges. “We cannot ignore the rise of other digital channels,” he says. “Social apps like Slack and Microsoft Teams are all part of the ecosystem of digital messaging for the enterprise that needs to be protected in a similar way to email.”

Alongside the expansion of digital communication, further sophistication in email attacks will be another major trend, Najarian believes. There will be new threat actor groups, he says, competing to pull off smarter attacks involving more automation, to make more money with more efficiency.

Finally, Najarian argues that organizations moving to the cloud will also continue to present new email security challenges. “Every company will have a cloud office migration,” Najarian says, “But I do believe we are going to see hybrid environments in the enterprise for a lot of different reasons.” Najarian believes that because of this, security solutions will need to be “adaptable to all environments, all configurations and be efficient to get up and running.” He believes this architectural shift taking place will need to be addressed by all vendors to better protect their users.

Advice for Organizations Struggling with Email Security Threats

Najarian’s advice for organizations who are struggling with email security threats is to take the problem seriously. “Phishing is a problem that is only getting more pronounced, more sophisticated,” he says.

“So, my advice would be to take it seriously. There are efficient ways to get started and protect both your enterprise as well as your customers and consumers from these costly attacks. And there’s no reason not to get started today.”


Thanks to Armen Najarian for participating in this interview. You can find out more about Agari and their range of enterprise email security solutions here: https://www.agari.com/