Machine learning cybersecurity firm Darktrace PLC today announced a new early warning system for its Antigena Email product.

The new feature allows members of the Darktrace community to contribute and benefit from insights gleaned from across the fleet. The capability includes the extension of anonymized, learned domain behavioral profiles across Darktrace’s expansive and diverse group of global customers.

Darktrace argues that 94% of cyberattacks begin in the inbox. Since email is a primary workplace collaboration tool and attacks become increasingly novel and sophisticated, Darktrace claims that email security technologies that rely on behavior rather than threat intelligence become more imperative.

The company’s self-learning artificial intelligence observes emails to build bespoke behavioral profiles for each customer. It leverages these behavioral profiles, rather than a ledger of binary good or bad, to determine more accurately whether each email belongs in a recipient’s inbox. Antigena Email analyzes domains within email addresses and links in email bodies and attachments to evaluate their popularity and presence in the inbox.

With the new feature, when Antigena detects unusual domain behavior in a customer environment, a supplementary interpretation can be made by comparison with a fleetwide version of the behavioral profiles. The functionality increase suspicion of a potential account compromise when a fleetwide popular domain suddenly strays from its usual behavioral patterns – even in a trusted supplier or vendor.

Darktrace said the new feature recently allowed it to stop a phishing campaign sent from a compromised government account in South America that was soliciting fake philanthropic donations. Although the domain was legitimate, the attacker had inserted their own “reply-to” address into the email headers. The address had zero domain precedent locally or globally, and in combination with other indicators, led Antigena Email to flag this email as suspicious.

“Darktrace stops all kinds of cyberattacks against organizations in every sector in over 110 countries globally,” Jack Stockdale, Darktrace’s chief technology officer, said in a statement. “That represents a huge bank of knowledge about how malicious payloads behave in the very earliest stage of a cyberattack.”

Darktrace has been on a strong run since it went public in April 2021. The company acquired Cybersprint B.V. for $53.7 million in February and as of its last earnings report said that it was seeing growing demand for its services.

Photo: London Stock Exchange/Twitter