Executive Summary
A Fortune 100 global technology company selected Agari to protect its executives from being impersonated and to curtail phishing attacks. Email security has the attention of the most senior-level executives because of the perception risks that occur when an attack is successful. By implementing Agari DMARC Protection and Fortra's Cloud Email Protection, they gained greater insight into its data. Not only is the company improving its ability to protect its brand from being used to trick consumers and from inbound phishing attacks, but also it is able to have detailed insight into what is happening.
The company first migrated to Microsoft 365 and then selected Agari to protect employees and provide the company with a powerful one-two, cloud-native punch without the requirements of a traditional secure email gateway.
Murky Waters in Email Security
Email security continues to become more complicated. According to the Anti-Phishing Working Group (APWG) in its Phishing Activity Trends Report for Q4 2022, there has been a consistent growth of 150% in phishing attacks per year since 2019. And this statistic consistently defines the current operating landscape for all companies, in every industry around the world.
These increasing threats ultimately became a motivating factor for the company to shore up its brand reputation by selecting and implementing advanced email security technology innovated by Agari. The reality is a cautionary tale for other companies and security professionals, demonstrating the blunt-force impact malicious actors can have on a business when gold-standard precautions are not taken.
When the CEO or business-level president is impersonated, customers learn not to trust the emails coming from our brand. “Email security has the attention of the CEO and the presidents of our various business units,” said the Global Service Manager (GSM) for Messaging. “That is because they are the ones most impacted by a cybersecurity incident. When an executive’s name and title are used through the email channel to deceive, it’s a perception issue. It causes people not to trust their emails and slows down getting business done, or worse, people act on the content in the email and cost the company money.”
"I am able to show how the efficacy is at its highest, when it is Microsoft 365 plus Agari, and with that equation there is no requirement to have a legacy hardware-based SEG which saves money."
Starting with DMARC to Protect Customers
Shortly after migrating to M365, the company began exploring security companies specializing in email authentication by leveraging the DMARC standard. With a nod from Gartner and a successful proof of value effort, they ultimately selected Agari as its trusted email security partner of choice. The company has a complex email infrastructure, as do most global companies.
The company attempted a DMARC implementation three years prior without success because the company just wasn’t ready, and the supplier did not understand DMARC and was ultimately unable to deliver what it promised. To prepare this time around, they onboarded Agari, a strategic move that has proven to be fruitful. “We now have the partner with the right tools, skill set, and knowledge to help with our global implementation. Plus we’re working with the company whose CEO invented DMARC,” the GSM for Messaging shared.
He went on to explain that the company, like most companies today, is widely exposed to cybersecurity threats from the external world. He continued, that those threats flow through the email channel and take the form of spoofing, phishing, and, of course, brand abuse and executive impersonation.
“Executive leadership raised the problem and wanted to see significant improvement in the fight to protect our domain from malicious email threats,” the GSM for Messaging said. The plan, as originally envisioned, was to focus on reducing brand abuse by implementing Agari DMARC Protection, a technology that would ensure the company’s domains implement a DMARC policy at p=reject to stop malicious emails from ending up in the inboxes of consumers. “As we dug in, though, we discovered that it needed to be more of an extended project. And so we implemented Fortra's Cloud Email Protection, too.” By using both products we are protecting customers from attacks using the company’s domain and protecting employees from business email compromise, executive spoofing, and other advanced attacks.
Eliminating Cyber Threats Across the Organization
The company tested and moved into full deployment of Agari DMARC Protection in March 2019, while adding Cloud Email Protection a few months later. The company is securing its entire cloud email ecosystem as the industry goes through significant changes. While they use a multi-layered approach for general security protocols, they also leverage an impactful one-two punch approach for email security. In other words, the organization does not have a secure email gateway, simply because it no longer needs one. The combination of M365 and Fortra's Email Security solutions has significantly reduced email threats being delivered to customers, employees, and partners and has reduced costs so that the company can deploy those funds in other parts of security operations.
Meaningful results have been recognized already. The GSM for Messaging, who manages a global team of more than 40 people, explained: “With the reduction of attacks, we have driven efficiencies throughout the company. Our employees and our SOC analysts are more productive because we have reduced the number of phishing attacks. They are spending less time addressing issues in the email security area.” Leveraging Cloud Email Protection on top of Exchange Online Protection has proven to be a best practice.
Furthermore, Agari DMARC Protection is enabling consistency within the company’s email channel. They have thousands of legacy senders with complicated configurations, and in total, own 365 domains, all of which they sought to get to p=reject. This effort took on even more importance because the company is in the midst of a rebranding effort. The company is aggressively repositioning its brand from the industrials category to the software category. This fundamental strategic shift meant that our email domains had to be protected. The GSM for Messaging stated, “LinkedIn has a DMARC record, and I’ve never seen a fake LinkedIn email. We needed to implement the same thing with our domains.”
"Agari provides us with the granularity of data that we couldn’t get elsewhere. Through its reporting, Agari is helping us understand what’s going on so that we know what a trusted sender [or source] looks like as well as DKIM, SPF, and other DMARC attributes."
Lessons Learned Through Data
By implementing Agari DMARC Protection and Cloud Email Protection, the company was able to have greater insight into its data. Not only is the company improving its ability to protect its brand from being used to trick consumers and from inbound phishing attacks, but also it is able to have detailed insight into what is happening. “The Agari tools gave us great information about inbound traffic,” the GSM for Messaging explained. “And that was the first time we were actually able to see and understand what was proactively attacking us. All the good and bad traffic is now visible to us.”
When asked what he was doing with the data, the GSM for Messaging explained, “Currently, we are digging through all of the data to see what we have, and we are working to tune our process.” This information assists us with our cyber incident response efforts. “If there is an issue, we address the issue using Agari. We are learning from history; whatever we see through Agari consoles, we are building new policies and protecting our executives. Agari is helping us also to improve our Exchange Online Protection console, which is a benefit of having Microsoft and Agari coupled.”
"In Agari, we see our environment naked, stripped from all other rules and that is helping us improve our default gateway. Agari enables us to see simple things that should have been caught at the default level."
Quantifying the cost savings is the next step for the company, according to the GSM for Messaging. “The value is there, though.”
In summary, the GSM for Messaging believes that the reference architecture of choice is Exchange Online Protection coupled with Agari. “I am able to show how the efficacy is at its highest when it is Microsoft 365 plus Agari, and with that equation, there is no requirement to have a legacy hardware-based SEG, which saves us money.”
The value of stronger email authentication and email security has become even more urgent as the company's CSO was impersonated (as are thousands of C-level executives within various industries around the world these days). Bad actors commandeered the CSO’s identity with the intention of doing harm by perpetrating fraud. Emails asking for money were sent to more than 40,000 people in the ruse that leveraged the CSO’s name and email address and exposed the company’s brand to abuse.
“I told the executives that with Agari, the CSO’s executive impersonation attack wouldn’t have happened!"