Select Dynamic field

Darktrace Antigena Email (AGE) is different than your traditional gateway tools, whether that be Mimecast, Defender, Proofpoint, Barracuda where they will sit in line and handle more of the archiving and almost the initial spam filtering. 

AGE creates a journaling rule within the email platform. So let's say that's O365, those more sophisticated threats or the account hijacking and spoofing attacks of the world, etc. that might bypass the traditional tools, had action taken upon them.

Bypassing TPA

This is an example of a threat that bypassed the customer's gateway tool. Fortunately, it was picked up by Antigena Email. Microsoft gave the email a Confidence Level = 1. Microsoft will only stop the email if it has a 5 or higher.

And if an organization is also using Darktrace's Enterprise Immune System data, raw network data is correlating with the email data. This provides even more information for Artificial Intelligence. AGE is not saying, "Is this email good or bad?" It is asking:

  • "Does this actually belong?" We know this user, what they do on the network, and also the emails that they're receiving.
  • "Should we block this?
  • Or, should we double lock the link?"

Antigena Blocking Options

Mimecast and AGE working together is very complementary because many of our clients (roughly 70% of those who leverage Antigena email) already have some type of initial email gateway tool like Mimecast in play as well. AGE is the one that really takes the more sophisticated threats that will often bypass the gateway.

But given the fact that AGE can pretty much do both, we wouldn't say you need a tool like Mimecast to get the job done. We do have some clients that will say, well, you know we don't need Mimecast. Because the AGE side is actually just picking up on all that anyways and still taking action.

Our customer feedback

Pros

  1. "You can see what was getting through Mimecast as far as to spoof emails that just didn't even have any capture rate from Mimecast."
  2. "AGE has better controls from the user standpoint where the user can't say, allow as they can in Mimecast. AGE is more of a system admin controlled and an end-user control, which we find to be better because some users will say, oh, yeah, I know this sender and click allow it to come through, not even realizing that it's a spoof."
  3. The user interface is way easier to manage and understand and see what's going on from an email perspective.

Cons

  1. "AGE does not allow archiving." With that said, you don't need Mimecast to do archiving. You can leverage the native capabilities of O365.

Find out more about email security

Darktrace vs Mimecast vs Defender

January 6, 2022

>