Major Upgrade to Darktrace/Email


Darktrace has announce the availability of a major new upgrade to Darktrace/Email, its Gartner Peer Insights top-rated email offering that stops the most sophisticated email security risks through its unique understanding of you, rather than knowledge of past attacks.

As part of the Darktrace Cyber AI Loop, Darktrace/Email’s new capabilities include an AI-employee feedback loop, account takeover protection, insights from endpoint, network and cloud, and behavioral detections of misdirected emails.

These capabilities enhance security and productivity for employees and security teams in organisations protected by Darktrace/Email.

Darktrace/Email is already a leading technology in the industry and this upgrade builds on the success of the company’s previous email product which was initially launched in 2019 and is used by over 3,000 organisations globally[1].

As organisations continue to rely on email as their primary collaboration and communication tool, email security tools that rely on knowledge of past threats are failing to future-proof organisations and their people against evolving email threats.

Darktrace analysis reveals that other email security solutions, including native, cloud and ‘static AI’ tools, take an average of 13 days from an attack being launched on a victim to that attack being detected, leaving defenders vulnerable for almost two weeks if they rely solely on these tools[2].

In contrast, Darktrace/Email is capable of detecting attacks as soon as they are launched because it is not trained on what ‘bad’ has historically looked like, but instead learns you, the normal patterns of life for each unique organisation.

This deep understanding of you is critical against the increase in both novel, ‘never seen before’ email attacks and increasingly linguistically complex malicious communication.

Darktrace researchers observed a 135% increase in ‘novel social engineering attacks’ across thousands of active Darktrace/Email customers from January to February 2023, corresponding with the widespread adoption of ChatGPT[3].

These novel social engineering attacks use sophisticated linguistic techniques, including increased text volume, punctuation, and sentence length. At the same time there has been a decline in malicious emails containing links or attachments.

The trend suggests that generative AI, such as ChatGPT, is providing an avenue for threat actors to craft sophisticated and targeted attacks at speed and scale.

With this upgrade, Darktrace Cyber AI Analyst™ now combines anomalous email activity with other data sources including endpoint, network, cloud, apps and OT, automating investigations and incident reporting.

The ability to combine and analyse data sources from different parts of the organisation in the same system to mutually strengthen email and network security is a Darktrace patented technology[4].

Sophisticated cyber-attacks most often start in the inbox but frequently traverse into other areas such as the network; an example being multi-stage ransomware attacks.

With greater context around its discoveries, Darktrace’s AI is capable of more informed decision making.

The algorithms have a full picture of what ‘normal’ looks like for a user from multiple perspectives to produce high-fidelity conclusions that are contextualised and actionable, saving human security teams’ time.

Darktrace/Email’s new capabilities include:

  • Account takeover and email protection in a single product.
  • Behavioural detections of misdirected emails, preventing intellectual property or confidential information being sent to the wrong recipient.
  • Employee-AI loop that leverages insights from each individual employee to inform Darktrace’s AI and brings Darktrace’s explainable AI to employees to provide real-time, in-context insights and security awareness.
  • Intelligent mail management for improved productivity against graymail, spam, and newsletters that clutter inboxes.
  • Optimised workflows & integrations for security teams, including the Darktrace mobile app.
  • Automated investigations of email incidents with other coverage areas with Darktrace’s Cyber AI Analyst.

“The fact that Darktrace detects new email attacks instantly, 13 days before anybody else does, is a game changer. For CIOs hours are important but two weeks is the difference between protection and devastation,” commented Gregory Smith, author of ‘The New Normal in IT’, Professor at Georgetown University, and CIO/CTO. “Darktrace’s AI is best in class because it is focused on one thing: our organisation and our data not an aggregate of thousands of organisation’s data in the cloud somewhere.”

“Email is the key vulnerability for businesses today. Defenders are up against sophisticated generative AI attacks and entirely novel scams that use techniques and reference topics that we have never seen before. In a world of increasing AI-powered attacks, we can no longer put the onus on humans to determine the veracity of communications they receive. This is now a job for artificial intelligence,” commented Max Heinemeyer, Chief Product Officer, Darktrace. “Darktrace continues to lead the evolution of the cyber security industry through its unique approach that focuses not on past attacks, but on understanding the organisation and how the people within it behave in order to stop novel social engineering attacks.”


[1] Darktrace/Email total customer count as of December 2022.

2 13 days mean average of phishing payloads active in the wild between the response of Darktrace/Email compared to the earliest of 16 independent feeds submitted by other email security technologies.

3 Based on the average change in email attacks between January and February 2023 detected across Darktrace/Email deployments with control of outliers.

4 Cyber Threat Defense System Protecting Email Networks with Machine Learning Models’ –