When agile cyber-attackers don’t stop, but pivot
When he first joined this leading financial services provider, it was clear to the CISO that email security needed to be a top priority. The organization provides transfer services to millions of consumers via a network of thousands of agent locations across the US. Those agents are connected to hundreds of thousands of global payers to complete consumer transfers, ranging from leading financial institutions to small local businesses.
With this vast network of agents and payers, the provider relies on email as its primary communications channel. Transmitting billions of dollars every year, the organization is a prime target for cyber criminals looking to steal credentials, financial assets, and sensitive data.
Vulnerable to attacks with gaps in email security and visibility
The CISO discovered that employees were under constant attack by phishing emails impersonating his company’s own executives. The business email compromise (BEC) attacks were designed to deceive employees into sharing credentials or clicking on malicious links.
Upon discovering that their Microsoft 365 tenant lacked secure configuration, the CISO implemented necessary changes to strengthen the service, including enabling authentication controls. While his efforts significantly reduced BEC attacks, cyber criminals changed their tactics, sending employees malicious phishing emails from seemingly valid email accounts from trusted domains like Google and Yahoo. The emails passed through the organization’s native email filters without detection.
The CISO also sought to strengthen defenses against third-party supply chain attacks that could originate with any of the hundreds of thousands of third-party agents and payers the company works with around the world. While the larger institutions typically have sophisticated email security strategies in place, the smaller businesses may lack the cybersecurity expertise needed to effectively secure and manage their data, putting the organization at risk.
While the CISO knew the company was vulnerable to phishing and third-party threats, he didn’t have visibility across the flow of email. Without access to key metrics and valuable data, he couldn’t get the crucial insights needed to quickly identify possible threats and adjust security protocols.
Skilled analysts bogged down with low-level tasks
Like many enterprise organizations, this leading financial services provider relied on a crew of highly skilled analysts to respond to alerts and analyze and triage emails most of their workday. “That shouldn’t be how we operate,” said the CISO. “My role and the role of my staff should be to focus on more strategic projects, support the business, and work on important new product development.”
Balancing user experience with mitigating threats
Enabling greater email security measures without negatively impacting the business, user experience, and customer satisfaction was a daunting challenge the CISO and his security team faced. Imposing restrictions that are too stringent could restrict communication, delay the delivery of important messages, or block legitimate emails – potentially slowing down money transfers, frustrating customers, affecting employee productivity, and impacting revenue. However, maintaining controls that are too permissive could result in serious outcomes like data theft, financial fraud, operational disruption, compliance penalties, and customer attrition.
Self-Learning AI is a game changer
After conducting a thorough POC with several modern security solution providers, this global financial services provider chose the Darktrace / EMAIL an AI-driven email security platform. The CISO said they chose the solution for two key reasons:
First, Darktrace / EMAIL offers modern capabilities
- Self-Learning AI uses business data to recognize anomalies in communication patterns and user behavior to stop known and unknown threats
- Secures the organization’s entire mailflow across all inbound, outbound, and lateral email
- Protects against account takeover attacks by identifying subtle anomalies in cloud SaaS
- Catches sophisticated threats like impersonations, session token misuse, adversary-in-the-middle attacks, credential theft, and data exfiltration
Second, they pointed to Darktrace’s experience, innovation, and expertise
- Deep cybersecurity and industry knowledge
- Demonstrated customers successes worldwide
- At the forefront of innovation and research, establishing new thresholds in cybersecurity, with technology advances backed by over 200 patents and pending applications
Moreover, and most importantly, this organization trusted Darktrace to deliver on its promises. And according to the CISO, that’s just what happened.
Significantly reduced phishing threats and business risk
Since implementing Darktrace / EMAIL, the threat posed by BEC attacks has dropped sharply. “Phishing is not an issue that concerns me anymore. I estimate we are now identifying and blocking more than 85% of threats our previous solution was missing,” said the CISO. The biggest factor contributing to this success? The power of AI.
With Darktrace / EMAIL, this leadingglobal financial services provider is identifying and blocking more than 85% ofthe phishing email threats its previous solution missed.
AI wasn’t originally on the financial service provider’s list of criteria. But after seeing AI in action and understanding its potential to vastly scale their detection and response capabilities–without adding headcount, the CISO determined AI wasn’t an option but an imperative. “AI is essential when it comes to email security, it’s an absolute necessity,” he said.
Darktrace / EMAIL’s Self-Learning AI is uniquely powerful because it learns the content and context of every internal and external user and can spot the subtle differences in behavioral patterns that point to possible social engineering attacks. Through patented behavioral anomaly detection, Darktrace / EMAIL continuously learns about the organization’s business and users, based on its own operations and data, adjusting security protocols accordingly.
For example, when clients are transferring large amounts of money, they are required to send photos of their driver’s licenses and passports via email to the organization for verification – accounting for a large percentage of its’ inbound email. Darktrace / EMAIL recognizes that it’s normal for customers to send this sensitive information, and it also knows that it’s not normal for that same sensitive information to leave the organization via outbound mail. In addition, Darktrace identifies patterns in user behavior, including who employees communicate with and what kind of information they share. When user behavior falls outside of established norms, such as an email sent from the CFO to employees the CEO would not typically communicate with, Darktrace can take the appropriate action to remove the threat.
“After the implementation, we gave the solution two weeks to ingest our data and learn the specifics of our business. After that, it was perfect, just amazing,” said the CISO.
Boosted team productivity and elevated value to the business
With Darktrace / EMAIL, the organization has successfully scaled its detection and response efforts without scaling personnel. The security team has reduced the number of emails requiring manual investigation by 90%. And because analysts now have the benefit of Darktrace / EMAIL’s analytics and reporting, the investigation process is much easier and faster. “The impact of this solution on my team has been very positive,” said the CISO. “Darktrace / EMAIL essentially manages itself, freeing up time for our skilled analysts–and for myself–to focus on more important projects.”
The security team has scaled its detection and response efforts without scaling personnel,reducing the number of emails it manually investigates by 90%
Increased visibility delivers business-critical insights
You can’t control what you can’t see, and with zero visibility into critical data and metrics, this financial services provider was at a serious disadvantage. That has all changed. “Something that I love about Darktrace / EMAIL is the visibility that it provides into key metrics from a single dashboard. We can now understand the behavior of our email flow and data traffic and can make insight-driven decisions to continuously optimize our email security. It’s awesome,” said the CISO.
An efficient user interface also improves productivity and reduces mean time to action by enabling teams to easily visualize key data points and quickly evaluate what actions need to be taken. Darktrace / EMAIL was developed with that experience in mind, allowing users to access data and take quick action without having to constantly log into the solution.
Keeping the business focused on cybersecurity
The leadership of this global organization takes information security very seriously, understanding that cyber-attacks aren’t just an IT problem but a business problem. When it came to evaluating Darktrace, the CISO said numerous stakeholders were involved including C-level executives, infrastructure, and IT, which operates separately from information security. The CISO initially identified the need, conducted the market research, engaged the target vendors, and then brought the other decision makers into the process for the solution evaluation and final decision. “Our IT group, infrastructure team, CTO and CEO are all involved when it comes to making major cybersecurity investments. We always try to make these decisions jointly to ensure we are taking everything into consideration.”
The organization has reached a higher level of maturity when it comes to email cybersecurity. The ability to automate routine email detection and investigation tasks has both strengthened the organization’s cyber resilience and enabled the CISO and his team to contribute more to the business. His advice for other IT leaders facing the same email security and visibility challenges he once experienced: “For those companies that need greater insight and control over their email but have limited resources and people, AI is the answer.”
Secure Your Inbox with Cutting-Edge AI Email Protection
Discover the most advanced cloud-native AI email security solution to protect your domain and brand while preventing phishing, novel social engineering, business email compromise, account takeover, and data loss.
- Gain up to 13 days of earlier threat detection and maximize ROI on your current email security
- Experience 20-25% more threat blocking power with Darktrace / EMAIL
- Stop the 58% of threats bypassing traditional email security
.avif)
.avif)
![Pivoting off the previous event by filtering the timeline to events within the same window using timestamp: [“2026-02-18T09:09:00Z” TO “2026-02-18T09:12:00Z”].](https://cdn.prod.website-files.com/626ff4d25aca2edf4325ff97/69a8a18526ca3e653316a596_Screenshot%202026-03-04%20at%201.17.50%E2%80%AFPM.png)
