Before turning to Darktrace, Bank One already had well-tuned traditional email security tools firmly in place, which were successful in dealing with spam and known attacks. However, with the pace of attacker innovation, the organization sought to extend its security stack with technology that analyzed each email in context and protected against the most sophisticated threats which often evade traditional email tools on the marketplace. Darktrace / EMAIL has provided an additional layer of defense against:

Advanced impersonation attacks: Modern impersonation attacks involve the attackers' inserting themselves in existing conversations between the bank and its customers, using spoofing techniques and sending fraudulent transaction requests.

‍
Advanced spear phishing using cloud services: Phishing attacks in which the email does not contain any direct phishing link or malicious content, but the recipient is directed to a genuine page which in turn contains the phishing  link or malware.

‍
Novel malware: Newly released malware for which there is no Threat Intelligence available.

‍
"Darktrace / EMAIL has  helped  us  address  a  major  security  concern,"  explains Sanjeev Jhurry,  Head  of  Information  Security  at  Bank  One.  "It  is  like  having one additional resource on the team; we are very impressed."

‍
"Darktrace's AI complements our traditional email security systems as it adds another protection layer on top of predefined rules," said Mathieu Mariole, Information Security Manager at Bank One. "The number of threats is increasing every day and it's clear that traditional defenses are not bulletproof. Darktrace's AI helps us detect novel and sophisticated attacks that evade traditional tools".

The team undertook a 30-day trial to see the results of Darktrace / EMAIL in its own environment, and were impressed with the level of support from both Darktrace and Grove, Darktrace’s Partner of the Year in 2020 and 2021.

“The deployment process was simple since the team that helped with installation were very capable,” said Jhurry. Darktrace / EMAIL was set up in hours and immediately started learning ‘self’ for every email user in Bank One’s digital environment.

“The results were immediate,” added Mariole. “We saw a rapid decrease in the number of malicious emails that previously went through undetected by our existing defenses. These threats were successfully addressed by Darktrace. This was the selling point for us, and we were extremely happy with the results.”

The team evaluated two other solutions alongside Darktrace / EMAIL, both were highly rated direct competitors. “During our evaluation, Darktrace clearly took the lead and demonstrated its strength using its highly advanced AI and machine learning capabilities,” said Mariole.

Darktrace / EMAIL proved its value after it stopped a supply chain attack that targeted Bank One, in which a trusted partner's account was taken over and emails were sent to Bank One disguised as legitimate RFPs but containing malicious links. Darktrace recognized these emails were unusual in the context of prior correspondence and locked the links, effectively containing the attack.

‍
"It has been almost perfect in stopping malicious emails," explained Jhurry. "We have started producing metrics on its capabilities and I must say it's impressive. I find it impossible now to imagine life without having this system protecting our emails."

‍
The technology also frees up the team, allowing it to spend its time on more strategic work. As Mariole explains, "As a small team, we could not afford to be constantly triaging emails or to look through logs and make sure that everything is working as intended."

‍
Darktrace / EMAIL has been a set-and-forget solution, requiring next-to-no manual configuration as it constantly learns about new threats and malicious behaviors by itself.

‍
After seeing the power of Darktrace's AI in the email layer, Bank One is now trialing Darktrace / NETWORK to detect network-based threats. The technology uses the same underlying approach as Darktrace / EMAIL, learning normal behavior and spotting subtle anomalies that indicate a cyber-threat. Having different areas of the digital infrastructure protected by a single approach will further improve the ability of the AI to detect and respond to emerging threats across the network and email layers.