London – February 2019
People-centric data security provider Egress has announced its latest releases, which use machine learning to improve sender and end user experience, and enhance protection against data breaches. The new software, Egress Risk-based Protection and Egress Smart Authentication, determine the actual risk of a data breach as information is sent and accessed via email, to ensure the right security is applied.
Both solutions tackle a common problem with security tools: one-size-fits-all approaches often leave users frustrated or don’t ensure adequate security is applied to sensitive data. Typically, outbound email security tools (encryption) rely on static DLP rules or user actions (for example, encrypting emails at the desktop). Risk occurs in these approaches when DLP rules aren’t updated frequently enough or if users make a mistake – for example, not choosing to encrypt sensitive information or sending it to the wrong recipient. Additionally, neither approach questions users’ intentions: for example, whether it’s normal for the individual to send emails at a certain time or to certain domains.
Risk-based Protection analyses these and other factors, including recipients’ security profile, in real-time to determine the actual risk of a data breach as information is shared via email, recommending the correct level of protection – including Egress message encryption, as well as TLS and other third-party solutions. As a result, organisations can have confidence that information is protected in line with data protection and data privacy regulations, such as GDPR, and that security tools are being utilised correctly.
Similarly, Smart Authentication will also change the way people interact with email security to improve user experience and data protection. Available as a feature of Egress Secure Email and File Transfer, Smart Authentication has been designed to overcome one of the biggest challenges to email encryption solutions: recipient adoption. Current tools require recipients to authenticate to access encrypted emails, either through more secure but onerous password enrolment schemes or by using weak one-time passwords. Usernames and passwords could see recipients struggling to access information and trying to find a work around, while one-time passwords are often delivered to the same mailbox as the encrypted email and therefore provide little assurance about who is accessing the information (particularly with the rise of business email compromise (BEC) attacks).
Smart Authentication uses AI and machine learning to analyse the level of risk when a recipient receives an Egress encrypted email, providing seamless access for trusted recipients (where the risk is low) and requiring more information or actions from the recipient when the risk is higher, for example if the recipient is accessing the email from an unknown or untrusted location. The launch of this software comes after a successful year for Egress, culminating in $40m in a Series C financing round led by FTV Capital, with continued participation from existing backer AlbionVC.
Egress CTO Neil Larkins comments: “We’re very excited about the launch of this software, which we feel will change the way email security solutions are consumed. User adoption is frequently a challenge for CIOs and security teams implementing email protection software. If internal employees using the solution or their recipients find it too challenging to use, they will often find a workaround. This leads to a growth of shadow IT and significantly increases the risk of a data breach and non-compliance with regulations like GDPR. We’ve developed and launched this software to tackle these problems head on and ultimately provide enhanced protection and compliance, as well as a way for organisations to realise ROI on their security investments through enhanced usage.”
