Area 1 Security: ‘We Believe It’s Possible To Have A Clean Inbox’

‘Email is the single biggest attack surface out there, and it will remain so. Email is the most mission-critical application. The threat actors know it and they will take full advantage of it,’ says Area 1 CRO Steve Pataky at XChange 2022.

Too many organizations have given up on preventing phishing emails from hitting inboxes, and Area 1 Security wants to convince partners and customers that it’s possible.

“Email is the single biggest attack surface out there, and it will remain so,” said Area 1 Chief Revenue Officer Steve Pataky. “Email is the most mission-critical application. The threat actors know it and they will take full advantage of it. … We believe it’s possible to have a clean inbox.”

Losses from phishing attacks are mounting and significant, and Pataky said San Mateo, Calif.-based Area 1 can prevent phishing attacks using technology that doesn’t constantly have to be fiddled with and tuned by partners. Pataky spoke during a solutions track session Sunday at CRN parent The Channel Company’s XChange 2022 event. Area 1 revealed Wednesday that it’s being acquired by Cloudflare for $162 million.

[Related: Cloudflare To Buy Area 1 Security For $162M For Email Defense]

Pataky said Area 1’s cloud-based approach to phishing prevention stands apart from the competition by being pre-emptive, comprehensive, contextual and flexible. The company has a massive web crawling infrastructure that goes out and identifies new domains being set up as well as other infrastructure that is being created that’s new that would indicate something potentially nefarious, according to Pataky.

In fact, Pataky said Area 1 has the world’s second largest web crawler behind only Google, with the search engine giant focused on indexing web content while Area 1 is dedicated to indexing areas of potential compromise and infrastructure stood up by potential adversaries. Threat actors spend months and months doing reconnaissance and understanding the landscape inside a target before attacking.

Specifically, Pataky said adversaries set up infrastructure, put up look-alike domains, and work on harvesting credentials prior to formally launching an attack. Area 1 on average spots nefarious infrastructure 24 days before a malicious email hits an inbox, and the company can do this holistically across different types of threat vectors ranging from bad URLs to Bitcoin scams, according to Pataky.

“If you can spot their work and you can understand what they’re doing in advance of the attack, then when that infrastructure is leveraged in an email, you’ve got them,” Pataky said. “You can stop the email from hitting the inbox because it is inclusive of that nefarious infrastructure that looks legitimate.”

Area 1 excels at spotting low-volume business email compromise attacks that have very big risks associated with them, Pataky said. By harvesting the credentials of a legitimate user in the supply chain and impersonating them, Pataky said threat actors can trick victims into making fraudulent payments of $20 million or $30 million.

Adversaries will often jump in mid-conversation in an email thread between a legitimate vendor and its customer and will start sending messages that look and sound like the supplier but actually aren’t. Eventually, the adversary impersonating the supplier will tell the customer it has changed banks and direct the customer to have their accounts payable department send money via a different routing number.

Area 1 was able to stop a $24.6 million fraudulent payment made by a well-known airline for jet fuel where the supplier’s credentials had been harvested by a Chinese adversary, Pataky said. All told, $253 million of the $400 million in fraud Area 1 prevented during 2021 was tied to potential losses associated with business email compromise-related attacks.

“By analyzing every word and every image, you can understand if there’s the slightest change in sentiment,” Pataky said. “This is not some big campaign threat actors are executing. It’s against a particular target. This happens every day in industries large and small. … You have to be able to stop the broad campaigns. But increasingly, the small campaigns do the most damage.”

Many newer email security offerings are rigid and must sit in a particular place in the email flow or have the customer be in API mode, Pataky said. But Area 1’s technology can sit in front of the existing email infrastructure, be there at the time of delivery, or work after an email is delivered to help with triage.

“As a channel partner, the last thing you want to do is go to your customer and say, ‘This is the way it must be done,’” Pataky said. “We don’t have to say, ‘It’s not a matter of if, but when.’ We are going to play the offense like the NSA [National Security Agency] tells us to do, and the outcomes are really good for you and for your customers.”

Tekpros currently uses a combination of Proofpoint and Microsoft Sentinel but has been looking for an innovative email security product that fits across both Office 365 as well as Gmail, according to Kumar Nandigam, CEO of Plano, Texas-based Tekpros. Nandigam previously thought of Area 1 as more of an enterprise-centered offering but was glad to hear it has a robust SMB customer base as well.

Area 1’s proof of value and assessment offerings would be particularly appealing to Tekpros customers, and Nandigam said he’d be interested in learning more and trying to get into the company’s partner program. Nandigam was pleased to hear about Area 1’s extremely high efficacy rate as well as the ability of MSSPs to wrap services around it.

“Given the way the product works and what I learned today, I might go for it,” Nandigam told CRN. “It can be one solution which we offer across our email inboxes for all our customers and for all seats. That really helps.”