Security Stack Logo
Darktrace / EMAIL logo

Email Security

Darktrace / EMAIL

Self-learning AI email security for advanced threats, BEC, and GenAI-powered attacks.

Integrated Cloud Email Security (ICES)

Darktrace / EMAIL Overview

What it does

Darktrace / EMAIL is a cloud-native email security platform that uses Self-Learning AI to detect and respond to advanced threats through behavioral analysis rather than static rules or threat intelligence feeds. Deployed via API to Microsoft 365 and Google Workspace, the platform baselines normal communication for every user and detects novel BEC, phishing, account takeover, and generative AI social engineering attacks without relying on known signatures.

How it works

Antigena autonomous response quarantines suspicious messages, rewrites links, and disables compromised accounts at machine speed. Cyber AI Analyst produces natural language investigation narratives, while label-free behavioral DLP monitors outbound email and Microsoft Teams chat for data loss. The Mailbox Security Assistant gives analysts a unified remediation console, and multi-domain correlation links signals across email, identity, and SaaS to expose full attack chains.

Credentials and traction

Darktrace / EMAIL is certified to ISO/IEC 27001, ISO/IEC 27018, and ISO/IEC 42001 (BSI AI management system) standards. Darktrace was named a Leader in the 2025 Gartner Magic Quadrant for Email Security Platforms and a Gartner Peer Insights Customers' Choice for Email Security Platforms. Named customers include Aston Martin, McLaren, and West Ham United, part of an installed base of more than 10,000 organizations worldwide.

Key Capabilities

mapped to solution categories
Integrated Cloud Email Security (ICES)

Connects to Microsoft 365 or Google Workspace via native APIs for visibility into internal and delivered mail, enabling post-delivery clawback without changing MX records.

Separates newsletters and bulk mail from threats by routing them to dedicated folders, refining classification from how each user files messages.

Automates the intake, deduplication, and triage of user-submitted suspicious emails, cross-references against in-flight campaigns and triggers retroactive remediation across all recipients.

Builds per-user and per-vendor communication baselines from historical email patterns to detect anomalous content, timing, or sender behavior without relying on signatures or blocklists.

Analyzes email body text semantically to detect social engineering, pretexting, and urgency manipulation in messages that contain no malicious attachments or URLs.

Detects compromised or spoofed third-party supplier accounts by analyzing communication pattern deviations, domain aging, and content signals, targeting invoice fraud and payment redirection attacks.

Assesses the email communication risk posture of external supplier domains, flagging suppliers with poor email authentication, recent domain registration, or anomalous communication patterns.

Detects signs of internal mailbox compromise (anomalous login geography, mail forwarding rule creation, unusual send volume), and can trigger automated session revocation.

Inserts dynamic banners into delivered messages flagging risk signals such as first-time senders, lookalike domains, or unusual payment requests at read time.

Compliance

certifications
CSA STARFedRAMP HighISO 27001ISO 27018ISO/IEC 42001SOC 2 Type II

Integrations

compatible tools
ExpelGoogle WorkspaceMicrosoft 365Microsoft ExchangeMicrosoft TeamsSplunk

Implementation & support

Deployment model
CloudSaaS
Pricing structure
Subscription
Support channels
24/7 SupportEmail SupportPhone Support

Info last updated on May 27, 2026

Vendors

Is this your product?

Claim your profile to connect with the teams looking for your solutions.

Security Stack Logo

The curated research platform for enterprise cybersecurity solutions.

All product and company names, logos, and brands are property of their respective owners and are used on this website for identification purposes only. Security Stack does not endorse any vendor, product, or service listed, and makes no warranties, express or implied, as to the accuracy or completeness of this content, including any warranties of merchantability or fitness for a particular purpose.

© 2026 Security Stack. All rights reserved.