Good afternoon, everyone. We, are glad to have you here. Welcome to this webinar hosted by, Innerworks presenting, an overview from our partners at Darktrace. We're really glad to have you. Great crowd. Thank you guys for coming. Really appreciate your interest. We're excited to do this for you. Again, thank you guys for coming in today. My name is Chris Scully. I am, an account executive with Innerworks. If you wanna flip the next slide, Jamie, show you a quick overview of who we are. So, I'm a strategic client manager here. I'm based out of Oklahoma City, Oklahoma. Innerworks has been around for, nearly twenty five years. We're in, really a wall to wall IT solutions provider. You can slip to the next one, Jamie. Yep. Go ahead. Yep. There we go. But we're a people focused consultancy, and we do really anything and everything for our customers. So, our headquarters are in Stillwater, Oklahoma. We have offices in in Tulsa as well as Oklahoma City, but we have a footprint and a presence all over the country and even globally. So, you know, go to the next slide there. This is just a little bit about, as you can see, we do a little bit of everything. IT solutions were heavy on on managed services, so, we can help you with, everything from design to implementation to long term support and services. Heavy on the business intelligence side, we do a lot of that globally. And so we'd love to talk to you at one of our we partner with, you know, some of the best names, in technology globally. Certainly, Darktrace is one of those. And so we're really happy to to have Jamie and and you also see Kirk here, coming in to to speak to you today. So, let me kinda tee them up, and then I'm gonna give them the time and and, and we'll continue. So, again, please use the q and a, and, we will get started. So let me introduce to you, Jamie Jamie Pierce. So Jamie sorry. Let me pull that back up. So Jamie is a solution engineer for Darktrace. She's coming up on four years now. She is based out of Austin, Texas and specializes in email solutions. So she is gonna facilitate our our conversation today. Jamie, thank you so much for being here. And then also, we have Kirk Morrison. Kirk is an account executive at Darktrace. He's based out of Tulsa, Oklahoma, and he's a key, contact and partner for the webinar today. He's a partner with us here at Innerworks. So thank you both, Jamie and Kirk, for, doing this. We really appreciate it. Thanks again, everybody, for your time. And with that, Jamie, I will turn it over to you. Thanks, Chris. So today, we're here to talk a little bit about Darktrace email solution. I wanna preface, going into a demo and talking about the Darktrace solution by a little bit of background on what we're currently seeing in the industry, what are the challenges that we're facing in email security today. So currently, we have been seeing a very significant rise in the average sophistication of threats that are hitting the inbox. With the rise of LLMs like chat it's making it much easier for threat actors to quickly, create intelligent, sophisticated phishing emails to deliver, en masse to many targets. So overall, we've seen, a hundred and thirty five percent increase in these AI, sophisticated attacks. We're also seeing that it remains the case that the inbox is the primary, starting point or initial vector for all breaches. So we're seeing over forty percent of all breaches start with the phishing email in the inbox. And one of the main reasons sub threat actors are still going with that approach, and that's remained one of the the primary attack factors, is that humans are still susceptible. We all know that us humans, we're the weak link in the chain. We can be tricked into clicking on something that we shouldn't be clicking on. These are the challenges that a majority of our customers and prospects have been voicing to us over the years. And Darktrace email is trying to take a different approach to email security to be able to to face those new challenges. So what do we think is needed to advanced email security to be able to protect against these more sophisticated threats? One, we need to move beyond just payload detection or relying entirely on a rules and signatures based approach to be able to pick up these malicious threats. Oftentimes, we're seeing that the initial email coming in, that ends up with a user being compromised doesn't even have any payload or any links or attachments. It's what we would say so called clean email is, and it's just starting a conversation with a suspicious email address or a compromised account. So leveraging, only known bad and good hashes, links, that sort of thing to be able to detect these threats is not enough anymore. Darktrace, we are trying to take a very holistic approach to email security. We want to understand where any inbound, outbound email really fits in the context of the entire organization and that individual user. And we're trying to look at more than just payload, more than just the user's inbox, looking at their user activity, looking at what they're doing in teams to really paint the full picture. And we can't really fight machines with just human resources. We need to fight AI with AI. So at Darktrace, we've been in the AI space for over ten years now, and we're using that AI to augment the human team and really improve our ability to respond to these threats. Darktrace emails specifically, we have seen taking this approach of trying to learn what is normal for an organization, learning what emails are typically sent, who, an organization typically corresponds with, what types of topics do these users send back and forth to each other, allows us to create a behavioral profile for every user account, every inbox that Darktrace is monitoring. And we can then detect any sort of deviation from that sense of normal. And this approach allows us to block new and novel threats up to thirteen days faster. We're not relying on this being, flagged in virus total before we're able to be able to detect and respond to those threats. We are trying to take that holistic approach to be able to defend your brand with complete visibility and protection across your whole security workflow across your entire digital state. So we'll primarily be focusing on email today. Darktrace is trying to take this holistic approach in email where we can protect not only the inboxes, but the user accounts, through different vectors like teams as well. And then we can extend that approach to the entire digital state. So what is Darktrace email using? What are we looking at? Dark trace is creating these unique patterns of life, those behavioral profiles for every user, every mailbox to be able to detect anomalies. What we're looking for is anything that sticks out as suspicious, doesn't fit a user's normal workflow. We're doing that for inbound emails. Of course, we're really trying to catch those malicious threats and those more sophisticated AI generated threats hitting the inbox. We're also using this approach on account activity. So Darktrace is able to monitor user account activity in Microsoft three sixty five or Google Workspace to see if there's any signs that an internal account may be compromised or is being targeted. We can also cover Microsoft Teams. That's something we'll get into in a little bit more depth in our demo, where we're taking this, self learning AI approach to messages in the inbox. We are seeing that, become increasingly popular as an attack vector. If a threat actor can get a team's message in and convince a user to answer a phone call, they might be able to get some information from them once they move to a phone call. We're also looking at lateral mail internal to internal emails. If a user does become compromised or they try to forward an email that's malicious to another user, of course, we need to be able to stop that as well. And then outbound mail analysis and data loss protection. So being able to really protect accounts and data anywhere that touches Microsoft, Google, wherever we're hosting our email environment. And the way that Darktrace email deploys is through an API and an optional journaling rule. So Darktrace email is not in line. We're sitting a sort of parallel to Microsoft three sixty five or Google Workspace, and we're able to protect anything that is getting past the existing defenses. So I wanna hop into the dark trace demo environment and just go through, what dark trace looks like and, what we're able to do for our customers. So right now, we are looking at the main dark trace email dashboard. The first thing that I want to click into in this thirteen percent user base So Darktrace, I've talked about the approach we're taking this, idea that we're trying to learn what is normal for your inboxes. This is just a visualization to go along with that. In this particular environment, there's over nine thousand internal mailboxes, users, identities, that Darktrace has built out a behavioral profile for. We understand who they typically correspond with. We understand where they usually log in from and what they do on a day to day basis in their inbox that we should expect and over sixty three thousand external correspondence. So we're building out a behavioral profile for those external correspondence as well so that we can detect if somebody may have been compromised and start sending in an email that doesn't fit their normal behavioral pattern. A majority of our customers use dark trace email as more of a set it and forget it tool. So they're not in the dark trace email console too often. This dashboard is really meant to give you a quick glimpse of what dark trace is doing in your email environment, what we're detecting, how we're responding to those threats. This first threat dashboard, shows us the amount of inbound emails that we've seen over the last month and the number of threats that we've picked out there. These are all emails that are anomalous that haven't fit that normal behavioral pattern for these users. And once Dartrix identifies those anomalies, we're also able to pick out specific threats that might be in those emails. So things like phishing links, credential harvesting links, forged addresses, internal IT impersonation, all common threats that we're seeing get into the inbox across our customer pay our customer base. In this actions tab, this will break down the types of actions Darktrace is able to take on these emails. So the most severe one, the one that we're gonna take when we see one of those malicious emails, something with the phishing, like, credential harvesting, those sort of cases, is holding an email entirely from the inbox, of course. We're also able to move things like spam to the junk folder and then take a number of more targeted actions. So if there is or if there are emails coming in that look fairly normal, they look somewhat similar to what we typically expect for this user, but they're not one hundred percent trusted. Darktrace can rewrite links to do an app sign of click analysis or entirely block access to that link. We can strip attachments or convert them to a safe, PDF for a user to click on. So anything that gets through to an end user that dark trace has analyzed, we want it to be safe for them to click on. And, of course, as I mentioned, we're not in line. We're sitting parallel to the email provider. Right here, this shows a breakdown of the number of emails dark trace actioned over the last month in this particular environment over thirteen thousand. And then it narrows that down to actions that were actually unique to dark trace email as well. So some of these emails might be things that Microsoft dark trace is bringing on top of the existing security stack. So this dark trace email number is the number of actions, that we have taken beyond anything else in the stat. The next tab I wanna go over on this dashboard is campaigns. So one of the things that we've seen pretty common with, especially compromised accounts sending emails in, that first email might be a so called clean email. It might not have any obvious malicious intent. That's something that Darktrace says, hey. This is out of the ordinary. Maybe we move it to the junk folder. Make sure that your user gets a warning banner. So if they do go through their junk folder and look for that, they, are warned that this email looks a bit suspicious. If a user then tries to send in more emails or anything that looks like it could be related, Darktrace will continuously monitor this so we can group them all into a related campaign. And that way, if there's ever a case where the initial email is junked and we decide, hey. Actually, we need to go back and hold all of these emails, we can retrospectively action any of those campaigns. This is also important when we talk about user interactions, users reporting emails or marking them as safe, different things that they can do within Outlook or within Darktrace themselves. If a user reports an email, we don't just wanna analyze and remediate that specific email. We wanna go and look and see if there are any other related emails sitting in other users' inboxes that we need to pull out as well. So this campaign's dashboard allows you to track the type of campaigns that you're receiving. It looks like in this case, there are a lot of spam campaigns coming in, and then a few more concerning ones like payment scares, solicitation emails, or emails impersonating another user. The next piece I wanna talk about is this nonproductive workflow. So Darktrace email started with the core function of protecting inboxes from inbound mail. And then we realized that that self learning AI approach we're taking can be extended to many other areas of the inbox, not only for security purposes, but also for productivity and sort of quality of life improvements, whenever users are interacting with their email on day to day basis. In this nonproductive section, you'll see four different categories. Of course, threats, we're gonna be taking action and holding those from the inbox. We also use natural language processing on the body of emails to be able to detect if there's any sort of extortion language, solicitation, or in this case, something that looks like a cold call email. And we can automatically move those cold call emails to a unique folder in Microsoft or to the junk folder, depending on what your users prefer. Spam emails will obviously be junking. And then gray mail is something that we are using our understanding of how your users interact with emails in their inbox to identify these gray mail emails that are nonproductive. So an example of a gray mail email would be maybe a marketing email, sales emails, things of that sort, newsletters that nobody in the organization is really interacting with on a meaningful way. Maybe they always delete the email without reading it. They're moving it to their junk folder, or it's just left unopened in the inbox. That's that's something Dartrice will start labeling as gray mail and identifying as something that is probably, not of any productive value. Those emails can similar similarly be moved to a custom folder in Microsoft or to the junk folder to save your users' time. In the morning, they log in. They don't have to go through fifty emails, thirty of which are not useful to them. They can just see those twenty emails that they need to start their day. Another piece that Darktrace has extended the self learning AI to is outbound emails and detecting instances of data loss. In this case, over the last month, we get, a little over thirteen hundred outbound emails in this environment, and we detected fourteen of those emails to be in some way anomalous. This is using the anomaly based detection. So we don't need to go in and preclassify all of these attachments that are being sent out and all of the data in the environment. Darktrace is able to analyze these emails within the context of the organization and the normal mail flow we see on a day to day basis and identify cases where this email may constitute an instance of data loss. And you'll see some examples of categories listed here. So a user sending some sort of file to a completely new correspondent, an address that we've never seen them communicate back and forth with. They're sending something that we don't typically see them interact with. That could be something where they are accidentally sending it to the wrong user or they picked out the wrong attachment that they don't typically send to completely new correspondence. MisDirected emails are instances of data loss that are just attributed to human error. We have seen that a majority of, data loss from email is just human error. It's not necessarily malicious exfiltration. MisDirected emails are emails where a user may have just typed in the sender or the recipient's name wrong, their domain wrong, they chose the wrong John from their Outlook contact list, and now they may have sent something sensitive to the wrong person. Darktrace is able to detect instances where users are now communicating with somebody that could be a misdirected recipient. We're able to, show users a pop up in Outlook through an add in in the integrated app section to just make sure they can avoid these cases at all. They can click don't send, and they can fix, their mistake and send it to the correct person. And then we're also able to, take action and hold these possible data loss emails as well. We also do account protection. So Darktrace is monitoring user activity in Microsoft three sixty five or Google Workspace to be able to connect the dots between suspicious emails that may be coming in or being sent out and user activity. So in this case, we can see the map, the locations that users are logging in from in this instance, any sort of anomalous behavior that we're seeing, users logging in from locations we don't typically see them log in from, maybe the creation of a new mailbox tool that they don't typically use. I know we often see instance is a compromise where we'll see a suspicious login followed by, the user account creating a new inbox to delete all incoming mail or something of the sort. Those are the anomalies Darktrace is looking for here to be able to detect, alert, and take automatic action on. So if we do see any sort of critical alerts where it looks like a user's account may be compromised or maybe they are an insider threat, Darktrace can take action to force that account to log out and temporarily disable the account in Microsoft. And then the last piece that I wanna talk about before we get into some of these examples is user interactions. So one of the features we have with Darktrace email is what we call the analysis add in. This allows your end users to query Darktrace directly from Outlook. They can click on this orange magnifying glass, and they can analyze an email and receive a summary of why Darktrace thinks this email may be safe, why it may be a little out of the ordinary, and get an idea of what we're looking at to determine how suspicious an email may be. This also gives them the capability to report an email as suspicious or mark it as safe. Those two options feed right back into the system to improve the accuracy of dark trace. If a handful of users mark the same emails as safe from a sender, then maybe we need to treat that as a sender with a little bit more trust moving forward and allow those emails through. If users report emails as suspicious, we're gonna automatically remediate those and reevaluate, say, maybe we need to treat that sender with more suspicion moving forward. I wanna jump into some specific examples of email start trace is able to catch here. On the left hand side, we'll navigate to the logs section, and this would be all of the emails that we're seeing in a particular environment. And in this demo, we have a sampling of some of the more interesting ones. I wanna start with an inbound email here that was actually sent from a known correspondent. If you open up an email log, you'll see this big score here. This one is saying this is ninety nine percent anomalous. Every email is ranked from zero to one hundred percent anomalous. Zero being this is completely normal. This is exactly what we expect for both the sender and the recipient, just normal everyday communication. One hundred percent being completely out of the ordinary. There's something really suspicious about this email, and we don't think it belongs in the user's inbox. In this case, we see this email was ninety nine percent anomalous, so quite high. The anomaly indicator section here gives us an idea of why. It says that it's coming from this health corp dot com organization, which if we look at the history and association here, we can see that this user at health corp dot com does communicate with users, internally pretty often. They're a known correspondent. They email back and forth. And we've seen lots of users within this organization email people at health corp dot com. So this is a a organization that they communicate with often. They likely do business with. And this was an unusually high anomaly score for emails from this organization. There was a lot of things within this email that we don't typically see from them. And one of the reasons that we got that higher anomaly score is this unusual link, this holdings inc l l p my sharepoint dot com link. This is something that was detected as one hundred percent rare. So we know SharePoint is not malicious in itself, but it can be a file storage host where anybody can, host whatever they want there. In this case, Darktrace says this is one hundred percent rare. We don't typically see this particular SharePoint post sent with these emails. It's not something that we've ever monitored within, email communication before. So that's an anomalous, especially because we know what these users typically send. There was also an attachment that contained a macro, so it looked like it's possibly some sort of malware ransomware attachment. Darktrace said, even though this user is a known correspondent, this email is validated as coming from the source that we expect it to come from. It looks very out of character for this user, not something that we've seen them send before. And we think that that this user's account has been compromised, and that's likely why we're getting this suspicious message. There's a potential phishing link and some sort of malware ransomware attachment, so we're gonna hold that from the inbox entirely. And this is the approach that allows us to detect things like business email compromise, or those sophisticated threats coming from a completely new domain that a threat actor just registered, so it hasn't been, reported as bad anywhere yet. That's an example of an inbound threat that we were able to detect. I also wanna talk a little bit about outbound emails as well. This is an example of an outbound email that we said was one hundred percent out of the ordinary. Nothing we typically see Tim Williams here send out, and we flagged this as a possible data loss email and a misdirected email. In this case, it looks like this user is trying to contact Olivia Brown. They're forwarding some sort of email here. We typically see them communicate with olivia brown at holdings inc dot com. That's a normal internal to internal relationship that we've profiled and monitored for these users. And it looks like they've just typed in an extra s here in the domain. So it's this holdings s inc dot com that they actually ended up sending this email to. This is a case where the content of this email may be sensitive to this internal organization, maybe something that we don't want to get out into anybody else's hands. There's always a chance that this inbox doesn't exist anywhere. We just get a bounce. But if that's not the case, we wanna make sure that we're able to hold these messages and make sure that we're, mitigating that risk of data loss. And then I wanna pick out another example of a lateral email or an internal to internal email as well So we get all three types. In this case, the email is coming from Olivia Brown. It's being sent to this internal user, Jimmy Griffin, and it says it's some sort of q four projection. In this case, we had actually seen suspicious activity from Olivia Brown's account. We saw a login that we don't typically see her log in from. And then in this case, she sent, the same sort of internal email to ten other users in one hour time frame. And these emails contain this suspicious link, this mind complex dot, z e a dot com, which is just hidden behind display text that reads here. So it looked like somebody had compromised this user's account and sent out these emails to other internal users, hoping they would click on the text that just says here and not hover over it, look at where this link is actually bringing them. And in this case, the user was trying to compromise, other users' credentials. And this is something where Darktrace said this is out of character. We don't typically see Olivia Brown send this link. It looks a bit suspicious, and we already know that there's suspicious activity on this account. So we're gonna block access to that link entirely and add a banner to this email, for anybody who received it to know that it was detected as out of the ordinary for her. And I touched on a little bit, teams. So a lot of the focus and a lot of the threats we are seeing are still hitting the inbox. That's the primary vector here, that we're trying to protect against. But we have seen that threat actors are going to teams as well. One of the more common uses I've seen, is what we would call, like, a spam bomb. So a user gets their email address inputted into a bunch of register me for this newsletter, whatever the case is, and they receive hundreds, if not thousands, of emails all at once. They're not able to use their inbox. It's, spam bomb in their inbox. That's something that Darktrace on the email side can detect that unusual increase in those inbound emails that look like some sort of commercial marketing email and stop those emails. We have seen that threat actors often do that so that they can move to Teams or text or phone call and pretend to be some sort of help desk user. Ask them for their credentials, tell them that they can stop the massive flux of inbound spam. So Teams is something that Darktrace is able to monitor, and detect any sort of suspicious activity here. So I'll go into an example. This is a Teams chat that was sent and initiated by mike dot jones at c three dash s dot com. So just some random external user. It was going to Jimmy Griffin at Holdings Inc. This sender is not well known in this environment at all. Haven't seen any emails back and forth from them. We haven't seen them communicate over Teams before. It's not somebody that we would typically expect to be sending anything in. And this chat, if we wanna preview the message here, is trying to kind of incite some urgency into this user and get them to answer. It's telling them that they were asked to get in touch with them by a mutual contact, and then it has this sort of mysterious we found some irregularities to try to get this user to panic and respond to this threat. And then they're trying to move them off of something that we can actually detect suspicious links being sent in. They're trying to get them to answer a phone call or a team's call where they can pull more information and potentially get credentials or sensitive information from them, via that method. And this is something that Darktrace detected as anomalous and is able to notify on and report to the security team and let them know anytime that there's a user that is trying to send in anything suspicious over Teams. And we can link those to any other email threats or threats in the, user account level that we're seeing as well. Awesome. That's a brief overview, not so brief overview of Darktrace email and all of the capabilities. I wanna talk a little bit about Darktrace in general before we get into some questions. So we've gone through an overview of Darktrace's self learning AI applied to the user inboxes, user accounts, Teams messages. This same self learning AI approach can be applied anywhere across the digital estate. Darktrace can cover workspace accounts. We can cover different identity accounts, Salesforce, Duo, anywhere they live. We all we also cover network environments. We have a cloud solution as well, endpoint solution, and Darktrace OT. And all of these solutions actually share data. So if you have a Darktrace network deployment and a Darktrace email deployment, if we see a user connect to a domain regularly on the network side, then that's gonna tell Darktrace email that, hey. This domain might be a little bit known to this user. Maybe we expect them to receive an email from them. And then on top of, applying this self learning machine AI to, all these different coverage areas, we do have services as well, like managed detection and response. And a little bit about dark trace. I did mention that we've been in the AI space for over ten years now. We did not start as just security and then added on AI. We started with AI. We were the first at scale deployment of AI in cybersecurity. We have almost ten thousand customers now and over two hundred patents and applications filed. So we are really proud of the development work that we've, been doing out of Cambridge in our headquarters and, all the customers that we've been able to help with this solution. Okay. Well, thank you so much, Jamie. Great job. A lot of information, lot of questions. So we appreciate you guys' engagement. We're gonna try to get through as many of these as we can. I know Kirk's been diligently answering them in the q and a. So if you asked a question, if you haven't checked that, go back and look, and there's a good chance that Kirk may have already answered that. So thank you for that. And if you haven't noticed his email, above in the picture, it's kirk dot morrison at dark trace dot com. A few of the questions were, about follow-up and, who can we talk to after the webinar, etcetera. And I wanna point you to Kirk. And if you need a a partner, if you'd like to talk to Innerworks about things beyond even the, security issues, you can start with with Kirk, and he will reroute you to me. So, but, anyway, let's get started on a few of these questions. And I'm actually gonna go backwards because I'm gonna assume that some of the early questions, Jamie actually covered. So I'm I don't know that for a fact, but let's let's just play the odds, and I'm gonna start with some of the more, recent ones. So, Jamie and or Kirki, the one, Alexandra asked, how do you safeguard against adversarial attacks that mimic normal user behavior over time and misguide the model's understanding of baseline activity? Maybe you can speak to that. So Darktrace starts with this, AI model, that self learning AI just identifying anomalies. The email solution also has a layer of models on top of that that are looking for particular behaviors or threats that we can categorize and use, to identify those sort of threats. A lot of times when a threat actor is trying to mimic normal activity, the first time that they send that email in, it's considered anomalous. Darktrace is able to action on it. If we do see them sending them in over time more and more, we'll still believe they are anomalous. We'll still be able to action on them. The case where it it might affect the learning is if a user reaches out to a suspicious, email address or they start initiating correspondence there. And we're still able to look for those different types of solicitation language, phishing language, anything that's trying to get financial information, reference banking transactions within those emails, even if there is a built up correspondence that that mimics that sense of normal. So we use that layered approach to say, yes. This might be anomalous. That anomaly score can change, but we're also looking for specific behaviors, specific, kind of red flags in emails. Very good. One that just came in, Joseph asked about any recent real world cases. Is there any, like, case studies or examples, where dark trace email has stopped a previously unseen or email borne threat and what lessons came from that? Anything recent you can think of? So I'll I know we have loads of case studies. I'll have to follow-up with some interesting threats that I saw Darktrace able to detect kind of before I heard about this type of threat or I heard of any other solutions detecting it. Of course, we saw the rise of QR codes being used for phishing emails. One of the more interesting things that I saw was Darktrace had the ability to detect a sort of makeshift QR code where there were just a bunch of different black square characters that a threat actor had used to sort of build a QR code within an email out of just characters. No image attachments, nothing like that. And dark trace was able to detect that that sort of condensed, section of characters in the body of the email was anomalous in addition to other anomalies of the email and detect that a threat actor had kind of pieced together a QR code without actually putting an attachment in there. Interesting. I'm gonna jump around a little bit here. Here's one from, why how does Darktrace email incorporate threat intelligent feeds or external attack data into its models, especially for novel zero day phishing campaigns? So Darktrace doesn't incorporate specific external threat intel into, the Darktrace email platform. And the main reason for that is we find that the self learning approach allows us to detect new and novel threats before they have been reported as suspicious or, malicious by an external source. We do have, what we call global intel, global domain intel. And that's intelligence that Darktrace is gathering on these external domains across all of our deployments. So we can put together an understanding of, hey. We may have not seen this particular domain send an email to this user before, but we know across our years of monitoring other deployments that domain dot com typically sends emails that have to do with this topic. They come from this sender IP. They come from this ASN. They are typically validated via both SVF, DKIM, that sort of thing. So we're building our own sort of intelligence that's used, but, majority of the way we are able to detect new and novel threats is through that self learning AI. Excellent. And, again, Jamie, some of these you might have touched on, but I'm I'm gonna go ahead and lob them up. Can dark trace email dynamically quarantine suspicious emails without administrator input, and how is false positive risk managed in high volume environments? Yes. So Darktrace does action autonomously. Once we determine an email is suspicious, we will hold that email from the inbox, and you won't have to have an admin go in and manually take actions there. For any sort of false positive issues, typically, Darktrace continuously learns over time. It doesn't just baseline and then go off of that first week and do its best. It's gonna continually improve its understanding of what it should allow through versus what needs to be kept out over time, learning through the mail flow and user interactions with that mail flow. And we do have really simple ways to kind of tweak and tune the AI as well. So one of those options is what we would call learning exception. We don't typically recommend to fully white list a specific domain or sender because they could become compromised and we don't wanna allow the threat through at that point. So we have, learning exceptions, which allow us to say, hey, this particular instance is normal for this sender As long as this sender doesn't send any sort of suspicious different emails in that would indicate that they become compromised and there's some sort of behavioral deviation, let's allow those emails through from that sender. I typically see most of my customers will create under ten of those learning exceptions in the first sixty to ninety days of a dark trace deployment. That does enough to nudge the AI into the right direction, and we don't really have massive issues with false positives beyond that. Outstanding. Can it operate alongside existing Seg solutions? Absolutely. We typically see it sort of fifty fifty. Half of our customers will take a layered approach where there is an existing, secure email gateway in place, and then dark trace is sitting as sort of the last line of defense for anything that gets through that gateway. We also see Darktrace being the only security in the stack just layered with the native provider like Microsoft or Google Workspace. It really depends on work which works for an organization, but we're we're very pro defense in-depth, So we're happy to be layered. What would first steps look like in in a do you offer a free trial, or how would how would someone get started, engaging in in a and, evaluating dark trace? Yeah. So I think starting point off of this would be to contact Kirk, and and we can get you in touch with your, account executive here at dark trace and your solutions engineer. We do offer a free no shrinks attached thirty day trial of dark trace email where you can see it in your own environment. It will start learning what's normal in your environment, and we'll take you through a similar session, pull out all the interesting examples, and show you what's getting through to your users. Standing. And I think you can I mean, let me just Oh, yeah? Go ahead. Chris, can I can I add one thing to that? You bet. The POV is super important. The POV is the only real way for us to show you guys true value. Right? Your data through our lens, the POV is something that we highly, highly encourage, and it's really not I mean, it's zero financial commitment from any of these companies, but it's actually very little time commitment as well, which is the other thing that, you know, is the resource that a lot of these teams are strapped for is time. A lot of times, you know, we're we're deploying by API, so it's like a, you know, ten, fifteen minute install. All of a sudden, we're passively ingesting data. We we typically let it sit seven to ten days to establish that baseline, and then we have an hour long meeting where we show you, you know, what we've seen and the autonomous action that we hypothetically would have taken, for those emails. So it's really, really eye opening for for organizations to run that email POV. And, you know, Jamie to Jamie's point, first step to that is just, you know, send me an email, and I'll connect you with the right person to to try to get that started. Outstanding. We'll go a few more. I wanna be respectful of everyone's time. I assume a lot of folks have, meetings at the top of the hour. So here's here's a good one, Jamie. I work in an advertising company, and our team sends out a lot of campaign emails often with links and attachments. How does your software distinguish between legitimate marketing content and potential threats without flagging or blocking those campaigns? Yeah. So that's really where the patterns of life come in. So we're not just saying how normal is this particular email or this particular attachment to be sent by everyone in the company or to be received by everybody in the company. We also do that on a group by group and user by user basis. So if there are specific users that typically send out these emails, then Darktrace will learn that as a normal pattern of life. They send out these mass emails. It's not an instance of data loss. It's a normal thing that they do. And then for inbound emails, similarly, if a user is interacting with emails that are typically sent from this particular sender, or about this topic, or from this specific service, then that will be learned as normal over time. If somebody sends in a marketing email that looks like we've never interacted with that domain before, maybe it's not even validated or that specific link looks more suspicious. It's trying to redirect them to a different destination. That's when we can, hold that email or take some of those proportionate actions like rewriting a link, blocking access to that. Gotcha. And I and I think related to that, if it if an email is marked as spam or malicious by mistake by the AI, there's a way to rectify that? Yes. So you can release emails, manually in the Darktrace system. If something is held because it was, mistakenly reported, then you can release those. Darktrace also did quite a bit of testing before we brought out that analysis add in piece that allows users to report emails as suspicious. So if one user reports something as suspicious, it is taken into consideration, and it is something that the AI will learn from. But it's not going to immediately lock list that address. If five users report that email as suspicious, that's taken as a a larger influence that's more evidence that this isn't just a misclick or one person may be reporting a spam email as malicious. This is something that, we need to get closer to, you know, fully blocking that sender. Gotcha. And you talked a little bit about it do during the demo, but what reporting or audit capabilities, are built in? So there is an automated report piece in the dark trace platform. So you can automatically generate a report, over whatever time period you want. If you wanna have a weekly report sent to your team that tells you these are the trends we're seeing your in your environment, the types of malicious that's that are getting through, the actions dark trace is taking on them, and the users that are most targeted. You can have a report sent weekly, quarterly, monthly. You can generate them ad hoc, and it's just a a built in sort of one click option in the platform. And then the system has an open API as well. So we do have customers who have, integrated with different dashboards that they wanna pull data from Darktrace email into those dashboards. Outstanding. Well, a lot of questions still out there. We're not gonna get to all of them, unfortunately, today. I know it looks like Kirk's answered over over twenty twenty different questions as well, so please check to to see if he's was able to do that. Jamie, Kirk, before we kinda wrap up, is there any things that we didn't cover today? Any kind of final thoughts or comments over over the session? I've got a I've got a good question that I that we haven't gotten to. So if if we have time for one more, I wanna Sure. Go for it. This one because it's about it's the answering the the answer is gonna have to do with clustering, and I think it's another important piece of of what we do and how we're using, you know, unsupervised machine learning to to to do this. Zoe asked Jamie. She said, how does the how does the solution adapt to changes in user behavior over time? So there's role changes, promotions, and and temporary access elevation. Can you can you talk a little bit about that and just kinda how we're clustering like, groups of users together? Yeah. The first thing I'd mentioned there is that it is continuously learning. So as users' roles change in the company, as new users get added on, we are continuously updating their behavioral profile to understand what we should expect from them. And then as Kirk was mentioning, we also, cluster users into peer groups. So if a new person joins the accounting team, Darktrace has an accounting cluster that we've clustered all of the existing people on that team together. We understand what their shared patterns of life or their group patterns of life are. And when that new user is added in, they can quickly be identified as, somebody that is mimicking those sort of group patterns of life. And that way, we're not just saying it's new. It's all anomalous. We can compare it to where they fit in the organization and the patterns of life we expect for those groups. Outstanding. Well, thank you, guys. Well, again, we're gonna go ahead and close now. You you will see and we get all of this was recorded, so you should get that, shortly. Couple of days, I think, at the most, you'll receive, a link to this. Also, point your attention to that last slide where there's a QR code. You can visit that URL, below, and that will connect you with our Darktrace and our Innerworks team. You can reach out directly to Kirk for a follow-up, with more about Darktrace. And, again, Innerworks is proud to bring you this. We're thank you so much, Darktrace, for coming in and and talking to everybody. We appreciate everybody making the time. And everyone have a wonderful day. We appreciate you. Thank you. Thank you.