Interview: Tony Pepper, CEO, Egress on the Acquisition of NCSC Cyber Accelerator Company Aquilai

Cybersecurity firm Egress has today announced the acquisition of Aquilai, an early stage company focused on anti-phishing technology. The move is of great interest for several reasons, one of which is the continued growth and development of the human layer email and data security software provider Egress amid the COVID-19 pandemic. Another is the further illustration of the impact of the National Cyber Security Centre (NCSC)’s Cyber Accelerator program, of which Aquilai is a product. Launched in 2017, this initiative supports the growth of startup cyber-companies that aim to bring new better, faster and cheaper security products to market, and find and develop startups that can make the UK the safest place to live and work online.

As part of the deal, Aquilai’s CTO Jack Chapman will join Egress as VP of Threat Intelligence, with the Aquilai Ajax brand retired from 1 June 2021. To find out more about this deal and its broader significance to the cybersecurity industry, Infosecurity caught up with Egress CEO Tony Pepper.

Rising Email Threats

Pepper firstly highlighted how the acquisition was borne out of the increasingly dangerous threat landscape, exacerbated during the COVID-19 pandemic. Over the past five years or so, Egress has been primarily focused on the risks posed by outbound email content within organizations. Pepper noted that this type of threat has increased since the shift to remote working. This increase is partly due to more people sharing digital content online and the additional stresses that many employees have experienced over the past year or so. “We’ve seen a real increase in people being distracted, working longer hours and being significantly more stressed and tired at home, and therefore making more genuine mistakes,” he explained.

In addition, inbound threats have ramped up significantly during this time, particularly in the form of phishing attacks. As well as the volume of these types of attacks going up, many malicious actors have become markedly more sophisticated in the techniques they use. Pepper said: “Attackers are using social engineering to understand much more about individual employees and armed with that knowledge, they’re able to focus their attacks.”

As such, Pepper revealed that customer feedback demonstrated the urgent need for a single platform to tackle both inbound and outbound email threats. This is where machine learning and natural language processing technology developed by Aquilai comes into play, viewed by Egress as a “logical extension” of its current platform. “We just felt there was a real opportunity to enhance that inbound protection,” he added.

Emanating from the deal is the launch of Egress Defend, which incorporates Aquilai’s anti-phishing technologies to detect and mitigate all types of phishing attacks coming into an organization, including those that are especially sophisticated and targeted. Essentially, it looks at every incoming email as untrusted, and “reverse engineers” them, analyzing each one in the manner a cybersecurity analyst would. “It then rebuilds that mail before delivering it back into the business,” commented Pepper. Sitting alongside the other components of Egress’ email intelligence security platform – Egress Prevent, Egress Protect and Egress Respond – Egress Defend also includes traffic light warnings and insight summaries to help educate users about the threats they face.

Role of Startups in Cyber

The announcement has also further emphasized the key role that startup companies play, and will continue to play, in the cybersecurity sector. According to Pepper, specialized and innovative approaches will be crucial in combatting the growing sophistication of attack techniques. “The advantage early-stage businesses have is they look at a problem in a completely new way,” he outlined. This type of impact is precisely what the NCSC’s Cyber Accelerator program aims to have. It does so by nurturing those startup companies that are tackling the types of threats that are especially damaging to the UK as a whole, and ultimately putting them in a position where their solutions are relevant to the broader ecosystem. Pepper said: “It’s the perfect complement to take this best in breed technology, which has been well tested over the last three to four years with the NCSC, into our business onto a much wider platform to solve more problems at scale.”

He added that it would have taken Egress 18 months to two years to build such a platform alone. “To be able to fast-track that by bringing that technology into our business allows us to solve the problems customers have today in a much faster way.”

Future Plans

While Egress is focusing on eliminating threats posed by emails, Pepper expects that in the future the company will branch out into other forms of digital communication which have become more relevant as result of the shift to hybrid working models. “Email is just one of a series of mechanisms through which we can communicate, but Teams or Slack are others and so are file sharing tools,” he commented. “Our long-term view is to secure all channels of communication with a capability to be an intelligence layer that integrates into the Microsoft ecosystem and offers threat intelligence on inbound and outbound communication.”

What’s Hot on Infosecurity Magazine?