How It Works

This is the analytical engine behind Shield. An analytical computer system receives electronic messages at the network perimeter—messages sent from outside the organization. For each message, the system maps the sender and recipient as nodes in a relationship network. The historic communications pattern between them becomes a third node. The system then calculates a confidence value based on all three nodes.

Over time, the system builds a comprehensive relationship graph. It can create these nodes and edges during initial installation using historical data, or build them incrementally as new messages flow through. The result is a continuously evolving map of communication relationships with quantified trust levels.

What Makes It Different

• Relationship network analysis: models communication as a graph of vertices and edges, where each relationship carries a calculated confidence value.
• Three-node confidence model: evaluates the sender, recipient, and their historic communication pattern together, not in isolation.
• Perimeter-level processing: analyzes messages as they enter the network, before they reach the recipient.
• Historical and real-time: can bootstrap from existing email data and continuously refine confidence scores as new patterns emerge.
• Multiple analytical systems: supports distributed analytical computer systems working together for enterprise-scale deployment.

Why It Matters

Traditional email security evaluates each message in isolation—checking for known bad links, malware signatures, or spam patterns. This is a fundamentally different approach: building a relationship network that quantifies trust between senders and recipients based on their communication history. When something doesn’t fit the established pattern, the confidence scoring surfaces it.

It’s the analytical foundation that gives Shield its ability to detect threats that signature-based systems miss entirely.