INKY Email Security
SALES & TECHNICAL GUIDE — NTG INTERNAL
INKY
GenAI-powered behavioral email security that blocks phishing, BEC, spoofing, and AI-generated attacks — including threats M365 Defender and DMARC cannot stop. NTG's primary email security platform since early 2026.
INKY Technology
NTG stack context: INKY replaced Graphus in early 2026 as NTG's primary email security platform. It's the closest match to Perception Point in detection capability. INKY covers inbound, outbound, and internal email. It works alongside M365 Defender — not instead of it.
Why email security matters — by the numbers
30%
of all reported cybercrimes are phishing attacks
$2.9B
lost to BEC in 2024 alone (FBI IC3)
$137K
average loss per BEC incident
<1 hr/mo
to manage 1,000 mailboxes with INKY
What INKY does
GenAI Detection
Understands the true intent behind an email — not just its format. Catches AI-generated phishing, zero-day attacks, and novel threats that signature-based tools miss.
Inline email banners
Suspicious emails get interactive warning banners inside the email itself — visible on any device or client. Users are coached in real time before they act.
BEC & spoofing detection
Tracks sender relationships and flags display name spoofing, domain lookalikes, and account takeover — including attacks from legitimate external domains DMARC can't touch.
Inbound + outbound + internal
Most tools only filter inbound. INKY also monitors outbound and internal email — catching compromised accounts sending malicious content from inside the org.
Security awareness training
Short one-minute video lessons with real-world scenarios built into the platform. Banner reports drive targeted training feedback automatically.
DMARC monitoring
Built-in DMARC monitoring with domain usage visibility, deliverability insights, and reporting. No separate tool needed.
Best-fit clients
Strong fit
- Any client on M365 or Google Workspace
- Law firms (BEC and client impersonation risk)
- Financial services (wire fraud, invoice manipulation)
- Healthcare with PHI in email
- Executives with high impersonation risk (CEO fraud)
- Finance and AP teams who approve payments by email
- Any client who has clicked a phishing link before
Decent fit
- Any SMB with 10+ email users
- Clients relying solely on M365 Defender
- Organizations with frequent external vendor communication
- Clients processing invoices or wire transfers by email
- New client onboarding — set the security baseline early
Sales pitch
TALKING POINTS — HOW TO OPEN AND ADVANCE THE CONVERSATION
Lead with the problem, not the product. Most clients don't know what INKY is. They do understand $137,000 in losses. Start with the threat landscape, then position INKY as the solution.
Conversation openers by client type
Law firm / financial
"The average BEC attack costs $137,000. Law firms and financial services are top targets — attackers impersonate partners, executives, and clients to get wire transfers approved or confidential data sent. Your email filter catches obvious spam. INKY catches the convincing ones."
General SMB
"Phishing is the #1 way businesses get breached — 30% of all cybercrimes start with a phishing email. Most look completely legitimate. Microsoft's filters catch the obvious ones. INKY catches the ones that get through and warns your staff before they click."
Core talking points
DMARC is not enough — and most clients think it is
DMARC verifies domain authenticity. But attackers don't spoof domains anymore — they spoof display names from legitimate Gmail or Yahoo accounts. "CEO Johnson" with an unrelated email address passes DMARC and Defender. INKY tracks who normally emails your staff and flags anything that breaks that pattern.
M365 Defender catches known threats — INKY catches unknown ones
Defender is signature-based — excellent at known threats. INKY uses behavioral AI and GenAI Detection to understand intent, catching zero-day attacks, AI-generated phishing, and novel social engineering Defender has never seen. They work at different layers and together provide better coverage than either alone.
The banner changes behavior in real time
When INKY flags a suspicious email, it injects a visual warning banner directly inside the email — explaining why it's flagged and what to do. The user sees it before they act. Every flagged email becomes a teachable moment that happens automatically, with no separate training program required.
It covers attack vectors Defender ignores
INKY monitors inbound, outbound, and internal email. If an employee's account is compromised and starts sending phishing internally, Defender won't catch it — INKY will. It also catches QR code phishing, AI-generated emails, and attacks using legitimate platforms like Adobe or Constant Contact as intermediaries.
Deployment is faster than any competitor
30 minutes for initial installation. 15 minutes to onboard a new client. Less than 1 hour per month to manage 1,000 mailboxes. No heavy configuration, no disruption to mail flow.
Built for MSPs, not retrofitted
Multi-tenant dashboard, centralized reporting across all clients, per-client configuration — all from one place. INKY was built from the ground up for MSP delivery, not adapted from an enterprise product.
Objection handling
COMMON PUSHBACK AND HOW TO RESPOND
"We already have M365 — doesn't that include email security?"
M365 Defender is signature-based and excellent at known threats. INKY adds behavioral AI and GenAI intent detection that catches zero-day phishing, AI-generated attacks, and display name spoofing from legitimate domains — things Defender has never seen and can't catch. Most enterprise environments run both for exactly this reason. INKY and Defender complement each other; they don't overlap.
"We have DMARC set up."
DMARC is essential and you should absolutely have it — but it only stops exact domain spoofing. It has zero ability to detect display name spoofing from a legitimate third-party domain. An attacker sending from a real Gmail account with your CEO's display name passes DMARC every time. That's where most BEC attacks live today. INKY's relationship tracking and behavioral analysis catches exactly that scenario. DMARC and INKY solve completely different problems.
"Our people know not to click on phishing emails."
The attacks that succeed don't look like phishing — they look exactly like a DocuSign notification, a Microsoft security alert, a QuickBooks invoice, or a message from the CEO. Sophisticated, perfectly written, from a legitimate domain. Even security-aware staff get caught. INKY's inline banners give people a second chance — a visible warning inside the email itself before they act.
"We've never had an email compromise."
Most companies don't know they've been compromised until after the money moved or the data was exfiltrated. Phishing accounts for 30% of all cybercrimes. The question isn't whether clients will be targeted — it's whether you'll catch it when they are. Absence of a known incident isn't protection; it's a gap in visibility.
"We tried another email security tool and it created too many false positives."
That's the exact problem INKY was built to solve. Behavioral AI and sender relationship tracking means INKY learns what legitimate email looks like for each organization — dramatically reducing false positives compared to rule-based tools. The graymail filter also keeps low-risk clutter out of the security queue so your team isn't chasing noise.
"How long does it take to deploy?"
30 minutes for initial installation. 15 minutes per new client onboarding. Less than 1 hour per month to manage 1,000 mailboxes ongoing. One of the fastest deployments in the category — no mail flow disruption, no long configuration period.
"What's the difference from Graphus?"
Graphus was bundled with our stack but had detection limitations — particularly around advanced phishing and BEC. INKY offers GenAI-powered intent detection, inbound/outbound/internal coverage, and detection depth comparable to what Perception Point delivered. The switch was driven by capability, not cost.
"Can't I just train my employees instead?"
Training is essential — and INKY actually includes it with short video lessons built into the platform. But training alone isn't sufficient. Even well-trained staff get caught by sophisticated attacks. INKY's inline banners reinforce training in real time on every suspicious email — far more effective than an annual awareness course. Technology and human awareness work together.
Threat landscape
WHAT INKY IS PROTECTING AGAINST — USE THIS TO BUILD URGENCY IN CLIENT CONVERSATIONS
Source: INKY 2024–2025 Email Security Annual Report. These are current, real attack trends — not hypotheticals. Use these numbers and attack descriptions to make the risk concrete for clients.
By the numbers
30%
of all reported cybercrimes are phishing
$2.9B
lost to BEC in 2024 (FBI IC3)
$137K
average loss per BEC incident
Every industry
BEC victims span all sectors — no business is exempt
Current and emerging attack types
HIGH VOLUME
Business Email Compromise
Attacker impersonates an executive, vendor, or client to request wire transfers or sensitive data. No malware — just a convincing email. $137K average loss per incident.
HIGH VOLUME
Display name spoofing
Real Gmail or Yahoo account with a spoofed display name. DMARC passes. Defender passes. INKY flags the sender/display name mismatch against known communication patterns.
GROWING
AI-generated phishing
GenAI writes flawless, contextually aware phishing with no typos or awkward phrasing. Eliminates traditional tells. INKY's GenAI Detection analyzes intent, not format.
GROWING
QR code phishing
Phishing link embedded in a QR code image — bypasses most URL scanners. First seen 2023, grew significantly in 2024. INKY decodes QR codes and evaluates destinations.
GROWING
Legitimate platform abuse
Phishing sent via real Adobe, Constant Contact, or DocuSign accounts — passes all authentication checks because it genuinely comes from those platforms. INKY evaluates content and intent, not just sender auth.
EMERGING
Conversation hijacking
Attacker inserts themselves mid-thread, responding as a legitimate participant to redirect payments or extract information from an ongoing email conversation.
EMERGING
Cross-site scripting via email
Malicious redirect scripts injected into URL-encoded links — appearing as normal links but routing through attacker-controlled pages after the initial click.
STANDARD
Newly registered domains
Fresh domains with no bad reputation — bypassing reputation-based filters. INKY flags communication from domains with no established relationship with the target org.
Technical reference
FOR TECHNICAL CONVERSATIONS AND ONBOARDING
Deployment facts
30 min
Initial installation time
15 min
Per new client onboarding
<1 hr/mo
To manage 1,000 mailboxes
Any client
Works on any device or email client
Detection layers
Behavioral AI
Learns normal email patterns — who emails whom, from what domains, with what content patterns. Flags deviations from established norms for each org.
GenAI Detection
Analyzes true intent behind an email. Catches AI-generated phishing and zero-day attacks by understanding meaning, even when the email is perfectly written.
Computer vision
Scans email visuals — logos, layout, branding — for signs of spoofing. Detects fake Microsoft, DocuSign, and other brand impersonation that looks legitimate to humans.
Link & QR analysis
Follows URLs through all redirects to their final destination. Decodes and evaluates QR code targets. Flags newly registered domains regardless of content.
Graymail filtering
Separates low-risk clutter from security threats — reducing false positive noise so techs and users focus on what actually matters.
DMARC monitoring
Built-in DMARC reporting with domain usage visibility and deliverability insights. No separate DMARC management tool needed.
Coverage scope
INKY covers inbound, outbound, and internal email — a key differentiator. Most tools only filter inbound. INKY also monitors what's going out (data leakage, compromised accounts sending malware) and what flows between employees internally (insider threat / compromised account detection).
Integration notes
M365 integration
Integrates via API — no MX record changes required. Works alongside M365 Defender without conflict. Can be deployed without changing client mail flow configuration.
Google Workspace
Full support for Google Workspace with the same detection capabilities and management interface as M365 deployments.
MSP multi-tenancy
Single dashboard across all client tenants. Per-client policy config, centralized reporting, alert management — no jumping between environments.
End-user experience
Works on any device and any email client — Outlook desktop, Outlook web, mobile apps, third-party clients. The inline warning banner renders regardless of how the user reads email.
INKY vs. the alternatives
HOW TO POSITION INKY AGAINST WHAT CLIENTS ALREADY HAVE
Frame it as layered security, not replacement. Never tell a client to remove M365 Defender or abandon DMARC. Position INKY as the layer that catches what everything else misses — accurate, and a much easier sell.
INKY vs. M365 Defender
What Defender does well
Catches known threats in Microsoft's database. Solid baseline protection included with M365. Good at bulk spam and known malware links. Every M365 client already has it — no reason to remove it.
Where Defender falls short
Signature-based — can't catch threats it hasn't seen before. No detection of display name spoofing from legitimate external domains. No outbound or internal coverage. No inline user coaching. Can't decode QR codes or detect AI-generated content.
What INKY adds on top
Behavioral AI and GenAI intent detection for zero-day threats. Display name spoofing and BEC detection. Inbound + outbound + internal coverage. Real-time inline banners that coach users. QR code scanning. Legitimate platform abuse detection.
INKY vs. DMARC alone
What DMARC does
Verifies email from your domain actually came from your domain. Prevents exact domain spoofing. Essential infrastructure — every client should have it configured.
What DMARC can't do
Zero ability to stop display name attacks from legitimate third-party domains. An attacker sending from a real Gmail account with a spoofed display name passes DMARC with flying colors. INKY's relationship tracking catches exactly this scenario. They solve different problems — DMARC and INKY should coexist.
INKY vs. Graphus (previous NTG stack)
Why NTG moved to INKY
Graphus was bundled with the Kaseya stack but had detection limitations around advanced phishing and BEC scenarios. INKY offers GenAI-powered intent detection, three-directional email coverage, and detection depth closer to what Perception Point delivered. The upgrade was driven by capability.
When clients ask about the switch
"We upgraded our email security platform to one with stronger AI-based detection, specifically because the threat landscape has evolved — AI-generated phishing and QR code attacks require a different class of detection than what older tools were built for."
INKY vs. Perception Point
Similar capability tier
INKY and Perception Point operate at a similar detection capability level — both use AI-based behavioral analysis rather than pure signature matching. INKY is the right platform for this tier of protection within NTG's current stack. The transition from Perception Point reflects vendor and bundle decisions, not a capability downgrade.