Email attacks against the enterprise are now more sophisticated than they ever have been in the past. Threats such as phishing and business email compromise can be highly targeted, putting businesses at risk of compromise. Phishing attacks are now the number one cause of data breach against the enterprise.
Phishing is successful because it exploits the weaknesses found in email security technologies. Email systems have robust technologies in place to stop spam and malware attacks, but phishing is able to slip through the gaps, leaving many organizations vulnerable. To tackle these phishing threats, a new generation of email security has emerged, which utilizes machine learning and artificial intelligence to identify and block phishing attacks against the enterprise.
At RSAC 2020, Expert Insights met with Adrien Gendre, co-founder and Chief Solutions Architect at Vade Secure, an innovative post-delivery phishing protection platform. Vade Secure recently entered a financing agreement with General Catalyst, with the former CEO of Datto joining their board. Vade Secure’s customers include internet service providers who use their technologies to protect consumer mailboxes, and the SMB market, including local governments and managed service providers.
How Have Email Threats Changed?
Email threats are becoming more sophisticated and harder to stop. “We’re seeing now more threats like phishing and spear-phishing,” Gendre says. These threats can be complex, but highly cost effective for attackers, Gendre says.
Phishing and spear phishing attacks are particularly difficult for email technologies to stop. “Phishing emails are unique threats, which is a challenge.” Gendre says. “Spam emails always follow the same template and are often from domains that can be very quickly classified as malicious. Phishing attacks on the other hand, do not follow these patterns.”
“These attacks are highly dynamic. When 1000 phishing emails are sent, it’s could be 1000 unique emails,” Gendre explains. “They may all look the same, but they will be using random code, or some visual differences that we cannot perceive from the human eye.”
“So, instead of scanning just the code of the email, we need to scan the rendering of the email, and scan the URLs contained in the email in real time. With computer vision, we also have the ability to detect malicious content, even when attackers have been able to distort the rendering.”
These threats are consistent across all industries and verticals, and especially prevalent in the SMB market, including government agencies. Increasingly, managed service providers, who manage the IT services of many other organizations, are being affected by these attacks, as compromising these companies can give attackers access to multiple other organizations.
Phishing Attacks and Office 365
Office 365 has become the dominant email platform for businesses, and phishing attacks have become a particularly acute problem for O365 users. “Microsoft is now brand number one for phishing,” Gendre says. “They’re now head to head with PayPal, when only a few years ago they were behind.”
PayPal is very lucrative for phishing, because if attackers are successful, they have access to real money in people’s wallets. However, there is of course no money held in Microsoft accounts. This begs the question, why are these accounts so valuable?
“Microsoft accounts are important entry points to the rest of the company. From these accounts you can jump to a lot of other areas under O365 with single sign-on and compromise a lot of other accounts.” Gendre says.
How Is Machine Learning and Artificial Intelligence Helping Organizations to Stop Phishing Attacks?
Email security is not a new concept by any means, but it has undergone some big changes over the last few years. As organizations have increasingly moved to the cloud, email security technologies have followed. Many email gateways are now run fully in the cloud. Gateways sit in front of your email environment, directing emails through their services in order to filter and stop any malicious content.
Post-delivery email security platforms like Vade Secure work differently. Rather than filtering email before they enter your email networks, these solutions sit inside the email inbox, and use artificial intelligence to identify and remove malicious email. For the user, the effect is the same, malicious email content is stopped before it can be opened. But Gendre argues this process is much more effective at stopping sophisticated email attacks like phishing.
“We have a behavioral approach,” Gendre says. “When we use machine learning, we want to detect malicious behavior.” Traditional solutions rely on categorizing known and unknown threats using anti-virus scanning engines. But these make it difficult to stop attacks that don’t contain any malware or malicious URLs. Using machine learning allows security technologies to recognize patterns in attacks, without relying on basic classification.
The Future of Email Security
Gendre sees this machine learning and artificial intelligence powered email security as being a crucial component in the future of email security.
“For sure AI is going to be an important part of multi-layered email security going forward,” Gendre says. “Machine learning is effective, but a combination of different security tools will be the best way for organizations to stay secure.”
Organizations looking for strong email security need to look for a solution that brings a lot of technologies together for a multi-layered approach, Gendre says. This will help to ensure they are protected from the sophisticated email attacks that are threatening businesses today.
Considering Which Email Security is Best for Your Organization?
If your organization has recently moved, or is considering moving to Office 365, and you’re weighing up your email security options, Gendre’s advice is to consider the technological approach of each solution.
“The threats have evolved,” Gendre says. “They are highly dynamic, and so fingerprint and reputation-based technologies are not as effective anymore. So, consider the market approach and the technological approach of the vendors you are looking at.”
“Secondly, look at vendors that work as an additional layer to Office 365. Office 365 has inbuilt security, and as a security engineer you want to have multiple layers. Microsoft is not perfect, so you stack up the layers.”
“Spear-phishing is a hugely challenging attack, and nobody can detect spear-phishing 100% of time. Some vendors may say they do, but it’s not true! So, you have to get out of the binary good vs bad approach and move to more of a behavioral approach. Having those elements in the product is very important.”