Email Security: Using ML to Prevent Advanced Attacks

Editor’s Note: This blog post was originally found on the Agari Email Security blog.

By Michael Cichon

The statistics are astounding. Email remains the number one threat vector for data breaches, the point of entry for ninety-four percent of breaches. There is an attack every 39 seconds. Over 30% of phishing messages get opened, and 12% of users click on malicious links.

As cybercrime becomes more advanced and bypasses the legacy controls put in place to defend against it, security must become more advanced too. In our last blog post in this series, we discussed how legacy systems simply cannot stop the new wave of identity-based attacks that are hitting inboxes, and how the Agari Secure Email Cloud™ works to protect against them by using machine learning models to dynamically score messages based on identity — not content.

Predictive AI: Central to Advanced Email Security

According to Forbes, Amazon relies heavily on applied machine learning to grow its business, improve its customer experience and selection, and optimize its logistics operations. Netflix saved $1 billion with the use of ML technologies for making personalized recommendations. Facebook is using it to identify 96.8% of prohibited content. Apple, Google, and others use ML to continuously improve voice recognition for services such as Siri and Google Voice Search. And within the security space, companies such as CrowdStrike, ThreatMetrix, and Agari all apply different forms of machine learning to address specific facets of cybersecurity.

The Agari Secure Email Cloud with its continuous detection and response technology, for instance, is specifically designed to recognize zero-day threats that come with no recognizable signature or payload and is delivered through the cloud-based on real-time intelligence from around the globe. And it’s easy to implement with any email infrastructure — on-premises, cloud, or hybrid. Here’s how it works.

Defining ‘Good’ to Prevent Phishing Attacks

By interpolating over two trillion email messages annually to graph relationships and behavioral patterns between individuals, businesses, services, and domains using hundreds of different characteristics, we’re able to establish what we define as trusted or “good” communications and filter out anything that doesn’t match.

By using proven machine learning principles, automation, and expert human decision-making informed by large sets of labeled data, the Agari Identity Graph™ at the heart of the Agari Secure Email Cloud then dynamically scores each message for convergence or divergence from patterns established as legitimate and trusted, and enforces policies established according to a specific business’s needs. This involves making more than 300 million machine learning model updates each day to continuously refine the solution so it can identify, and even anticipate, which emails represent threats.

Like any AI-based approach, the size and quality of the underlying dataset and the domain expertise of the data scientists who guide it determine the solution’s efficacy. Agari data scientists rank among the world’s foremost authorities in BEC, phishing, ATOs and other advanced and emerging email threats, bringing an unprecedented level of experience and insight to leveraging a dynamic, global data set that grows smarter and more effective with each new day.

Using Machine Learning to Protect Organizations

Taken together, this approach effectively transitions the email security paradigm from one that was designed to address isolated events, to one that continuously protects the organization against advanced email threats, as quickly as they emerge.

In the face of rapidly escalating dangers from phishing attacks, BEC scams, and other advanced email threats that may drive as much as 48% of all business losses from Internet-related cybercrime, AI- and ML-based technology and its ability to prevent evolving fraud tactics make it the future of email security, today. In the next part of the series, we’ll dive deep into how we do it.

To learn more about why legacy systems no longer work against identity-based threats, download an exclusive white paper on the Rise of the Secure Email Cloud.

Agari is the Trusted Email Identity Company™, protecting companies and people from phishing and socially-engineered email attacks.

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store