The 4 Fundamentals of AI-Based Email Security

Not All ML is Created Equal

Put simply, machine learning (ML) is a branch of AI that’s focused on recognizing patterns and learning from sets of labeled data in order to make predictive business decisions. In the email security space, ML is helping to shift the prevailing defense paradigm from a reactive posture focused on chasing down known threats in an endless game of whack-a-mole, to a proactive approach that recognizes and even anticipates novel attack modalities as quickly as they emerge. Unfortunately, excessive vendor hype and sensational press coverage are undercutting progress by creating unrealistic expectations and obscuring what is required to harness ML’s full potential.

#1: A Focus on the ‘Good’ to Expose the ‘Bad’

Instead of focusing solely on training ML to recognize malicious email in hopes of ferreting out each new attack modality, a far more powerful approach is to model legitimate, “good” email traffic. After all, the behavior of legitimate users can be quite predictable — it only deviates from normative patterns when an account is hijacked or impersonated.

#2: Globally Scaled, Dynamic Datasets

This kind of approach requires a massive dataset — and the bigger, the better. The Agari Secure Email Cloud interpolates trillions of emails annually to graph relationships and behavioral patterns between individuals, organizations, domains, infrastructures, and locations, spanning hundreds of raw feature values to define good, trusted email communications at a global scale. It then dynamically scores each new email message against a divergent set of behavioral models, enforcing policies according to a specific business’s needs. But as important as it is, this kind of scale is not enough on its own.

#3: Expertise from the Masters of Their Domains

Beyond the size and quality of its dataset, the efficacy of any AI-based approach is predicated on the expertise of the scientists that train it. One of Agari’s greatest strengths has always been that our domain experts rank among the world’s leading authorities on phishing, BEC, and account takeover-based email attacks. In instances where there may not yet be enough labeled data to combat a new attack modality, our human experts can identify the underlying mechanisms behind the scam.

#4: Seamless Integration with Cloud Platforms

As a growing number of organizations move to Microsoft Office 365, G Suite, and other popular cloud platforms, they face increasing risks from advanced email threats. Office 365 alone now accounts for 36% of all phishing attacks — rising 250%in the last year. According to Forbes, 29% of organizations report their O365 email accounts were compromised just within the month of March this year, amplifying their vulnerability to phishing and BEC attacks launched from trusted, internal accounts.

Prediction: Success

Make no mistake. Despite widespread hoopla surrounding this subject, predictive, AI-based email security is playing a very real, and a very important role in helping thousands of industry-leading companies detect, protect against, and respond to BEC scams, phishing attacks, and other metastasizing email threats. For organizations looking to do the same, the four fundamentals described in this post represent key considerations that can help them do it right.



Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store


Agari is the Trusted Email Identity Company™, protecting companies and people from phishing and socially-engineered email attacks.