The 4 Fundamentals of AI-Based Email Security

Editor’s Note: This blog post was originally found on the Agari Email Security Blog.

By Siobhan McNamara

Predictive, AI-based email security is proving to be remarkably effective at protecting against today’s most advanced business email compromise (BEC) scams, phishing attacks, and other rapidly evolving email threats. But only when it’s done right.

According to the FBI, targeted email attacks doubled last year, leading to $1.2 billion in business losses. Nearly 30% of all email attacks are launched from a highjacked email account belonging to a trusted employee or outside partner or supplier, including 1.5 million sent from pirated Office 365 accounts on a monthly basis. More than 90% of all businesses have been hit in just the last 12 months.

In the face of this unrelenting assault, signature-based email security, whitelisting, and even modern, cloud-native security controls are hopelessly outgunned on their own. From never-before-seen, zero-day events, to dynamically-generated malware variants that defy detection, attacks grow evermore inventive and dangerous by the nanosecond.

Even so, today’s most devastating attacks employ simple, plain-text email messages that rely on sophisticated social engineering tactics designed to push emotional buttons in order to manipulate recipients into divulging login credentials or making wire transfers. The average price tag of a successful attack now tops $2 million. When it results in a data breach, you’re talking an average $7.9 million and up.

The revolution in artificial intelligence (AI), and more specifically, machine learning (ML), can change all this. But to understand how, it’s important to get past the hype.

Not All ML is Created Equal

In parts one and two of this series, we looked at how Agari Secure Email Cloud leverages machine learning to prevent even the most ingenious zero-day attacks using real-time intelligence from around the globe. In actual deployments, Agari Secure Email Cloud functions with 99.9% efficacy against all BEC and phishing attacks, including those launched from hijacked email accounts. Over time, we’ve learned that there are four fundamental requirements for achieving this level of performance.

#1: A Focus on the ‘Good’ to Expose the ‘Bad’

The premise behind our approach is simple. We train our models to identify good and normal characteristics of emails, by defining the normal for both behavioral and infrastructural components. If something deviates from this normal, we interpret it as malicious, allowing us to focus only on the very small set of data that is considered bad. Instead of looking for a needle in a haystack, the Agari Secure Email Cloud removes the hay to reveal the needle.

#2: Globally Scaled, Dynamic Datasets

In order to continuously refine the solution’s capabilities, more than 300 features are updated each day enabling our variety of machine learning models to learn continuously. Through real-time data streaming, intelligence that necessitates model changes is applied not in daily or even hourly batched data updates, but rather within microseconds of detection. Each new customer adds deeper, more relevant insights to this dynamic, global dataset, creating a network multiplier effect that makes the Agari products smarter and more effective with each new email.

#3: Expertise from the Masters of Their Domains

We can then start to add heuristics, or rules, to kickstart defenses with this baseline knowledge. As that starts generating labeled data from the field, we’re able to train machine learning algorithms to generalize away from our expert-derived classifications. In time, ML algorithms begin to recognize patterns that even the most eagle-eyed domain expert may not perceive — including the rise of new permutations of the original attack — before formulating rules that can defeat them.

#4: Seamless Integration with Cloud Platforms

To counter these trends, the Agari Secure Email Cloud seamlessly integrates with O365 to block malicious emails that make it through platform-native security controls. With full visibility into employee webmail, Agari uses continuous detection and response technologies to automatically detect and remove any attacks that do make it to employee inboxes. In the next part of this series, we’ll look closer at these capabilities, and how they can help reduce the time it takes to discover and remediate breaches from an average three months to just minutes.

Prediction: Success

To learn more about how Agari applies the power of machine learning-based AI to prevent phishing attacks, BEC scams and more, download an exclusive white paper.

Agari is the Trusted Email Identity Company™, protecting companies and people from phishing and socially-engineered email attacks.

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store