Email Security Blog

Using ML to Stop Latent Email Attacks That Dodge Early Detection

Scot Kennedy July 25, 2019 Email Security

When implemented effectively, real-world deployments of machine learning (ML)-based email security can block business email compromise (BEC) scams, phishing campaigns, and other advanced email threats. But sometimes, it’s what happens when a malicious email is somehow able to evade early detection that can matter most to that effort.

According to recent research, 22.9 phishing attacks are launched every minute—20% of them from hijacked email accounts. As many as 30% of corporate employees will open a phishing email, and 4% will fall for it. The FBI estimates that phishing, BEC scams, and other email attacks cost businesses more than $2.7 billion in 2018, up nearly 100% year-on-year. And as a growing number of organizations move to G Suite, Microsoft Office 365, and other popular cloud platforms, cybercriminals are followed suit. O365 alone now accounts for 36% of all phishing attacks—rising 250% in just the last year.

With an ever-increasing number of new attacks, we’ve reached a point where cybercriminals are using QR codes instead of links to easily bypass security controls. They’re weaponizing legitimate URLs through links that redirect only after the email has been delivered. Some are even using ML themselves, automating social engineering at scale to generate fraudulent emails that mimic the writing style of the email sender being impersonated.

While most email security solutions are designed to catch these malicious emails before they reach user inboxes, no solution can detect and block every single malign email, 100% of the time. But as we’ve discovered, the best deployments of ML-based email security can include a critically important role when these latent email threats are detected post-delivery.

Not Just Any ML Will Do

For those not fully dialed into the subject, machine learning is a subset of artificial intelligence (AI) that’s centered on enabling computer systems to recognize patterns and learn from sets of labeled, sample (or “training”) data in order to make predictive business decisions.

Our approach to leveraging ML to eliminate BEC scams, phishing attacks, and even the most sophisticated zero-day email threats—including those launched from hijacked email accounts is quite unique. Instead of a sole focus on training ML to search for attacks, Secure Email Cloud draws intelligence from more than 2 trillion email messages annually to graph relationships and behavioral patterns between individuals, businesses, services, and domains. By analyzing hundreds of different characteristics, or “features,” it’s able to establish what we define as trusted or “good” communications.

By using proven machine learning techniques, Agari Secure Email dynamically scores each new email message against those trusted patterns, enforcing policies according to each organization’s specific requirements.

Scale is Just the Start of It

As with any ML-based approach, the size and quality of the underlying dataset, and the domain expertise of the data scientists who guide it, determine the solution’s efficacy. One of Agari’s greatest strengths has always been that our domain experts rank among the world’s leading authorities on phishing, BEC, and account takeover (ATO)-based email attacks, bringing an unprecedented level of experience and insight to leveraging a dataset that’s not just Internet scale, but also dynamic.

Through real-time data streaming, intelligence that necessitates model changes are applied not in hourly or daily batched data updates, but rather within milliseconds of detection. Each new customer adds deeper, more relevant insights to this dynamic, global dataset, creating a network multiplier effect that amplifies the effectiveness of Secure Email Cloud on a continuous basis. And that gets to something else we’ve learned over time: It’s not just the size of your high-quality dataset that matters.

Email Attacks: Not Just ‘What,’ But ‘When’

The simple truth is that no email security system can prevent 100% of email attacks, 100% of the time. As I mentioned earlier, even with near 100% efficacy against phishing and BEC attacks, a malicious email will inevitably make it to employee inboxes. To address that challenge, Secure Email Cloud provides continuous detection and response capabilities to hunt down and remediate threats that escaped initial detection or have activated post-delivery.

Thanks to its deep integration with cloud-based email systems, Secure Email Cloud can remove a malicious email from every employee inbox that received it. Not just from that moment forward, but also those that may have arrived before the threat is first identified. It can even alert SOC teams if somebody has already opened the email or gone on to fall for the con.

Secure Email Cloud also provides SOC teams with automated tools that reduce the time it takes to detect and remediate any data breaches that may result from a successful attack from weeks or even months down to mere minutes, saving organizations millions average losses of $7.9 million per incident.

Phishing Intel, Made Instantly Actionable 

While all of this is undeniably cool, in my own opinion, what’s even cooler is the value of the feedback data that these latent email threats provide, and the ability to factor that data into ML model updates within moments of detection. That’s something our teams are in the process of rolling out as part of our continuous efforts to make Secure Email Cloud smarter, faster, and more effective with each new email it analyzes—pre, and post, delivery.

Once fully in place, a latent attack discovered in the inboxes of one Agari customer organization will be known and neutralized across all of them. All while dynamically and continuously improving the catch rate of Agari Phishing Defense™ for identity deception-based email attacks.

The importance of these kinds of capabilities can’t be overstated. According to TechRepublic, more than 3 billion fraudulent emails are sent every 24 hours, and the volume, ferocity, and sophistication of these attacks grow by the day.

Machine learning-based email security can make all the difference in the battle against costly phishing attacks, BEC scams, and other advanced email threats. But that’s only if it’s based on ML best practices, guided by top domain experts, and informed by a very large, high-quality dataset that includes intelligence from trillions of emails—both inbound and post-delivery.

To learn more about how Agari applies the power of machine learning-based email security to prevent phishing attacks, BEC scams and more, download an exclusive white paper.

This is the final part of a four-part series, you can find part one, part two, and part three here. 

Leave a Reply

Your email will not be published. All fields are required.

Agari Blog Image

May 12, 2020 Chuck Holland

Hosted DMARC: Accelerating Protection Against Email-based Brand Jacking Scams

The coronavirus pandemic is shining a spotlight on the importance of hosted Domain-based Message Authentication,…

Agari Blog Image

March 17, 2020 Armen Najarian

Phishing & Business Email Compromise (BEC): How Law Firms Can Protect Against Email Scams

The legal sector is learning some painful lessons about the growing threat phishing and business…

Agari Blog Image

December 17, 2019 Armen Najarian

Email Security Predictions 2020

Spoiler alert: When it comes to email security and the fight against business email compromise…

Agari Blog Image

November 19, 2019 Suela Vahdat

BEC Attacks on the Rise in Europe: 2019 Email Threat Survey

Business email compromise (BEC) scams, phishing campaigns, and other targeted email attacks happen all over…

Agari Blog Image

November 4, 2019 Doug Jones

Microsoft Office 365 + Secure Email Cloud: All You Need in a Cloud-First World

You’ve heard the statistics… more than 70% of all business users will be provisioned with…

mobile image