Cybersecurity vs. Phishing with an ML Helping Hand: IRONSCALES

25 February 2022

Photo by Annie Spratt on Unsplash

The cybersecurity landscape has changed significantly over the 30 or so years that businesses woke up to the potential of the internet as a medium for communication, marketing, and commerce. Most recently, ransomware has highlighted the extent to which cyber gangs are organized and funded: coding payloads, hacking, phishing, extortion, and cryptography are now all effectively industrialized by bad actors. The methods with which organizations protect themselves have altered too, with gateway and perimeter-focused protection combined with client-based anti-malware agents becoming less relevant.

Throughout recent decades, it’s always the people element that has remained unchanged — human frailties and weaknesses have always been, and remain, the easiest target for bad actors. With astronomical profits from successful phishing campaigns, hackers’ methods are becoming more clever and less difficult to detect. Impersonating identities known to individual victims in emails and other communication channels is sophisticated, duping thousands every day into wrongly transferring funds, giving away secrets, and downloading malicious binaries.

People can be taught, of course, what to look out for and how to practice good cyber hygiene. But invariably, people make mistakes when distracted, under pressure, or caught unaware, and seasoned cybersecurity personnel are no exception. The honest cybersec industry professional will admit to having clicked a rogue link or two or confirm that they too have been duped by a text message purporting to be from their boss — perhaps just for a minute or two, but taken in, nevertheless.

The first course of action in responding to people-based vulnerabilities must be email: it’s the primary source of phishing messages, many thousands of which are received every day by companies worldwide. For most cybersecurity professionals and every first- and second-line support officer, email phishing attacks are the core focus, the (poisoned) bread and butter of daily activities. And unfortunately, it’s a reactive role rather than a proactive one.

Eyal Benishti

Specialist email anti-phishing professional Eyal Benishti, the CEO of IRONSCALES, spoke to us recently about the current state of play in the never-ending skirmishes between bad actors and organizations trying to go about their daily business. We talked firstly about the basic preventative measures on which many continue to rely on: gateway and client-based software agents. “Prevention is not enough. You can’t just put something in front of something and just hope that it will stop. The concept [behind IRONSCALES] was that […] something malicious will make it to the mailbox. It doesn’t mean that it’s game over yet. We have some time to do automated detection and response, which means we can [still] be fast enough.”

The attitude of some cybersecurity vendors — it tends to be the larger players — is that by deploying solution “X,” organizations get the best possible protection. IRONSCALES’ approach is refreshing in that as part of the ethos, there’s an acceptance that one day, somehow, threats will still circumvent filter-based protections. It’s here that the company’s twin focus on AI-powered email protection software and user education comes into its own. Eyal said:

“At the end of the day, once [bad actors] find a way to bypass the filters like gateways, it’s up to the user to decide whether he or she wants to interact with the email or not. So, this fundamental basic understanding that the technical controls will never ever be enough made us realize that we really need to not totally shift the focus, but […] add the human element or the human control into the mix to make sure that we have the best of both worlds.”

The IRONSCALES email protection solution’s learning brain is notably much more powerful than the traditional perimeter and signature-based protective measures many use. It’s designed to learn from the interactions humans have with their email. The machine learning algorithms, Benishti said, are “constantly understanding context, understanding intent, understanding that even if there is no specific signature to stop this [suspect] email, because phishing is social engineering, a human and machine problem, we need a human and machine solution in order to tackle it in a much better way.” The solution learns to behave more sensibly than the user, plus, when the rogue email slips through despite all this, the human operator will (hopefully) have absorbed some of IRONSCALES’ learning programs it provides with every solution.

Bad actors are motivated by one thing (money) and rely on one thing: “Trust! It means they will send you an email from someone or something that you would normally trust. Now if I want to protect you against what you consider to be a trusted sender, first I need to know who you consider as a trusted sender. Which means I need to be in your mailbox. I need to analyze your communication habits, who you are receiving emails from, which you’re replying to, what do you delete? So, I really need to take [many] more data points into consideration in order to understand you.”

The IRONSCALES solution is deployed in a few clicks, acting alongside existing cybersecurity measures and the comms stack. It builds its own learning materials from users’ interactions with their email platforms, discovering and refining behavior patterns and cross-correlating them with incoming mail and messages. At scale, the platform starts work very quickly, increasing its vigilance and detailed expertise on behalf of every user in the organization — not just the high-level executives who are the most valued targets among phishing gangs.

Of course, claims of AI capability are table stakes for today’s marketers, and they’re usually untrue. Does that worry Eyal, we asked? “People are right to be skeptical about the use of these kind of buzzwords of AI and ML specifically. It’s a tool, […] it’s not a solution. You can’t just throw ML a problem and say hey, problem solved because our AI is taking care of it!” In cybersecurity, where CISOs know their subject, claims of ML are less specious than in other areas.

Nevertheless, AI in cybersecurity tends to be, Eyal told us, quite mundane in the value in the outcomes it brings. “If you look at the use case of how ML is helping to combat malware, you will realize that at the end of the day, what they’re doing is just creating [malware] signatures much faster. OK, they can consume a lot of data and create new signatures, but they will always always be one step behind. There will always be this new pattern that they’ve never seen, and again they can’t go and and flag all the unknowns as malware.”

With cybersecurity personnel essentially snowed under by the need for reactive protection of the targeted workforce, a real helping hand from ML that learns from daily operations is a huge boon. Quickly deployed, smart, and getting smarter, the IRONSCALES protective platform can let your security teams begin to see some glimmers of light among their packed schedules, right from day one. To learn more about IRONSCALES email protection (and the company’s plans to expand to encompass messaging platforms, too — watch this space), sign up for the demo today.