Role of AI and ML Tools in Email Protection

Role of AI and ML Tools in Email Protection

With increasing adoption of the cloud, email security is also seeing a new challenge- a major shift to the rise of the abuse of legitimate cloud services to send malicious emails, or the use of cloud service to send email with malicious payload that’s hosted at a cloud service. It has changed the way that we look at email security and think about its solutions, say Mike Jones, Head of Products and Digital Risk Protection, and Cary Hudgins, the MD for Email Security and Digital Risk Protection at Fortra.

ITSW: How has the cloud impacted the evolution of cybersecurity measures across the board?

Cary:  One of the things I often see is when a company moves to the cloud, and they assume all risk is reduced. Going to the cloud comes on a lot of levels. There are new challenges that are presented.

Cloud helps to scale, so as a customer, the cloud can help reduce operational cost over time. From the security perspective the cloud can help with protecting the underlying infrastructure. But there are some challenges that exist and will continue to exist. One of them is risk to email, which is not going to go away, even if you move to the cloud.

In fact, new challenges will emerge when you move to the cloud that your company needs to be aware of. They need to deal with them and need more abilities to do that. They need better access controls because your data is more readily available in the cloud.

You need different skill sets for these and the company needs to be aware of these new challenges that they might have to take on.

Mike Jones:  I think the vision of the cloud to reduce operational and management overhead, like saving costs, or freeing up resources for higher value operations, has largely come true for most organizations. And another impact is the barrier to entry for new and innovative solutions in cybersecurity, is lower with cloud computing.

You see a very robust cybersecurity vendor market out there driving competition and innovation. But there are definitely some new challenges. One thing that we see very much over the last decade is that cloud computing is not limited to legitimate businesses. It’s also available to the criminals.

While the cloud computing platforms do their best to keep the criminals off their platforms, it’s impossible to stop that entirely. So, in email security, this is a challenge. It’s been a major shift because of the rising abuse of legitimate cloud services to send email with malicious payload that’s hosted at a cloud service.

This has changed the way that we look at email security. Enterprises need to be in tune with their third-party senders, because they need email authentication to protect their inbound email.

A vast majority of the legitimate email that we see today being sent and received is not coming from private servers anymore. It’s coming from cloud hosted third party servers. The criminals use that fact to abuse those services to mask their identity, basically piggyback off the good reputation of those legitimate services. So that’s been a huge change in email security with the cloud.

ITSW:  what are the common challenges that organizations face in your knowledge when they’re adopting new cybersecurity technologies? And how do you think they can overcome them using whatever latest tools that, know, Fortra or any other brand is developing?

Mike Jones: Information overload is definitely a big problem with cybersecurity today for most enterprises. Most security teams just have too much to deal with and not enough people with the expertise to do it. So, they have too many products producing too much data with too many alerts, too many attackers, even security news. There’s so much security news out there to try to keep up with as a security professional, it’s overwhelming.

So, you know, organizations want to have products to deal with that information overload, to consolidate information and give them a concise and efficient picture of what’s happening. But then again, if an organization implements a consolidation product poorly, that just adds to the overload. It has to be done in a way to get that effect of consolidation.

So, organizations need to focus on smart consolidation. Cary mentioned earlier our goal at Fortra is to provide a platform that consolidates for enterprises and helps them with that information overload.

I think there’s also some promise that AI will help solve or alleviate the information overload going forward as well. We’re seeing that some now, but we also, unfortunately the buzz about AI is a little bit ahead of the actual impact of AI so far.

It’s progressing, but that adds to some of the noise as well, all the buzz about AI and cybersecurity right now as well. So, but I think that does have promise going forward and we’re starting to see that in cybersecurity.

Cary: I echo what Mike says. Our customers may use up to 50 cyber security tools, and our biggest customers may use up to a hundred and fifty products. That means different APIs, different UIs, having teams that can implement different applications, and that is really challenging.

A few suggestions I always make is, one, partner with a company that will tell you what you should be concerned about. There are often vendors that share firehose of data, and it becomes difficult to get the quality versus the quantity.

So always look for quality data, relevant to your use cases, it’s very important.

Also, resources are very hard to find, and that’s where Fortra comes in. We have very good resources. Our vision as a company is about the platform. We want to simplify and consolidate and offer a myriad of solutions to customers so they don’t have to go out to manage all the different vendors on their own.

Also read: Email Security Best Practices for Enterprises

ITSW:  When we spoke about AI and their tools and whether we are getting ahead of ourselves, what role do you think AI plays in controlling data sprawl here? Are AI tools able to control situations and challenges like data sprawl or unstructured data or unclean data, which is, think, going to be the final requirement?

Mike Jones:  I think it’s a mix of both right now. I feel like this is true anytime there’s some new technology, the hype always leads the actual on the ground benefits. It’s like cloud computing. If you go back ten or fifteen years, there was a huge hype around cloud computing. But most organizations were not really in the cloud yet.

Then reality catches up to the hype and you do start realizing those benefits. So, I think with AI, we are still in the early stages of realizing all the benefits of AI that are promised. But we’ll get there. That train is not going to slow down over the next years.

Cary: We are getting a lot of value today from AI in our email security stacks. The way I see it is, there are known threats and there are unknown threats. For known threats we don’t really need AI, we can detect threats and use indicators to detect.

So, we know about a bad URL, a bad attachment, or an email address. That’s straightforward, we don’t need AI to tell us that. But it still provides a tremendous amount of value.

So, if we can find malicious URLs and take action, it provides tremendous amount of value.

Where I see AI providing great value is for unknown threats. Where we see AI more come into play s for unknown threats. There are threats that may not be known today, but we can use AI to identify attributes, tend to the message, at scale, to make a call of something suspicious, or even malicious. The value of AI that I see come into play is all about identifying and analyzing those attributes, successfully detecting malicious threats.

ITSW:  So, what is the role of email protection in business resilience you think and of course after considering that they are the initial vector in many cyber-attacks in many organizations, for various reasons. These may also include human oversight or lack of awareness or training. But emails are usually the first entry point. What is the role of email protection to keep your businesses secure? How do you propose to do it?

Cary: Email is the heartbeat of businesses. If email can’t be trusted or it is problematic, it can bring the company to its knees. So having good protection is one of the most fundamental needs of cyber security.

If that’s vulnerable, operations can come to a stop. We have seen reputational damage and financial damage happen too. We have seen Google and Facebook lose a hundred million dollars from spearfishing attacks. The goal with email protection is to prevent employees receiving or interacting with suspicious messages and enable your organization to run smoothly without financial or reputational losses.

This is done by being layered. There is not a single tool that provides that resilience. There are many approaches like training your employees, so they recognize those emails and report them. Going back to our AI discussion, they can be used to detect those unknown, complex threats. So, taking the layered approach so your email is not attacked, is key for businesses.

Mike Jones: Yeah, I completely agree. I may be biased because I’ve worked most of my career in email security, but I think, for protecting an organization, protecting their email is the most important security initiative they can do.

Email is the business tool that we’re using every day. But email abuse is not going away. It’s like email is ubiquitous in business. It’s everywhere. It’s extremely interoperable. I can send an email.

It doesn’t really matter whether I’m using a web client, a desktop client, Outlook, Google, Yahoo, I can send an email today to a number of users and I don’t care what they’re using either. It’s highly interoperable. You just expect it to work. It’s relatively cheap to send out a lot of emails. And you’re going to reach a wide variety of targets. So that’s why businesses use it, and that’s why marketers love it.

And that’s why the criminals love it too. So, none of those things about email are really going to change. And despite hearing about the death of email over the years, in business at least, that hasn’t happened, and I don’t think it will. So, if you’re not protecting email, then you’re going to regret it at some point.

ITSW:  So, what do you feel are the advantages of using comprehensive email protection by integrating solutions with operating platforms, as such like maybe even a Microsoft platform or any other platform? Are there advantages in comprehensive integration?

Mike Jones: Absolutely. So, platforms like Microsoft offer a wide range of security tools, but a lot of times those tools don’t satisfy what an organization needs as far as depth of capabilities in specific areas. And with Microsoft specifically, I mean, Microsoft M365 is the dominant cloud email platform out there, but we talk to our customers all the time who are using that. They have needs that they just don’t feel they can satisfy with the depth of protection in the native Microsoft Security Suite.

So having another tool that can integrate with Microsoft that can provide that depth of email security is critically important to most organizations. And the nice thing about the Microsoft platform and other cloud platforms is that they do offer APIs and configurations that allow easy integrations for third party solutions to step in and provide that extra layer in their customer organizations as well.

Cary: For email security our vision has always been to work hand in hand with Microsoft, complement their capabilities, add value. What Microsoft does, being able to integrate with Microsoft, will enable us to provide a faster value for our customers. In general, this will help us support the layer approach too.

So, we are not looking to displace Microsoft, we are looking to work with them. Microsoft can cover a certain percentage of threats. Our goal is to augment that. We can cover more threats, the more complex threats too. Sometimes the more complex threats can be the more impactful for us. We could close that gap and provide that layer of protection for our customers’ base.

ITSW:   So, what advantages do you see in the integration of artificial intelligence and data sciences also with email protection for advanced threat detection and mitigation?

Mike Jones: So earlier you asked about what I thought about AI as far as the where we are at for the true capabilities versus the buzz. And I said, we’re still early there and I stand by that. I believe that’s true. But that said, AI and ML modeling of email has become the core of modern email security, especially in an email security where you’re enhancing and integrating with a cloud service, that type of email security.

You need to have effective AI and ML in those solutions. It brings capabilities for predictive analysis to email instead of just the reactive piece. So, it allows your security stack to identify new and risky problems that aren’t possible if you just relied on standard rules and known indicators. And like I said earlier, we’re talking about how cloud has complicated email security.

AI helps kind of weed through some of that complexity in the way email is sent today.

In the old days, there was a lot of whack-a-mole in email. The bad guys do one thing, you whack them on the head, they pop up somewhere else doing something else, you whack them on the head again, right? So that’s where we’re going with AI and ML. It is trying to reduce the reliance on the whack -a -mole type of email security, and being able to predict what’s happening as it’s happening. And all of that said, it doesn’t obviate the need for the traditional rules and indicators, as Cary said earlier.

To have a truly comprehensive email stack, that’s very effective in certain situations and you need those to work together. You need your AI and ML predictive capabilities to work with your traditional indicator reactive capabilities.

Cary: The main thing for me is how it can help us scale- being able to analyze behaviors and heuristics. That’s where AI can play a part. It’s typically more of those unknown things that we don’t know about or that haven’t been confirmed yet.

Also read: Reasons Why Email Security is Crucial for Businesses Communication

Wrap Up

Mike Jones and Cary Hudgins highlight the dual edge of cloud computing. While offering cost-efficiency and operational ease, it also opens new avenues for cyber threats, particularly through the misuse of legitimate services.

They discuss the importance of adapting email security strategies, improving authentication, and using AI and ML tools to tackle information overload and strengthen defenses.

The discussion underscores the ongoing need for vigilance and innovation in protecting against emerging cyber security challenges.

For more such updates follow us on Google News ITsecuritywire News. Please subscribe to our Newsletter for more updates.