• Why IRONSCALES
  • Platform
    Spring '24 Software Release! Check out our new deep image-based detection, GWS capabilities, and more. Explore the new additions
  • Solutions
  • Learn
    New Report! Osterman Research releases their 2024 findings on Image-based/QR Code Attacks. Read the report
  • Partner
  • Pricing

Combine Machine Learning With Human Intelligence To Fight Phishing Attacks

Email phishing attacks pose a constant challenge to organizations and their users perhaps today more than ever. The days of obvious phishing with its poorly worded, non-targeted, and easily recognizable email attacks are mostly behind us. Modern attacks are much more believable and realistic. They build fake landing pages with nearly imperceptible visual deviations from the real thing, use clever social engineering to impersonate targeted senders in your organization, and wield an array of constantly evolving tools that threaten to overwhelm human users and security teams.

In the face of attacks that are too numerous and sophisticated for humans to effectively manage alone, some pioneering organizations have turned to machine learning to improve their phishing countermeasures. We believe it is an effective tool to quickly and accurately tackle phishing attacks, and it is one of the core strengths of our platform.

But too often, our industry only frames humans as the weakest link in the fight against phishing attacks. A savvy team of security professionals and well-trained end users as well as powerful software that leverages machine learning can all be valuable in their own right. When they work together in a collaborative feedback loop, they are all elevated to another level of effectiveness.

What Is Machine Learning?

The term machine learning is subject to a lot of industry hype and is often confused with similar concepts, such as artificial intelligence. In fact, it is a specific subset of artificial intelligence. Machine learning is focused on recognizing and extracting patterns from massive sets of data, so the system can learn how to make predictive business decisions.

How Does Machine Learning Support Email Security?

In the context of email security, the biggest role that machine learning has played is shifting the industry from a reactionary mindset to a proactive one. Polymorphic phishing attacks adapt and change quickly, so there's little sense in only studying malicious interactions. By also crunching data from the overwhelming amount of normal email interactions and understanding what typically happens, machine learning empowers us to recognize and predict new deviations and attacks as quickly as they emerge.

Of course, machine learning is only useful if you have a good source of human intelligence to model it on, so it must operate at the mailbox level in order to be close to your end users. And as a relatively new technology, machine learning alone is not able to remediate all attacks by itself. Sometimes a human review will be needed, but this human intelligence can then be fed back into the machine learning process. Over time, it is possible to build a robust, constantly updating threat database that compares every element of every inbound or outbound email against known issues.

What Types Of Email Threats Can Be Detected With Machine Learning?

A machine-learning platform like IRONSCALES studies historical email behaviors to stop a variety of inbound and outbound email threats. Machine learning can detect anomalies in user behaviors (employee John Doe doesn't typically send this type of email to that type of user) as well as traditional email elements like content-type and return path.

By focusing on these types of anomalies, various threats can be safely filtered out, including:

  • Spear phishing: This attack targets one or two specific employees with well-crafted and well-researched phishing emails that have a higher likelihood of successful deception.
  • Business email compromise (BEC): BEC attacks typically impersonate senior executives with the goal of tricking employees, vendors, or customers into fraudulently wiring funds to the attacker.
  • Misdirected emails: It just takes one unintentional mistake, such as misclicking Reply All or misspelling a name, to open up your organization to a potential data breach.
  • Unauthorized emails: These threats originate from malicious actors within your own organization. Employees with access to sensitive information will always pose a risk, since they face the temptation of profiting from this data or otherwise using it for personal gain.
  • Malicious attachments: Malware, a classic element of the phisher’s arsenal, can still pack a punch if you don't have the resources to effectively assess the potential outcomes and threat levels of any embedded code, such as JavaScript hidden in a PDF attachment.

What Happens If An Email Is Flagged?

Incident response and remediation is another area where machine learning and human intelligence can work together to complement each other’s strengths. Machine learning can respond to a volume of threats that far surpasses human capabilities. But ultimately, your organization’s security team can decide how to respond to malicious emails if they have the capacity, otherwise we like to say the cost of a false positive is only 1-click to bring it back in the inbox.

Typically, the default action will be to remove the malicious email from a user's inbox (and any similar messages in other users inboxes), which will be fed back into our machine learning platform's threat database.

How IRONSCALES Combines Machine Learning With Human Expertise
Simply put, the combination of machine learning and human intelligence is one of the most powerful weapons available to you in the fight against advanced threats like zero-day and polymorphic attacks.

The IRONSCALES Platform leverages both concepts in order to recognize critical behavioral patterns, adapt to emerging threats, and predict new threats all at a scale that far surpasses a regular human's capabilities. Sure, it may only take 5 minutes to investigate and resolve a single email threat but what about a polymorphic attack that's using slight variants of the email's artifacts to evade legacy protections? By identifying and clustering similar polymorphic threats, you can remove almost the entire burden of manual analysis from your team.

As a comprehensive anti-phishing platform, IRONSCALES supports a variety of solutions with machine learning and AI. A few of the many examples include:

  • URL & malware protection that uses computer vision and deep learning to detect fake login pages in real time
  • BEC Protection that leverages Natural Language Processing (NLP) and continuous monitoring of communication patterns to detect fraud and anomalies.
  • A virtual SOC analyst known as Themis, which continually learns from the tens of millions of emails passing through our system to autonomously predict, identify, and resolve phishing attacks with more than 90% accuracy.

At IRONSCALES, we're constantly pushing the boundaries of what's possible with machine learning and human intelligence. And while some offerings in our industry rely on hype and buzzwords, we prefer to simply show what we're capable of. Request a quick demo today to get started!

Eyal Benishti
Post by Eyal Benishti
May 27, 2020