How is Artificial Intelligence Used to Address Email Threats?

This article is the third of a five-part series from Ed Amoroso at TAG Cyber. You can read part one here and part two here.

Enterprise security teams are increasingly excited about the use of the most advanced technologies to mitigate their risk and improve security posture. While such innovation creates many new opportunities to reduce cyber risk, it also drives the need for practitioners to develop a reasonable working-level understanding of how these new technologies work, especially when some complexity is involved.

In this article, we focus on the most prominent of new technologies for cybersecurity—namely, artificial intelligence, or AI. The role of AI in security is promising. Still, enterprise teams are advised to develop insights into what truly meaningful AI technology is and what might be considered less relevant aspects of AI, including claims that are more marketing hype than operational reality. By understanding what AI is and how it works, security leaders can ensure that they have the knowledge they need to keep their organizations protected.

The broad discipline known as artificial intelligence (AI) references an assortment of different technologies, algorithms, methods, and underlying foundational math.

The first applications of AI for cybersecurity emerged in the early 2010s with work from experts such as Stuart McClure, then working at Cylance. The idea was then, and remains now, that the application of security-relevant data could be used to inform learning algorithms sufficiently to support the prediction of vulnerabilities or threats. This remains the canonical approach to using AI for cybersecurity.

While taxonomies for AI include a wide variety of strategies ranging from expert systems to complex neural networks, most cybersecurity applications of artificial intelligence utilize machine learning, often based on simple linear regression. This involves reviewing a series of input attributes related to the processing environment and then predicting whether a security issue exists based on learned outcomes.

The general strategy for machine learning in cybersecurity involves a training set obtained from security-relevant data. This is analyzed by a learning algorithm that is associated with a hypothesis—usually whether some threat or vulnerability is present. As one would expect, the hypothesis is informed by our features, or attributes of the environment, and generates a predicted value. That predicted value is then used to make a decision about the potential threat.

One of the more promising areas in which artificial intelligence has been applied to cybersecurity threats is with the use of email security. Such an application is well-suited to AI due to the high volume of available data and the high likelihood of clear usage patterns that can be detected through normal user behavior. Combining these with good algorithms and strong computing platforms produces valuable results with increasingly high efficacy.

The canonical approach to machine learning can be used to illustrate the tailoring required for cloud email security. Training sets are derived from data collected during cloud email usage and learning algorithms are tailored to the cloud security email use cases of interest, including phishing and business email compromise. The hypothesis is whether evidence of an attack exists and the output determines whether the platform should take action to block the email.

By doing so, artificial intelligence can make decisions much faster and more effectively than users or security professionals. And as a result, the security algorithms can be trusted to detect and prevent email attacks, even those that have never before been detected by traditional tools. In essence, these algorithms are constantly learning from the inputs so that they can make correct decisions about the most dangerous threats targeting organizations today.

In our next article, we explain how Abnormal Security provides strong protection against email attacks and uses machine learning algorithms to improve the accuracy of the output recommendations.

See for yourself how Abnormal leverages behavioral AI to protect your organization from the full spectrum of email attacks. Schedule a demo today.