Q&A: Can machine learning help stop email phishing?

Phishing is the default way into organisations for many attackers. Crunching data through machine learning is now the go to method to solve many IT problems. Eyal Benishti, CEO of Israeli security startup Ironscales, explains how he uses machine learning to help counteract phishing in this short Q&A.

How does Ironscales combine human intelligence with machine learning to combat phishing?

Ironscales uses machine learning to continuously learn based on user behaviour analysis at the mailbox-level. We then arm the users with relevant information using visual aids inside their email client that they can use to make decisions about the emails they’re receiving, such as insights about the sender and their reputation and a report button so that they can flag any suspicious emails. Any emails that are reported as suspicious are automatically sent to the security team and, in parallel, instantly fed back into the machine learning back end, so that it can keep getting smarter in predicting and preventing sophisticated phishing emails as well as filtering out false positives. That combined approach enables companies to proactively protect themselves more effectively, automatically and in real time, from targeted phishing emails.

Is this similar to the work of other security firms (like Darktrace and Cylance) that use machine learning and targeted alerts to combat threats?

The only similarities are the machine learning capabilities and that Ironscales does not use signatures to try and prevent phishing attacks. Ironscales’s approach uses humans and machine learning technology to create a constant feedback loop that enables the technology to get smarter over time and it’s specifically engineered to stop zero-day phishing attacks that bypass legacy solutions that rely on signatures.

Can this help counteract the recent rise of homograph attacks?

In our case homograph attacks that were built to fool browsers will normally start as phishing emails being sent to users; we have a solution (IronSights) that will detect and intercept any fraudulent URLs, which may have easily appeared genuine to the untrained—or unaware—human eye. It’s all about those small things that the human eye will probably miss, but where the machine can be helpful, and the other way around. Together we can put up a better fight.

Phishing is always the most successful form of attack—because employees keep on clicking on links—will this ever go away?

There is no silver bullet, as we all know, but Ironscales is challenging the status quo by saying we can’t expect to get better results or to change the situation we face without innovating and challenging the current methodology. We must provide users with better tools and technologies that complement the strengths of each other so that we can prevent, detect and respond more effectively to the rapidly changing tactics of hackers.

Is there anything CIOs fail to understand about phishing?

I think the market is just very noisy which makes their job so much harder and the fact that phishing has only really exploded in the last couple of years means there is a lot of room for innovation and education.

We believe that a human and machine problem requires a human and machine solution. Phishing attacks are not single-staged, meaning there is a life cycle that can’t be addressed with awareness and training alone; that’s the message we would like them to understand.

Does your recent push into the UK highlight a general move into other global markets or is the UK a particular focus?

The UK market has really started to understand our value proposition with all the recent phishing attacks. We are building great partnerships and there are many opportunities, so it makes sense to continue expanding into a receptive and strategic market place.

You raised $1.5 million in funding in January 2016,; do you have plans to raise more?

We’re getting a lot of offers at the moment, but have not decided on future funding plans yet. The business is performing well and growing fast. For now, we’re focused on building on that momentum and sticking to the belief that if we can deliver something innovative and effective, then we’ll be successful.

How do you see the company developing short, medium and long term?

Ironscales’s focus is to keep building on its global relationships and solidify its leadership position in anti-phishing technologies. We will keep expanding our vision and roadmap of email security. In the long term, we are completely focused on demonstrating the bigger role that antiphishing technology can play in the overall security ecosystem.

Security has been getting a lot of attention recently but is there anything that is not getting covered enough?

Security is a growing concern for both organisations and governments, we believe that the recent events and the amount of coverage by the media is doing a good job stressing out why we all should invest much more in security and not let our guard down for a moment.

It is getting a huge amount of attention and rightly so when you consider how much of a growing concern it is for organisations and governments. The coverage of recent security attacks and events plays a significant role in stressing the importance of investing in security and the dangers of letting your guard down.

Is there anything else you’d like to share?

Observing markets internationally, the need for organisations to facilitate user awareness of the threats of phishing has been growing massively over the last five years. However, the UK and Europe have been very slow to accept the threats and put into place appropriate measures for a variety of reasons—many people believe that it’s not a problem or that they’ll stop it at the perimeter, or even that anyone can spot phishing mails. That attitude, combined with a single lack of up-to-date legislation, have all contributed to the problem.

In my opinion, the watershed for this malaise was the TalkTalk breach. This was not a phishing attack but it served to highlight the real problem for organisational security—it isn’t a security problem or a user problem but a business problem when share prices drop. Considering that 95 percent of all cyberattacks start with a targeted phishing attack, if you are not taking anti-phishing seriously, then you’re the potential next headline disaster.