Cybersecurity company Armorblox and Intermedia, a major provider of email hosting and cloud communications, announced a partnership and spinoff product to help more businesses combat the rise in cyberattacks, especially attacks using more sophisticated social engineering techniques. Launched by Intermedia, the platform is called AI Guardian and is essentially a version of Armorblox’s own SaaS platform powered by Armorblox technology. Now it’s fully included in Intermedia Email Protection, and the partnership is delivering the technology to Intermedia’s tens of thousands of customers.
The platform taps natural language understanding (NLU), connecting over APIs and analyzing thousands of signals to understand the context of communications. With this approach, Armorblox says it can detect and alert users to sophisticated email attacks that weaponize the context of communications to steal money and data.
“As the frequency and sophistication of email-based attacks continue to increase and evolve, the unique capabilities of AI Guardian provide a powerful new asset to our existing defenses,” Alex Smith, VP of security technology for Intermedia, told VentureBeat. “As well as creating bespoke models and providing post-delivery remediation, the NLU capabilities are a powerful tool in the AI Guardian layered defense approach. NLU allows AI Guardian to ‘read the intent’ of a potential threat and can be used to educate the user or to reinforce the practices of phishing awareness campaigns.”
Protection through partnerships
Armorblox already has a partnership with Microsoft, and its product is available in the Azure Marketplace. As far as email integrations go, it supports Microsoft Office 365, Google Workspace, and Exchange. The company considers email its first step on a grander mission: connecting all communication applications (email, messaging, file-sharing, video) to better protect the human layer of business from compromise.
Armorblox cofounder and CEO DJ Sampath told VentureBeat the partnership not only perfectly aligns with the company’s strategy, but will also help “supercharge” the technology.
“A wealth of data from tens of thousands of businesses lends the platform unprecedented visibility to new attacks and the ability to stop them every single day,” he said.
The AI model
To build the AI model driving the technology, Armorblox analyzed six months of email archives to build communication baselines, such as which email domains a user commonly interacts with, which email addresses they typically communicate with, and what topics are frequently discussed. This makes it possible to identify anomalies, even when an email looks normal on the surface.
Sampath pulled back the curtain to detail how the three layers of the model function (the term “model” is being used loosely here, as each layer is comprised of several models). The first, he says, runs across customers and enables the company to prevent targeted attack campaigns that have hit one customer from hitting another. The second layer is a custom machine learning model built for every organization the company serves, enabling it to stop attacks that target the specific organization’s context, such as vendor or payment fraud. The third layer is also a custom machine learning model — this one built for every user/mailbox — enabling Armorblox to stop attacks that target specific users and their context, including impersonation and account takeover.
Smith told VentureBeat this customization is one of the key ways AI Guardian is improving Intermedia’s threat detection capabilities. He also mentioned the fact that it’s directly integrated with the mailbox rather than a gateway, allowing retrospective remediation actions after a message has been delivered to the mailbox. He also cited the wide range of attacks the technology is built for, particularly targeted social engineering attacks that don’t rely on a traditional “payload” being delivered in the message.
Emerging security threats
The rate of cyberattacks is increasing, and cyber criminals are adopting more sophisticated techniques to breach and extort enterprises across industries. 2020 saw a spike in phishing attacks, a trend that is projected to continue. And organizations say they’re increasingly concerned about how AI can be used for impersonation.
But while AI may help bolster attacks, it can also play a role in protecting enterprises. Some experts are excited about the potential role of NLU and of natural language processing (NLP), in particular. As cyber criminals move beyond malicious links to actually immerse themselves in email communications, it makes sense that subsets of AI focused on natural language will become areas of interest.
“With NLU, Armorblox brings an entirely new signal to email security (language) to detect attacks that have been slipping through traditional solutions,” Sampath said. “Traditional email security solutions cannot reliably stop targeted attacks because they rely on binary techniques that study headers and metadata.”