Artificial intelligence (AI) is revolutionising cybersecurity. It offers unparalleled capabilities for detecting, predicting and neutralising threats in real time. But at the same time, threat actors are using it to create sophisticated attacks.
At Proofpoint, we take an evidence-based, practical approach to AI. Our Nexus® AI Framework combines advanced machine learning with behavioural analytics for explainable decision-making. As a result, you get actionable insights and protection across multiple threat vectors.
This blog explores the many sides of AI—the good, the bad and the ugly. It also details how the six AI cores in Proofpoint Nexus power our targeted solutions, which stop today’s most complex security challenges.
Proofpoint Nexus AI: defending from every angle
Proofpoint Nexus is a comprehensive threat intelligence platform powered by AI, machine learning and real-time threat intelligence. The Proofpoint Nexus AI Framework integrates six powerful cores to counter AI-driven threats empowering defenders with advanced tools:
- Nexus Language Model (LM) combats business email compromise (BEC). It carefully examines email content to detect common elements found in BEC attempts, such as transactional language and urgency. By recognising subtle linguistic patterns and behavioural cues, Nexus LM for BEC identifies suspicious emails before they can cause harm.
- Nexus Generative AI automates data analysis across email, cloud and endpoints to identify nuanced patterns in phishing and exfiltration attempts. It also automates complex workflows, isolating compromised devices, revoking access and neutralising phishing campaigns.
- Nexus Threat Intelligence (TI) provides real-time updates on attacker tactics, techniques and vulnerabilities, enriching threat detection models. It ensures Proofpoint solutions stay ahead of evolving cyberthreats, offering proactive detection and defence.
- Nexus Relationship Graph (RG) monitors user behaviour across systems, detecting anomalies that signal insider threats or account compromise. By using behavioural analytics, ML and anomaly detection, Nexus RG spots deviations from normal user actions that may indicate a potential threat.
- Nexus Machine Learning (ML) powers predictive threat detection, which maps known attack behaviours and unsupervised techniques that detect unknown anomalies. It uses behaviour-focused detection models to identify malicious activity based on runtime behaviours rather than static signatures.
- Nexus Computer Vision (CV) is an AI-powered module designed to identify and neutralise vision-based threats. Through advanced computer vision technology, Nexus CV detects threats hidden in visual elements, such as phishing sites, QR codes, malicious attachments and spoofed emails.
Good, bad and ugly—AI is complex in the real world
AI helps cybersecurity teams as well as the cybercriminals who are trying to outsmart them. Below are just some of the ways that AI can both help and hinder cybersecurity efforts.
The Proofpoint Nexus Framework powers advanced solutions for each of these challenges.
The good: AI as a game-changer for cybersecurity
In many ways, AI makes it easier for defenders to do their jobs. When it comes to combating sophisticated threats, it can be extremely useful because it addresses the challenges that human teams cannot resolve at scale. Here’s how it can be taken advantage of when you use Proofpoint.
1: Predict threats before they happen. AI enables a proactive defence to cyberthreats. That’s because AI models can predict potential attack vectors by analysing historical threat patterns and real-time data.
Proofpoint Core Email Protection uses Nexus ML to process billions of data points daily to identify emerging phishing campaigns, malware payloads and zero-day threats. By applying ensemble techniques, Core Email Protection accurately correlates new email-based threats with established patterns. As a result, it helps defenders proactively stop attacks before they infiltrate networks.
2: Detect anomalies across user behaviours. AI continuously monitors how users behave across endpoints, email and cloud applications. This enables it to identify when there’s a deviation from the normal pattern, which indicates that an account has been compromised or there’s an insider threat. It also stops accidental data loss by looking for behavioural anomalies to determine if an email is misaddressed.
Proofpoint Account Takeover (ATO) Protection is powered by Nexus RG. It monitors SaaS activity for atypical file-sharing patterns or unauthored logins. Any deviations are flagged, such as repeated failed login attempts from unusual locations. This helps organisations detect and mitigate account takeovers.
3: Speed up incident response. AI-driven automation accelerates incident response. This reduces the time to containment from hours to seconds.
Proofpoint Core Email Protection uses Nexus Generative AI. It automates phishing email remediation by identifying malicious content and removing it from user inboxes. This ensures threats are neutralised without manual SOC intervention.
The bad: AI as a tool for adversaries
It’s clear that AI doesn’t just help defenders. Attackers now use AI to develop highly adaptive, scalable and targeted attacks. These are some of their common tactics, and how Proofpoint can help:
1: AI-driven phishing. Generative AI enables attackers to craft highly personalised phishing emails that look completely legitimate.
Proofpoint Core Email Protection uses Nexus LM to scan email content for tone, structure and context. In one example, it analysed mismatched metadata and unusual urgency in the language of a message to catch a phishing attempt where a bad actor was impersonating a senior executive. Fortunately, the threat was stopped before the user interacted with it.
2: Polymorphic malware and adaptive threats. Attackers use AI to create malware that can dynamically change its code. This helps them evade detection methods that are signature-based.
Proofpoint Core Email Protection uses Nexus ML combined with dynamic sandboxing to block polymorphic malware at the point of entry. This includes real-time analysis of file behaviours to detect malicious encryption attempts that are commonly used in ransomware attacks.
3: Deepfake-assisted social engineering. With deepfake technology, bad actors can create fake audio and video, which is often used in impersonation-based attacks.
Proofpoint Digital Communications Governance (DCG) uses Nexus CV to analyse suspicious media, such as altered brand logos or impersonated videos on social platforms. This mitigates the impact of fake content that is designed to deceive employees or customers.
The ugly: AI’s real-world challenges for security teams
Although AI has a lot of advantages for security teams, it also poses challenges when it comes to day-to-day operations. These are just a few of its challenges that can be solved with Proofpoint:
1: Alert fatigue. AI systems can generate excessive alerts, including false positives. This overwhelms security teams and can waste their valuable time.
Proofpoint Core Email Protection is built on Nexus Threat Intelligence (TI). Its dashboard consolidates TI threat data and prioritises alerts based on contextual severity. By integrating threat intelligence from global feeds, analysts can focus on high-impact incidents without sifting through irrelevant noise.
2: Complexity with integration. It’s not easy to integrate AI solutions into existing infrastructure. Scalable and flexible designs are needed.
Proofpoint Information Protection (DLP) is enhanced by Nexus Generative AI by integrating with SaaS and endpoint applications. APIs enable data protection policies to be enforced across diverse systems. This simplifies deployment while ensuring complete coverage.
3: Explainability and analyst trust. AI decisions can be opaque. If analysts don’t know where decisions come from, how can they trust them? Without these answers, adoption is hindered.
Proofpoint Core Email Protection. Powered by Nexus ML, Browser Isolation provides detailed reports on why certain webpages are blocked, such as malicious scripts or unusual redirect patterns. As a result, analysts can trust the system’s decisions.
Proofpoint balances AI’s promise with practicality
AI in cybersecurity offers immense promise. But it also requires expertise to deploy effectively. The Proofpoint Nexus AI Framework balances advanced technology with practical application. It ensures that organisations can defend against sophisticated threats while navigating operational challenges.
With Proofpoint Nexus, security teams can rely on adaptive, threat-focused solutions that stay ahead of evolving cybercriminal tactics. Whether it’s protecting users from phishing, detecting insider threats or preventing malware, Nexus provides the critical protection needed to secure an organisation’s most vulnerable entry points—its people.
Contact Proofpoint to learn how Nexus AI can transform your defences and safeguard your organisation today.