Today’s threat landscape is characterized by attackers preying on human vulnerability. Proofpoint research shows that nearly 99% of all threats require some sort of human interaction. Whether it is malware-free threats such as the different types of Business Email Compromise (BEC) or Email Account Compromise (EAC) like payroll diversion, account takeover, and executive impersonation, or malware-based threats like the Ryuk Ransomware that is carried by Bazaloader, people are falling victim to these attacks day-in and day-out.
Leveraging Machine Learning for a People-Centric Problem
To stop these types of attacks, organizations need to deploy a solution that can stay ahead of the ever-changing landscape and adapt to the way humans act. Machine Learning (ML) is a critical component in a robust cybersecurity detection strategy. It’s faster and more effective than manual analysis and can quickly adapt to new and evolving threats and trends.
ML techniques aren’t anything new to Proofpoint. Proofpoint NexusAI and ML techniques have been part of the Proofpoint DNA for over 10 years, and our current approach represents the third generation of our applied machine learning. We leverage a number of artificial intelligence cybersecurity techniques, which have become foundational in our efforts to help our customers better protect their people.
Applying NexusAI to Stop Threats
Proofpoint NexusAI employs many techniques to detect numerous targeted threats such as BEC, EAC, phishing, cloud attacks, multi-stage attacks, and others. As an example, BEC supplier invoicing fraud attacks are sophisticated and complex schemes to steal money by either presenting a fraudulent invoice as legitimate or by re-routing the payment to a bank account controlled by the attacker. It is extremely hard for traditional systems to detect due to two factors: they are very targeted and contain no payload. We are successful at stopping these threats with NexusAI for BEC Detection which uses ML to dynamically analyze a wide range of message attributes, including header information, domain, and message body to determine if a message is an impostor message. And the effectiveness of the ML models used in NexusAI for BEC detection is fueled by the dynamic, global corpus of BEC attack data we analyze on a daily basis – typically over 15,000 BEC messages.
Another example, credential phishing attacks, show inherent weakness as they try to mimic the look and feel of an organization’s log-in page. This may be difficult to detect by analyzing manually, but with NexusAI, we leverage computer vision to detect and prevent emails pointing to that site.
Figure 1. Proofpoint NexusAI – Computer Vision
We even leverage our NexusAI with our internal threat researchers. They use the NexusAI cybersecurity tools to better understand incidents as well as find like-incidents. This helps with improving the overall effectiveness of the entire Proofpoint security portfolio.
Data Dictates the Effectiveness of Machine Learning
ML systems are not like traditional software systems, behavior is derived from data and not hand-coded. That means ML systems are only as good as the data that trains them.
Proofpoint is unique in that we gather threat data from around the globe from leading enterprises in the F100, F1000, G2000, leading ISPs and hundreds of thousands of SMBs. We also gather data from across multiple attack vectors such as email, cloud, network and social media, which is critical as attackers augment their arsenal beyond email to include cloud applications.
- 2B+ daily emails scanned
- 22M+ cloud accounts monitored
- 6k+ worldwide IDS sensors
- 400k+ unique daily malware sample
- 400M+ domains monitored daily
- 86k+ social media accounts monitored
- 100+ threat actors tracked
This data is gathered from across industries and geographies is fed into the Nexus Threat Graph to learn everything we can about threats and train our NexusAI and detection technology. It’s also used by our global team of threat researchers to analyze threats.
Everything learned from the data we see across our customer base is then fed back into Proofpoint products. This goes beyond only leveraging the data from a specific customer in our ML models but expands across our entire customer base. This data sharing helps us better identify campaigns and attack patterns we see across the threat landscape to provide the best cybersecurity and visibility for our customers to stay ahead of the threat landscape.
To learn more about how Proofpoint can help protect your people from threats click here.