For Google’s Gmail for Business users, Google is confirming to offer AI-powered security features including advanced protection against phishing and malware attempts.

This is confirmed by the company itself via its G Suite Updates official feed:

At launch time, the majority of these settings will be disabled for existing customers, because – depending on your domain configuration – they may cause false positives.

Most of the new features will be disabled on launch due to the possibility of high false positives. But is this protection enough?

Just A Single Solution to a Multi-Layered Problem… is a start

Identifying links behind shortened URLs and scanning linked images will help protect users from malware attacks, and Google indicated that these options will be automatically enabled for existing customers starting from April 4th – they can be disabled or customized prior to that date. Alone these defenses simply just aren’t enough for today’s complicated email threats.

Criminals are shrewd creatures and their communications are devious by design. They find new ways to evade detection from filters, just like those introduced by Google every day.

For an example Business Email Compromise (BEC) attacks are creating havoc and costing businesses billions. These scams are in one of three forms – either a fake invoice, a compromised employee email account of an actual employee or a spoofed email address to look like a real organization. According to figures released by the FBI, these scams have cost organizations more than $5 billion in losses over the past three years, spanning across at least 131 countries.

If just one message gets through due to a distracted or uninformed user who interacts with the criminal’s payload, the entire company can find itself disabled.

Advanced Mailbox Protection & Automated Response- Approach Needed

According to a study by the Aberdeen Group, within approximately 80 seconds of a phishing message arriving in an organization someone will have interacted with it. Stopping most threats getting through is a beginning of course, but it’s not enough as it only takes one message to bring an organization to a standstill.

Yes, gateway-level solutions are beneficial for spam and malware filtering, however companies need to take a more multi layered approach that both mitigates and remediates the risk before and after a phishing email has landed in the inbox as fast as possible.

Email borne threats are a serious issue for organizations, with many finding their targets, causing malware infections, credential theft and even persuading well-meaning employees to wire over cash. While it’s encouraging that the big players, like Google, are introducing security tools to help defend against the tide of Business Email Compromise (BEC), rushing them through and then having to disable them doesn’t bode well.

Introducing the IRONSCALES’s platform

It solves all advanced phishing threats (BEC, APT & Ransomware). Acting like a virtual security analyst, IronSights provides advanced mailbox level anomaly detection, based on a patented contextual and human behavioral analysis that proactively combats both impersonation and spoofing emails in real-time. By using the power of machine learning algorithms, IronSights studies every employee’s inbox to detect anomalies and communication habits based on a sophisticated user behavioral analysis. All suspicious emails are visually flagged the second they arrive, with a referral button for users to notify the SOC team. By utilizing machine intelligence, it’s able to reduce the risk of human error in identifying malicious emails giving organizations a mailbox-layer of defense to ensure unprecedented protection and threat remediation.

So Identifying the threat is only one aspect so, when an attack is detected, that’s when IronTraps kicks in sending an automatic notification simultaneously to the security team and our own servers. A comprehensive phishing forensic examination of the suspicious email then occurs using our integrated and proprietary Multi-AV and Sandbox Scan. Working in conjunction with IRONSCALES’s advanced technology, IronTraps analyzes both the number and skill ranking of the user reporting the message, whilst also examining other proprietary analytics, to determine the most appropriate mitigation or remediation response. Once the attack is confirmed, an automatic enterprise-wide removal of all malicious emails occurs to prevent anyone else from falling for the scam.

The final element is intelligence sharing and that’s why Ironscales created Federation, the first and only anti-phishing technology that provides a comprehensive real-time, anonymous and automated intelligence sharing ecosystem between companies that is integrated into the automated incident response layer. Once a rogue message is confirmed, all our customers are instantly protected from the same scam.

The primary way to significantly improve protection from email borne threats is to have an automated solution that shifts focus away from the gateway and to instead concentrate efforts on the inbox – where the threat resides. GSuite users will definitely look for more visibility and control over the process, and currently the prevention offered by Google is simply not enough.

For more information please visit our product page.

Was this article helpful?