He Said What? Deep Learning Changes the Game for Social Engineering Attacks

With social engineering attacks at an all-time high, businesses are looking for better ways to root out hackers before they do real damage. Startup Armorblox says it has the answer--a platform that uses natural language understanding (NLU) and deep learning to understand the tone, sentiment and writing style of emails, documents and messaging software. With this information, Armorblox can intelligently detect anomalies and alert administrators about them.

Armorblox can use the information it detects to spot anomalies, catching attacks that traditional solutions may not be able to detect. It’s especially useful for detecting socially engineered phishing attacks, impersonated emails and file sharing scams, It can also help with data loss prevention, protecting highly sensitive data and compliance.

For example, most modern email security solutions can identify phishing links, domains and malicious attachments, but attackers have become more sophisticated, explained cofounder Anand Raghavan. Today, they use sophisticated social engineering methods, where the hook is not in one email, but over several emails. And it’s all in the text. By understanding the communication and text, Armorblox can more effectively identify suspicious behaviors.

Raghavan pointed to several cases where Armorblox caught problems that may have gone undetected with other methods. In one case, a CFO received an email from the CEO asking him to cut a check. The CEO’s email happened to mention that he was out of the office that day. Armorblox caught the breach because it understood that the content of the email didn’t match well with the request. In another case, a CEO received an extortion email, which the solution caught. Armorblox also alerted that CEO that several other executives on the team had received that email but had not notified the security organization about it. But because the platform knew about those emails, it was able to provide a full report to the CEO anyway.

The approach Armorblox is taking by using deep learning to protect the human layer makes a lot of sense in today’s environment, said Doug Cahill, group director and senior analyst at Enterprise Strategy Group.

“The fact that they're talking about deep learning versus just machine learning is unique, as along with their focus on natural language understanding for context,” he said.

It’s much more accurate than typical machine learning algorithms, he said, which are trained with a static data set. “If the algorithm is inaccurate, it goes off the rails, and you have to update the algorithm. Instead, the Armorblox approach uses deep learning as a dynamic way to create those machine learning algorithms.”

The Armorblox platform also can recommend changes to policy based on what it has learned is important to the organization. In addition, its alert remediation framework can significantly reduce the number of alerts and simplify triage. By intelligently analyzing textual data, it reduces the number of false positive alerts and can use context to distribute the alerts to the right users for validation. That’s more important than you might think, Cahill said, given the amount of “alert fatigue” companies and its users are experiencing.

Initially, Cahill believes, companies may use something like Armorblox as another layer for defense in depth. “We've seen this in the firewall market and endpoint security market, where there's a next generation approach,” he said