By Eyal Benishti, Founder & CEO, IRONSCALES
The managed security service provider (MSSP) market is primed for strong growth in the coming years as both enterprises, and the mid-market continues to endure an onslaught of complex cyber threats. Gartner says enterprise spending on security outsourcing services will soon comprise nearly three-quarters of all spending on security software and hardware products.
Persistence Market Research agrees. According to their analysis, the MSSP market will grow in the next nine years by an 18 percent compound annual rate to $101 billion. Persistence also indicates that market growth will be driven by the increasing complexity of threats, a shortage of skilled security professionals, and the proliferation of IoT, which offers a vast attack surface for hackers to exploit. Also prompting market growth is the acceleration of cloud adoption, which according to an article in Channel Pro, “provides an opportunity for MSSPs to deliver additional value to their clients.” That additional value, according to the article, is the implementation of automation and orchestration.
A primary concern for many MSSP customers is email security, especially as it relates to the increasing need for reliable phishing mitigation technology. Since phishing emails continue to serve as the primary attack vector for the vast majority of cyber attacks, MSSPs are beginning to recognize that good email hygiene is the key to their customer’s overall risk reduction and their satisfaction.
But in the age of advanced email phishing threats, such as ransomware and business email compromise (BEC), traditional email security tools (secure email gateways, Office365 Advanced Threat Protection (ATP) and phishing awareness training), often fall short and allow attacks to slip through the cracks.
Smart Technology Required to Sufficiently Harden Email Security Defenses
MSSPs have long offered great value to their customers by helping them reduce risk without the need for additional investments in technology and skilled IT staff. But as newly sophisticated phishing threats grow more abundant and complex, MSSPs are beginning to rethink how they can help their customers defend against email-driven attacks while also reducing the workload of their security teams. At the same, MSSPs are looking to solutions that are cloud-native and integrate with third-parties, so they don’t have to spend vast amounts of time, money and resources on complex setups, installations, and integrations. Here are three reasons why implementing email security with AI & machine learning is the answer.
I. Complement the Inherent Gaps in Secure Email Gateway Technology
Secure email gateways (SEGs) have improved their filtering capabilities over the years, but no SEG is built to defeat advanced phishing threats, such as BEC. That’s because most BEC attacks are absent of the malicious payloads, such as links and attachments, that SEGs are programmed to look for. Making matters worse, once a BEC email bypasses the gateway, employees – even those who are phishing aware – often do not recognize the message as malicious, in large part because they have put too much faith into SEG technology identifying the phishing attack for them.
Putting machine learning in every single mailbox can help organizations better analyze account information and understand every user’s communication habits. Whereas many applications leave security personnel to manually contend with hundreds of daily responses, solutions that deploy machine learning continuously get smarter and can automatically execute a comprehensive forensic examination of suspicious emails, determining the most appropriate remediation or mitigation response without much human involvement. This can expedite remediation from days or weeks to only seconds.
II. Reduce Burden on Security Teams
Artificial intelligence and machine learning ultimately enable MSSPs to more efficiently serve more customers without adding to the workload of internal or external security teams. This benefit is especially important considering the growth projected in the MSSP market in the coming years. In fact, email security with AI and machine learning at the core can help overworked and undercapitalized security teams stay ahead of threats by leveraging real-time data from across the web to predict unknown threats and respond to them at speed.
Such speed of information accessibility can eliminate hours of research and analysis and automate repetitive tasks, including complete remediation of malicious messages, to enable analysts to focus more on high-level decision making and actions that produce results. This is a huge productivity gain, as many SOC teams are already overworked trying to keep up with the latest threats and chasing after false alerts. A survey by Fidelis Cybersecurity found only 17 percent of organizations have a dedicated threat hunting team. And of those that do have a team, only half can handle more than eight investigations per day.
III. Predict unknown incidents based on community Intelligence
Artificial intelligence and machine learning can also help increase detection, prevention, and response by autonomously validating the legitimacy of suspicious emails. When utilized in the right platform, machine learning can share information automatically and anonymously so that the same cyber attack won’t hit any other company under the provider’s protection. Simultaneously, AI can prompt the removal of suspicious messages without assistance from security analysts because it has intuitively rendered the appropriate verdict by mimicking human security analysts’ previous decisions.
Looking back to the WannaCry ransomware attack in May 2017, real-time global sharing of information helped reduce damages, which would have been even worse had the global security community not quickly mobilized. Furthermore, machine learning can also help log attack details and cross-reference all users for emails with similar patterns as well as repeated or persistent attacks. The system can then notify users in real-time through in-line messaging and then automatically remediate the attack without the need for human intervention.
Even the most highly-trained security professionals can no longer identify, mitigate and remediate today’s complex phishing threats without the support of smart technology. Layering legacy email solutions can help but adding to the security stack often spawns gaps that leave organizations vulnerable to attack. MSSPs now need real-time visibility, process automation, decentralized intelligence, advanced threat detection, and analysis to stop email-driven phishing risks across all endpoints – all of which can be obtained by turning to AI and machine learning.
Eyal Benishti is a veteran phishing and malware researcher and founder and CEO of IRONSCALES, an advanced phishing threat protection platform.