Sébastien Goutal, Vade: staying at the forefront of AI-based threat detection
The COVID-19 pandemic has brought years of lockdown and sorrow upon many, but others saw it as an opportunity to prosper. Unfortunately, cybercriminals belong to the second category, taking their time to exploit the sensitive topic in a string of ransomware and phishing attacks.
As more users turn to email for professional and private communication, providers end up with vast amounts of personal data to protect. And threat actors know that too. We reached out to Sébastien Goutal, Chief Science Officer at Vade, one of the leaders in predictive email defense, to discuss top email security tips and the role Vade has taken in detecting online dangers.
Vade calls themselves pioneers in AI-based threat detection. Why is that?
Our innovative approach combining machine learning, natural language processing, computer vision, and anomaly detection enables our technology to anticipate and block sophisticated cyberattacks targeting inboxes.
What, in your opinion, is the biggest email security threat at the moment?
Though not new, BEC is still the biggest email security threat to businesses of all sizes. According to this year’s FBI IC3 report, the overall losses due to BEC/EAC in the US alone were over $1.8 billion. And, as has been widely reported, ransomware attacks are dramatically on the rise – although it is difficult to estimate the impact. In addition, cybercriminals have leveraged the effects of the COVID-19 pandemic to their advantage through phishing attacks which have doubled between 2019 and 2020. Many of these phishing emails impersonated government agencies and revolved around COVID-based themes such as the Paycheck Protection Program (PPP) funds, Unemployment insurance, and CARES Act stimulus funds, among others.
What are some of the main techniques Vade uses to protect against phishing, malware, ransomware, etc?
Vade leverages big data and a wide variety of different technologies to detect unknown, low volume, very targeted, and hyperdynamic threats that come in the form of phishing, malware, ransomware, and more. As we process a huge amount of data, thanks to the 1B mailboxes Vade protects, we have a unique point of view on global email traffic. This allows us to detect threats earlier than our competitors since timing is key in cybersecurity. For example, we use a combination of techniques and algorithms to detect phishing URLs, such as:
- Smart patterns to detect known threats or variants of known threats
- Supervised learning models to detect unknown threats
- Deep Learning models (VGG-16, ResNet) to detect the brand impersonated
- Computer Vision (OCR, ORB) and Natural Language Processing to detect image-based phishing
In addition, remediation and contextualized user awareness training, which we provide, are key for the end-user and organization.
What should an average email user do to keep up good cybersecurity hygiene?
I’d recommend that people learn what to look for. Cybercriminals are getting really good at hiding their game, and even users who are aware of the dangers can’t spot all phishing or spear-phishing scams. But there are ‘clues’ that can reveal a malicious email. Users just need to know what to look out for. To start, I would suggest users always verify the email sender’s address. This is harder to do on mobile devices, and hackers are aware of this, so users need to beware. I would also suggest that users hover over a URL before clicking on it to verify that it links to a safe landing page. Finally, never log into an app from a link that’s found in an email. Beyond knowing what to look for, it’s a good use of time and effort to go through some sort of user awareness training. Vade provides its customers with a fun, gamified training called Phishing IQ test, where the user is confronted with ten real emails and has 20 seconds for each to determine if it’s a phishing attack or not.
According to your website, Microsoft is the #1 target for hackers. What solutions do you offer to help combat threats to Microsoft’s clients?
Even Microsoft can be a victim of its own success. This is why we designed a security solution - Vade for M365 - specifically to protect Microsoft 365 users. Microsoft does have built-in security, but we layer on additional protection against advanced threats, such as phishing, spear-phishing, and malware attacks. Vade’s security product is API-based and natively integrated inside the Microsoft tenant as an additional, complementary layer of security, which makes it invisible to hackers. Knowing some attacks might still slip through since no solution can filter out 100% of phishing emails, we help end-users train. Our solution automatically invites end-users to take short ‘quizzes’ where they are shown real emails based on brands they interact with and that are being leveraged in phishing emails during that time. This is gamified training that’s delivered to users right when they need it.
Has the pandemic encouraged you to integrate any new vital features?
Yes, it has! As a result of the pandemic, we saw the number of COVID phishing emails drastically increase. To combat this, we decided to develop a new feature for our Vade M365 product to identify current events that hackers often use to lure in their victims, including COVID, but also events like Black Friday, Christmas, and Valentine’s Day. Our MSP partners can view the current event threats that Vade has detected, and if a legitimate email was misclassified, then the MSP can remediate it back to the user’s inbox (read more here).
Another thing that we noticed during the pandemic, is how phishers adapted their strategy from a mass-mailing venture to a much more targeted approach. We saw that some phishing emails would go out to only a few users within a company but would be mass sent to a large number of companies. This is a nightmare situation for an MSP because detecting the threat is like finding a needle in a haystack. This is why Vade developed MSP Response as a feature for M365 that helps MSPs manage their customers across tenants from a single, easy-to-use dashboard. With MSP Response, an MSP can remediate a phishing email across all of its customer tenants with one click.
You have recently been granted three US patents. Can you tell us more about those?
These patents are about the novel text data augmentation techniques that we have developed for our BEC (Business Email Compromise) detection models for M365. The performance of a supervised learning model is highly dependent on the amount of data collected to train the model. However, BEC attacks are rare, and it is very difficult to find samples. That’s why we have decided to develop techniques to create synthetic data from real BEC attacks so that we can train models with only a limited number of real samples.
What are some of the key ingredients to staying safe online?
I think awareness is the first step to staying safe online. Cybercriminals count on people not noticing small irregularities that would reveal a phishing email. Users should get trained on how to detect malicious emails, and they should do this often as vigilance tends to lapse with time.
Share with us: what is next for Vade?
The future is evolution - as cybersecurity continues to become more important for organizations around the world, we at Vade want to ensure our solutions can meet their growing needs. For our MSP partners, this means the addition of more MSP-friendly features to help them save time, but even more importantly, to build additional services, as that’s where the margin is for MSPs. Threat Coach and MSP Response are a couple of examples. We will also continue to address larger enterprises by adding features that suit their needs. There’s a lot in development right now, but it’s too early to give specifics, so we’ll have to continue this discussion in the very near future.