There is an AI arms race in all industries, and nowhere is that more apparent than in email security.
Do a search of all email security vendors (us included!). You'll find amazing claims about the power of AI to catch every email attack under the sun.
We're proud of our AI, and we're happy to show you "under the hood". When you take a peek under the hood, showcasing models by attack type with deep learning. We use a multi-tier architecture of models, including deep neural networks with transformer architecture. We'll show you all you need to know about how we keep your email safe.
And we do it through actual AI. Forrester, in their latest email security landscape report, said the following:
Most CAPES vendors rely heavily on the power of AI and machine learning to stop sophisticated phishing and BEC attempts by learning communication or individual employee behavioral patterns to spot anomalies and neutralize threats. But this capability is limited to several underlying factors, including the quality of the algorithm training data, cadence of algorithm retraining, and how anomalies detected by the algorithm combine with traditional alerts. If a potential vendor’s answers about how their AI/ML works are vague or defensive, keep looking
So when we saw the following from another vendor in the space, we were troubled:
Essentially, it's a job opening for someone to sit, identify threats, catch them and do so as quickly as possible. These jobs--which don't pay great--essentially serve as the human defense system. It's not AI.
AI is created by humans, but the whole idea is that artificial intelligence does the job itself. In this case, it's not the AI--it's humans.
There's nothing inherently wrong with humans investigating attacks. In fact, it's a good thing to have as an additional layer, and we have threat researchers and analysts at your disposal. But the amount and scale of today's attacks make it mathematically impossible for even the most productive human to keep up. And, since this vendor allows all emails into the inbox first, the human analysts also have to scan clean emails. There's just not enough time.
Training data sets via manual classification is very last century. And it makes it impossible for organizations to stay truly secure.
Curious about our AI? Just ask. We're happy to do an incredibly thorough deep dive. And be sure, as Forrester notes, to really thoroughly investigate any vendor's AI--ours included. Here's some questions we recommend asking: