Email is the first attack vector exploited by pirates, but the continuing war they are waging against traditional methods of protection make the latter less and less effective. A set of technologies, however, makes it possible to react and substantially improve email defense: Artificial Intelligence.

Since its origin, email relies on a protocol that respects its initial specification, and which bears very little security. Its exploitation for immoral purposes proves simple enough for the pirates to be able to deceive the attentiveness of the users and the traditional solutions that are entrusted to protect them. This is how the solutions responsible for detecting the legitimacy of email content and discarding those that present a danger are proving to be less and less efficient. They use simple rules which work well when the threat is identified. But today, these rules, which depend particularly on lists and attack signatures, are proving to be rigid and difficult to evolve at the same pace as the threats themselves. And above all, the pirates never stop improving their methods of attack. More than ever, email recipients are in danger and their enterprise along with them.

To protect professional messaging, to withstand the explosion in the volume of emails, to detect the waves of attacks, and to qualify the legitimate contents that must be delivered to their recipients while discarding those that present a danger or a risk, new tools are needed. These will have to meet the goals in terms of volumes and speed of handling but also be capable of making predictions in order to anticipate new, highly dynamic threats. Furthermore, it is not necessary to reject all the solutions currently in place, because they have proven their worth by identifying the known threats, still present and dangerous, especially when the defenses related to the new tools are not up to date.

 

Artificial Intelligence to the rescue of email

The pirates understand it well. To be more efficient in order to achieve their wrongdoings, they have to shy away from massive attacks that are easy to detect and fight, to turn themselves towards personalized attacks, towards polymorphic malwares in which the content is transformed to avoid detection, towards phishing and spear phishing emails which use social engineering to deceive the individual, and no longer the mass of individuals. They multiply the waves of attacks in small volumes and short timeframes, seeking in this way not to be detected. In contrast, the defender, the solution for monitoring emails and detection of threats, will seek to anticipate these new attacks that are multiplying. For that, it must adopt very reactive tools, but also a