Mimecast Customer Care - Artificial Intelligence (AI) Use Cases

This article provides information on Mimecast Use Cases for Artificial Intelligence (AI), including Machine Learning (ML) and Natural Language Processing (NLP) models, which assist in enhancing existing products and services, and better protecting customers from internal and external threats.  It is intended for Administrators.

Overview

Mimecast makes use of Artificial Intelligence within a variety of technologies in the detection stack by strategically leveraging AI to enhance our existing defenses. Instead of relying entirely on AI, it is used in various areas where it can make the most impact in countering the spectrum of cyber threats. 

The use of AI, such as Machine Learning enables us to draw on vast amounts of data to identify patterns and correlations at an extremely large scale. It also provides quicker and cheaper solutions in certain cases and therefore, minimizes pressure on the Security Team. 

Some of the areas in which AI is incorporated include defending against Business Email Compromise (BEC), QR Code Detection, and Credential Theft Protection. Mimecast counters the spectrum of cyber threats, from phishing attacks to data breaches, ensuring that collaboration tools, email communications, and cloud services remains secure. Our platform learns from every attempt, improving security efficacy and administrator efficiency through a robust detection stack, and delivering industry-leading threat protection to the collaboration tools our customers rely on.

Use Cases

This section provides information on selected AI Functions implemented by Mimecast. 

Business Email Compromise 

Mimecast provides protection against business email compromise by equipping employees with critical information to avoid attacks. Spear-phishing attacks in particular are becoming an increasing threat. AI Algorithms and NLP detect targeted threats and limit attackers' information-gathering capabilities. 

How is this done?

• Social Graphing technology powered by ML maps communications, builds an understanding of communication patterns. This provides a benchmark for the detection of anomalous behaviors. 
• NLP analyzes text from the email body to determine the severity based on risky outcome categories, message characteristics, or rules. Messages can then have different policy levels applied to reject or allow for administrative review. 
• When warranted, decides to add contextual banners to emails to alert employees. These are updated in real-time across devices when risk levels change. 
• Detects & Disarms trackers embedded in employees' emails, stopping inadvertent disclosure of information to attackers. 

Outbound Email and Sensitive Data Risk Mitigation

Attackers aren't the only threat to organizations, as employees could be a potential danger to themselves or the business should they send an email to the incorrect address. This has the potential to leak sensitive data with consequences that include fines, reputational damage, and compliance violations. Mimecast Misaddressed Email Protection uses AI to track users’ communications, identify anomalies and alert employees that an email is being sent to a new or unrecognized email address.

How is this done? 

• Detects anomalous communications activity by using Social Graphing, powered by machine learning, to "understand" a user's typical patterns.
• Holds misaddressed emails at the gateway and alerts the sender of the potential problem.
• Gives the sender a second chance to confirm their email is going to the right place, helping to ensure email data is handled judiciously and in a compliant way.

Malicious Email Detection

AI is used to prevent malicious emails disguised as legitimate messages from credible sources from being delivered to employees. 

Credential harvesting is increasingly problematic, particularly due to more businesses using file-sharing services such as Microsoft OneDrive and SharePoint to collaborate remotely. Attackers may reference these sites in malicious emails to bypass detection with the goal of obtaining business credentials via URLs.

Mimecast's credential harvesting protection uses machine learning and advanced computer vision to identify whether a URL is legitimate. The analyzes of this tool are precise to the point of being able to pinpoint a single pixel that has been altered on a malicious webpage.

How is this done?

• Computer vision algorithms detect anomalies in the branding, login, or payment form information that appears on an end user's screen.
• Depending on the level of suspicion and associated risk, users are either warned or blocked from the page.
• The AI algorithm learns from each analysis to become more precise with time.

Categorizing and Triaging Suspicious Emails

When users report suspicious emails to Mimecast's SOC, Mimecast uses AI to automatically categorize, triage, and prioritize them for investigation. Each suspicious email’s metadata is also automatically enriched with a risk score and any information about the user's past reporting behavior. This information helps analysts make a rapid decision about whether an email is malicious or not. The final decisions made by our analysts feed back into our AI models.

Categorizing Websites

Supervised learning categorizes websites as malicious or inappropriate, which tells Mimecast's inspection engines to block access to those sites.

Image Identification 

Deep learning and computer vision algorithms work in concert to detect inappropriate images in emails, focusing on pornography, helping to maintain a safe and professional work environment. Being able to control this type of content (received or sent) is critical to brand reputation as an employee's email address by extension represents the organization.

QR Code Detection

QR codes are a common tool for sharing information quickly and conveniently, however, they can also pose a security risk. QR codes can contain links to malware, inappropriate sites, or other harmful content. Mimecast can not only detect QR codes through our deep learning and computer vision algorithms, but the link residing behind the QR code is resolved and passed to Mimecasts URL detection capability to identify high risk URLs. As described in the illustrative URL example, a combination of technologies including machine learning, is utilized to determine if the QR code links are malicious which results in the rejection of the email, helping to protect against this style of phishing attacks.

Malware and Zero-Day Protection

Mimecast leverages AI within our inspection engines and offers protection from even previously unknown threats - APTs, zero- day attacks and ransomware. The machine learning algorithms incorporated in the various file inspection capabilities, extract features from existing malware samples or families enabling them to predict future malware based on shared similar features. Mimecast's sandbox uses machine learning and behavior detection technologies, which ensures that only files that require further analysis are sent for inspection improving analysis response times. Files sent to the sandbox are analyzed by advanced machine learning algorithms in addition to decoys, anti-evasion techniques, anti-exploit, and aggressive behavior analysis resulting in efficient malware detection. Malware detection technology that incorporates machine learning algorithms are more effective than signature-based systems, because of the enhanced detection rates for new malware variants.

While all of these do not represent an exhaustive list of how Mimecast utilizes AI, they provide insights on how and where we are currently leveraging it. This will be continuously monitored, evaluated, and developed.