Intelligent CIO Europe Issue 30 | Page 79

////////////////////////////////////////// eck, we would main have any th the recipient? hole? Does it y similar to other t time we’ve seen this user? Has tion ever shared Has any user ever ly asking the wrong ckers know the ey can skirt by these ds by paying just a ains. y in n from an attacker’s ed one email to to the kingdom, so few thousand new itably pay off. And ong as it’s working ckers are doing. ins consistently ntil these ed with enough e that the domains thousands or could have been frastructure is will abandon it and and deploy a new continues. Like le’, these legacy to hammer down ails – all the while are being created in the thousands in preparation for the next campaign. This is the ‘Domain Game’ and it’s a hard game for defenders to win. Asking the right questions Thankfully, the solution to this problem is as simple as the problem itself. It requires a movement away from the legacy approach and towards deploying technology that is up to par with the speed and scale of today’s attackers. In the last two years, new technologies have emerged that leverage AI, seeking to understand the human behind the email address. Rather than inspecting incoming traffic at the surface-level and asking binary questions, this paradigm shift away from this insufficient legacy approach asks the right questions: Not simply ‘are you malicious?’, but crucially: ‘do you belong?’ Informed by a nuanced understanding of the recipient, their peers and the organisation at large, every inbound, outbound and internal email is analysed in context, and is then re-analysed over and over again in light of evolving evidence. Asking the right questions and understanding the human invariably sets a far higher standard for acceptable catch rates with unknown threats on first encounter. This approach far outpaces traditional email defences which have proven to fail and leave companies and their employees vulnerable to malicious emails sitting in their inboxes. Rather than desperately bashing away at blacklisted domains and IP addresses in an ill-fated attempt to beat the attackers, we can change the game altogether, tilting the scales in favour of the defenders – securing our inboxes and our organisations at large. •