Endpoint

5/31/2017
03:15 PM
Connect Directly
Twitter
LinkedIn
Google+
RSS
E-Mail
50%
50%

Google Arms Gmail Security with Machine Learning

Google rolls out four security updates to protect enterprise Gmail accounts from phishing, data loss, and other threats.

Google is adding four new security measures to protect Gmail business users from spam, phishing, data loss, ransomware, and other workplace security threats.

"Email attacks are constantly evolving, and the email attack vector is by far the preferred way for attackers to gain access to enterprise data," says Gmail product manager Sri Somanchi. "We see all kinds of attacks, including phishing, malware, and ransomware attacks."

Machine learning is a common theme in today's updates. Google reports about 50-70% of the messages Gmail receives are spam, and machine learning helps block it with over 99.9% accuracy. It's aiming to weed out spam with early phishing detection, Google's machine learning model used to selectively delay messages for phishing analysis.

The system learns by comparing genuine messages with a similar pool of fake emails, Somanchi explains. It tracks attributes of each message to find details that differentiate suspicious from legitimate mails, and uses those indicators to perform future phishing checks.

Gmail's phishing detection models integrate with Google Safe Browsing, a machine learning model for detecting phishy URLs. The two models combine techniques, like URL reputation and similarity analysis, to enable URL click-time warnings for malware links. The machine learning systems adapt as they find new patterns with the idea of improving accuracy.

Unintended external reply warnings are intended to help users think twice before sending sensitive data to third parties. If someone tries to respond to someone outside the company domain, they see a warning to verify whether they intended to send that email.

"Using forged emails to target enterprise users to reply with sensitive data has become an increasingly common phishing scam," Somanchi says.

Contextual intelligence determines whether the recipient is an existing or regular contact, so warnings are not displayed unnecessarily. Given the potentially severe consequences of phishing attacks, he continues, the warnings are set by default and can only be disabled by an administrator.

Google notes that it has also implemented defenses against ransomware and polymorphic malware.

"We correlate spam signals with attachment and sender heuristics, to predict messages containing new and unseen malware variants," Somanchi explains. "These protections enable Gmail to better protect our users from zero-day threats, ransomware and polymorphic malware."

All of these features will be available to enterprise users over the next one- to three days. All are also available to consumers, with the exception of unintended external reply warnings.

Today's rollout arrives nearly one month after a Google Doc phishing attack scammed more than one million users. Victims were tricked into clicking a link that enabled access to their Google Drive through OAuth authentication connections, giving the attacker permission to act on behalf of their account.

It also follows Google's February publication of data highlighting security threats putting organizations at risk. Research found attackers send 4.3 times more malware, 6.2 times more phishing emails, and 0.4 times as much spam, to corporate inboxes than to personal email addresses.

Related Content:

Kelly Sheridan is the Staff Editor at Dark Reading, where she focuses on cybersecurity news and analysis. She is a business technology journalist who previously reported for InformationWeek, where she covered Microsoft, and Insurance & Technology, where she covered financial ... View Full Bio

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
JulietteRizkallah
50%
50%
JulietteRizkallah,
User Rank: Ninja
6/6/2017 | 4:04:48 PM
New attack vector is unstructured data
This is welcome news from Google as we will see an increasing amount of breaches through emails which carry many sensitive unstructured data ( think board presentations attached to a gmail account of a Board member).
BPID Security
50%
50%
BPID Security,
User Rank: Strategist
6/1/2017 | 12:38:34 PM
Privacy v. some benefit?
It seems that Google is reading my mail and this is supposed to be a good thing?

If the government read your mail to keep you from getting "junk mail" you would be up in arms. but because it is Google and people do not take the time to learn their tech then it's OK for them to filter based on content.

The fact that Gmail publically states they read your mail, regardless of the benefit (protecting people from their own stupidity) in not a reason to rejoice.

Here is a heuristic tip you can include in your own filtering: "read the fine print". you'll make better decisions than a computer.

 
Microsoft, Mastercard Aim to Change Identity Management
Kelly Sheridan, Staff Editor, Dark Reading,  12/3/2018
Windows 10 Security Questions Prove Easy for Attackers to Exploit
Kelly Sheridan, Staff Editor, Dark Reading,  12/5/2018
Starwood Breach Reaction Focuses on 4-Year Dwell
Curtis Franklin Jr., Senior Editor at Dark Reading,  12/5/2018
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: I guess this answers the question: who's watching the watchers?
Current Issue
10 Best Practices That Could Reshape Your IT Security Department
This Dark Reading Tech Digest, explores ten best practices that could reshape IT security departments.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2018-20009
PUBLISHED: 2018-12-10
DomainMOD 4.11.01 has XSS via the assets/add/ssl-provider.php SSL Provider Name or SSL Provider URL field.
CVE-2018-20010
PUBLISHED: 2018-12-10
DomainMOD 4.11.01 has XSS via the assets/add/ssl-provider-account.php username field.
CVE-2018-20011
PUBLISHED: 2018-12-10
DomainMOD 4.11.01 has XSS via the assets/add/category.php Category Name or Stakeholder field.
CVE-2018-20012
PUBLISHED: 2018-12-10
PHPCMF 4.1.3 has XSS via the first input field to the index.php?s=member&c=register&m=index URI.
CVE-2018-20015
PUBLISHED: 2018-12-10
YzmCMS v5.2 has admin/role/add.html CSRF.