Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Endpoint

5/31/2017
03:15 PM
Connect Directly
Twitter
LinkedIn
Google+
RSS
E-Mail
50%
50%

Google Arms Gmail Security with Machine Learning

Google rolls out four security updates to protect enterprise Gmail accounts from phishing, data loss, and other threats.

Google is adding four new security measures to protect Gmail business users from spam, phishing, data loss, ransomware, and other workplace security threats.

"Email attacks are constantly evolving, and the email attack vector is by far the preferred way for attackers to gain access to enterprise data," says Gmail product manager Sri Somanchi. "We see all kinds of attacks, including phishing, malware, and ransomware attacks."

Machine learning is a common theme in today's updates. Google reports about 50-70% of the messages Gmail receives are spam, and machine learning helps block it with over 99.9% accuracy. It's aiming to weed out spam with early phishing detection, Google's machine learning model used to selectively delay messages for phishing analysis.

The system learns by comparing genuine messages with a similar pool of fake emails, Somanchi explains. It tracks attributes of each message to find details that differentiate suspicious from legitimate mails, and uses those indicators to perform future phishing checks.

Gmail's phishing detection models integrate with Google Safe Browsing, a machine learning model for detecting phishy URLs. The two models combine techniques, like URL reputation and similarity analysis, to enable URL click-time warnings for malware links. The machine learning systems adapt as they find new patterns with the idea of improving accuracy.

Unintended external reply warnings are intended to help users think twice before sending sensitive data to third parties. If someone tries to respond to someone outside the company domain, they see a warning to verify whether they intended to send that email.

"Using forged emails to target enterprise users to reply with sensitive data has become an increasingly common phishing scam," Somanchi says.

Contextual intelligence determines whether the recipient is an existing or regular contact, so warnings are not displayed unnecessarily. Given the potentially severe consequences of phishing attacks, he continues, the warnings are set by default and can only be disabled by an administrator.

Google notes that it has also implemented defenses against ransomware and polymorphic malware.

"We correlate spam signals with attachment and sender heuristics, to predict messages containing new and unseen malware variants," Somanchi explains. "These protections enable Gmail to better protect our users from zero-day threats, ransomware and polymorphic malware."

All of these features will be available to enterprise users over the next one- to three days. All are also available to consumers, with the exception of unintended external reply warnings.

Today's rollout arrives nearly one month after a Google Doc phishing attack scammed more than one million users. Victims were tricked into clicking a link that enabled access to their Google Drive through OAuth authentication connections, giving the attacker permission to act on behalf of their account.

It also follows Google's February publication of data highlighting security threats putting organizations at risk. Research found attackers send 4.3 times more malware, 6.2 times more phishing emails, and 0.4 times as much spam, to corporate inboxes than to personal email addresses.

Related Content:

Kelly Sheridan is the Staff Editor at Dark Reading, where she focuses on cybersecurity news and analysis. She is a business technology journalist who previously reported for InformationWeek, where she covered Microsoft, and Insurance & Technology, where she covered financial ... View Full Bio

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
JulietteRizkallah
50%
50%
JulietteRizkallah,
User Rank: Ninja
6/6/2017 | 4:04:48 PM
New attack vector is unstructured data
This is welcome news from Google as we will see an increasing amount of breaches through emails which carry many sensitive unstructured data ( think board presentations attached to a gmail account of a Board member).
BPID Security
50%
50%
BPID Security,
User Rank: Strategist
6/1/2017 | 12:38:34 PM
Privacy v. some benefit?
It seems that Google is reading my mail and this is supposed to be a good thing?

If the government read your mail to keep you from getting "junk mail" you would be up in arms. but because it is Google and people do not take the time to learn their tech then it's OK for them to filter based on content.

The fact that Gmail publically states they read your mail, regardless of the benefit (protecting people from their own stupidity) in not a reason to rejoice.

Here is a heuristic tip you can include in your own filtering: "read the fine print". you'll make better decisions than a computer.

 
Navigating Security in the Cloud
Diya Jolly, Chief Product Officer, Okta,  12/4/2019
SOC 2s & Third-Party Assessments: How to Prevent Them from Being Used in a Data Breach Lawsuit
Beth Burgin Waller, Chair, Cybersecurity & Data Privacy Practice , Woods Rogers PLC,  12/5/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: Our Endpoint Protection system is a little outdated... 
Current Issue
Navigating the Deluge of Security Data
In this Tech Digest, Dark Reading shares the experiences of some top security practitioners as they navigate volumes of security data. We examine some examples of how enterprises can cull this data to find the clues they need.
Flash Poll
Rethinking Enterprise Data Defense
Rethinking Enterprise Data Defense
Frustrated with recurring intrusions and breaches, cybersecurity professionals are questioning some of the industrys conventional wisdom. Heres a look at what theyre thinking about.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-4095
PUBLISHED: 2019-12-10
IBM Cloud Pak System 2.3 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 158015.
CVE-2019-4244
PUBLISHED: 2019-12-10
IBM SmartCloud Analytics 1.3.1 through 1.3.5 could allow a remote attacker to gain unauthorized information and unrestricted control over Zookeeper installations due to missing authentication. IBM X-Force ID: 159518.
CVE-2019-4521
PUBLISHED: 2019-12-10
Platform System Manager in IBM Cloud Pak System 2.3 is potentially vulnerable to CVS Injection. A remote attacker could execute arbitrary commands on the system, caused by improper validation of csv file contents. IBM X-Force ID: 165179.
CVE-2019-4663
PUBLISHED: 2019-12-10
IBM WebSphere Application Server - Liberty is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 171245...
CVE-2019-19251
PUBLISHED: 2019-12-10
The Last.fm desktop app (Last.fm Scrobbler) through 2.1.39 on macOS makes HTTP requests that include an API key without the use of SSL/TLS. Although there is an Enable SSL option, it is disabled by default, and cleartext requests are made as soon as the app starts.