Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Endpoint

5/31/2017
03:15 PM
Connect Directly
Twitter
LinkedIn
Google+
RSS
E-Mail
50%
50%

Google Arms Gmail Security with Machine Learning

Google rolls out four security updates to protect enterprise Gmail accounts from phishing, data loss, and other threats.

Google is adding four new security measures to protect Gmail business users from spam, phishing, data loss, ransomware, and other workplace security threats.

"Email attacks are constantly evolving, and the email attack vector is by far the preferred way for attackers to gain access to enterprise data," says Gmail product manager Sri Somanchi. "We see all kinds of attacks, including phishing, malware, and ransomware attacks."

Machine learning is a common theme in today's updates. Google reports about 50-70% of the messages Gmail receives are spam, and machine learning helps block it with over 99.9% accuracy. It's aiming to weed out spam with early phishing detection, Google's machine learning model used to selectively delay messages for phishing analysis.

The system learns by comparing genuine messages with a similar pool of fake emails, Somanchi explains. It tracks attributes of each message to find details that differentiate suspicious from legitimate mails, and uses those indicators to perform future phishing checks.

Gmail's phishing detection models integrate with Google Safe Browsing, a machine learning model for detecting phishy URLs. The two models combine techniques, like URL reputation and similarity analysis, to enable URL click-time warnings for malware links. The machine learning systems adapt as they find new patterns with the idea of improving accuracy.

Unintended external reply warnings are intended to help users think twice before sending sensitive data to third parties. If someone tries to respond to someone outside the company domain, they see a warning to verify whether they intended to send that email.

"Using forged emails to target enterprise users to reply with sensitive data has become an increasingly common phishing scam," Somanchi says.

Contextual intelligence determines whether the recipient is an existing or regular contact, so warnings are not displayed unnecessarily. Given the potentially severe consequences of phishing attacks, he continues, the warnings are set by default and can only be disabled by an administrator.

Google notes that it has also implemented defenses against ransomware and polymorphic malware.

"We correlate spam signals with attachment and sender heuristics, to predict messages containing new and unseen malware variants," Somanchi explains. "These protections enable Gmail to better protect our users from zero-day threats, ransomware and polymorphic malware."

All of these features will be available to enterprise users over the next one- to three days. All are also available to consumers, with the exception of unintended external reply warnings.

Today's rollout arrives nearly one month after a Google Doc phishing attack scammed more than one million users. Victims were tricked into clicking a link that enabled access to their Google Drive through OAuth authentication connections, giving the attacker permission to act on behalf of their account.

It also follows Google's February publication of data highlighting security threats putting organizations at risk. Research found attackers send 4.3 times more malware, 6.2 times more phishing emails, and 0.4 times as much spam, to corporate inboxes than to personal email addresses.

Related Content:

Kelly Sheridan is the Staff Editor at Dark Reading, where she focuses on cybersecurity news and analysis. She is a business technology journalist who previously reported for InformationWeek, where she covered Microsoft, and Insurance & Technology, where she covered financial ... View Full Bio

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
JulietteRizkallah
50%
50%
JulietteRizkallah,
User Rank: Ninja
6/6/2017 | 4:04:48 PM
New attack vector is unstructured data
This is welcome news from Google as we will see an increasing amount of breaches through emails which carry many sensitive unstructured data ( think board presentations attached to a gmail account of a Board member).
BPID Security
50%
50%
BPID Security,
User Rank: Strategist
6/1/2017 | 12:38:34 PM
Privacy v. some benefit?
It seems that Google is reading my mail and this is supposed to be a good thing?

If the government read your mail to keep you from getting "junk mail" you would be up in arms. but because it is Google and people do not take the time to learn their tech then it's OK for them to filter based on content.

The fact that Gmail publically states they read your mail, regardless of the benefit (protecting people from their own stupidity) in not a reason to rejoice.

Here is a heuristic tip you can include in your own filtering: "read the fine print". you'll make better decisions than a computer.

 
7 Ways VPNs Can Turn from Ally to Threat
Curtis Franklin Jr., Senior Editor at Dark Reading,  9/21/2019
Security Pros Value Disclosure ... Sometimes
Dark Reading Staff 9/19/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: I wish they'd put a sock in it.
Current Issue
7 Threats & Disruptive Forces Changing the Face of Cybersecurity
This Dark Reading Tech Digest gives an in-depth look at the biggest emerging threats and disruptive forces that are changing the face of cybersecurity today.
Flash Poll
The State of IT Operations and Cybersecurity Operations
The State of IT Operations and Cybersecurity Operations
Your enterprise's cyber risk may depend upon the relationship between the IT team and the security team. Heres some insight on what's working and what isn't in the data center.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-10754
PUBLISHED: 2019-09-23
Multiple classes used within Apereo CAS before release 6.1.0-RC5 makes use of apache commons-lang3 RandomStringUtils for token and ID generation which makes them predictable due to RandomStringUtils PRNG's algorithm not being cryptographically strong.
CVE-2019-10755
PUBLISHED: 2019-09-23
The SAML identifier generated within SAML2Utils.java was found to make use of the apache commons-lang3 RandomStringUtils class which makes them predictable due to RandomStringUtils PRNG's algorithm not being cryptographically strong. This issue only affects the 3.X release of pac4j-saml.
CVE-2019-1255
PUBLISHED: 2019-09-23
A denial of service vulnerability exists when Microsoft Defender improperly handles files, aka 'Microsoft Defender Denial of Service Vulnerability'.
CVE-2019-1367
PUBLISHED: 2019-09-23
A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer, aka 'Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-1221.
CVE-2019-11277
PUBLISHED: 2019-09-23
Cloud Foundry NFS Volume Service, 1.7.x versions prior to 1.7.11 and 2.x versions prior to 2.3.0, is vulnerable to LDAP injection. A remote authenticated malicious space developer can potentially inject LDAP filters via service instance creation, facilitating the malicious space developer to deny se...