Do you remember when attackers were sending the same email to everyone? Those days are long gone! Attacks are now more targeted, creative, and leverage reputable cloud applications to initiate malicious attacks that evade reputation detection engines.

The use of Machine Learning and Deep Learning models allows us to understand the intention of the message, who is sending it, and if the sender is pretending to be someone they are not. It also allows us to learn what a legitimate message looks like and identify the parts of an email that indicate malicious intent, making it easier to predict those markers in the future.

Cisco Secure Email Threat Defense uses these models to leverage multiple detection engines that simultaneously evaluate different portions of an incoming email to detect malicious intent while allowing legitimate messages to go through.

How do we do that? By generating signals based on data-driven detections. We then leverage those signals to create a verdict. However, it is important to understand that a signal generated does not mean a conviction as a signal alone does not provide the necessary information to decide the intent of the message.

Figure 1-Example of a Business Email Compromise detection and the generated signals

A notable example of how Cisco uses AI is the relationship mapping between senders and recipients. On average, only 8% of the incoming email traffic of an organization comes from new senders while the remaining 92% is from existing senders. However, if we consider the malicious messages, 90% of them come from new senders that were never seen before. Being able to understand if the sender is new or not generates a signal, which in conjunction with other signals, can be used to reach a verdict.

Another great example of how our solution leverages AI is the capability of detecting the impersonation of users and brands. Many times, attackers try to hide behind well-known brands to lure the user to trust their requests. Although there are mechanisms for email security to minimize these attempts (DMARC compliance), attackers can still reach the end user. AI allows us to understand which brand is being impersonated in the messages by searching for logos and other brand-related information.

We can then analyze the content of the message (subject, message text, request, signature, etc.) with what we know to be legitimate messages from that brand. If something doesn’t match, we generate a signal that will be used as part of the conviction decision.

There are other ways where we leverage AI like QR-code detection, call to action requests, sense of urgency, fake replies, and many other techniques that are used to trick the user.

Figure 2-Process of QR code detection in Email Threat Defense

With AI, even if the attacker changes the message text, format, or intent of the message, the Email Threat Defense will detect the threat and prevent these malicious messages from reaching the end users — keeping businesses and information safe!

When considering AI-driven email security, one thing is clear, the landscape of digital defense has been forever altered. By leveraging AI, businesses now have a powerful tool to use against evolving threats that target their users and information.

You can count on the Cisco Secure Email Threat Defense to keep your business and information secure. To see these signals in action, start a free trial today.

To read more about the AI in Secure Email Threat Defense, read the white paper.

We’d love to hear what you think. Ask a Question, Comment Below, and Stay Connected with Cisco Security on social!

Cisco Security Social Channels



Sergio Pinto

Technical Leader

Cisco Secure Email Technical Marketing