ESG's Dave Gruber talks with D.J. Sampath of Armorblox about Social Engineering Email Attacks.
Watch part two of this ESG360 series:
Dave: Hi. I'm here with D.J. Sampath, CEO, and founder of Armorblox. Welcome, D.J.
D.J.: Thank you. Thanks, Dave for having me.
Dave: I know Armorblox has spent a fair amount of time focused in on email security and you guys have been investing heavily in natural language processing techniques. But maybe we can start out just by talking about some of the big challenges with email security today. And we've heard a ton about spear-phishing attacks, business email compromise. Security organizations today utilizing traditional tools and technologies haven't been able to stop a lot of these, why is that?
D.J.: One of the challenges that the security teams are struggling with is that they don't have the right controls, security controls to understand data. Most of the security organizations today have legacy solutions that provide something called a SEG or security email gateway. Now SEGs are exceptionally good at stopping spam and as you know very well, they're not so good at stopping social engineering attacks.
To be able to understand, you know, what is a social engineering attack, you have to understand what it is that's coming inside of your mailbox and the context of how does it correlate with all of the things that you've seen inside of your organization. American organizations are losing $8,000 every single minute that we spent talking about social engineering.
Dave: Wow. So what makes social engineering attacks so different than other types of attacks?
D.J.: When you think about, you know, traditional forms of attacks, it was largely, you know, "Hey, here's a link, click on a link." But or perhaps even "Here's a file, download this file." And it ends up being a malware. What's happened recently is that attackers have realized that there are, you know, good enough solutions that help detect this and stop this.
They're starting to go after what I like to call business process or business workflows. For our business to be successful, you've got to be able to move fast. And to do that, a lot of the repetitive processes get automated away. So if you were to break this down into, "Hey, what's sort of the role of people and what are the automation pieces that are being given away to machines?"
It's sort of the interplay between both that the social engineers exploit. So to give you an example, a lot of organizations process a ton of invoices and the classic thing that most people do is, you know, they have somebody, a person, look at an invoice, say that, "Hey, that's a $100 invoice and mark it as approved and forward it to a mailbox."
At which point the machines take over, right? And this process was exploited by a gentleman between 2013 to 2015, a, you know, Lithuanian gentleman who extracted over $100 million from Facebook and Google. They automated the process, it was socially engineered.
Dave: Wow. Wow. So it's sort of preying on the human element that has become the weak point in the mix here? But it sounds like it's not just the human element, it's also the predictable machine element as well and the interactions between the two. So how do we think about securing that style of attack when we don't have control of the human element?
Many organizations have implemented training solutions with the thought that when we need to teach our humans to behave differently or to think differently and to be more aware of what's happening. Should we put that much effort into the human element of this piece or is this a problem that we think we can solve differently?
D.J.: It is unfair to ask humans to say or people to say don't do, you know, go against your natural instincts. Now you don't want people to not be helping each other, right? But at the same time, you know, the role of the security teams inside of these organizations is to provide the right amount of context and control, you know, at the most appropriate time.
So, you know, at Armorblox, we sort of think about this as being able to provide two crucial controls to the security teams, the first one being context and the second one being content itself. Now when you think about context, it's absolutely important to understand where the email is coming from, has that person ever sent you that email before?
It's really behavior of communication patterns between the sender and receiver. Now when it comes to content, it becomes important to have the appropriate controls to recognize what that content really is to reason about the content. At Armorblox we sort of focus on bringing these two controls to the security organization so they can inform the users inside of their enterprises at the right time, before they respond, before they click on something, It gives them the information.
Having the right content and context being presented to the end-user at the right time is really the key.
Dave: Great. I want to understand more about how Armorblox applies the concept of natural language processing to this problem set. Could you stick around a little bit and maybe we could record part two?
Dave: Excellent. Thanks.