Google’s Gmail for Business Offers High False Positives

Excerpted from the March 28, 2018 IRONSCALES Blog, written by Eyal Benishti

 

Google’s Gmail for Business has had an overhaul and now claims to offer AI-powered security features. According to its marketing materials, it will now offer advanced protection against phishing and malware attempts. Fantastic?

Well, no actually. Of course, you’d expect me to say that but it’s not just my opinion!

Confirmed by the company itself via its G Suite Updates official feed“At launch time, the majority of these settings will be disabled for existing customers, because—depending on your domain configuration—they may cause false positives.”

 To make this crystal clear – and it’s Google saying this not me – most of the new features will be disabled on launch due to the possibility of high false positives.

Brilliant!

Forgive me for thinking that, perhaps in its rush to introduce the improved protection it knows its customers need, its been a little premature.

 

A Single Solution to a Multi-Layered Problem

This isn’t the only issue I have with the flag waving from Google of its new features.

Identifying links behind shortened URLs and scanning linked images will help protect users from malware attacks, and Google has advised that these options will be automatically enabled for existing customers from April 4 – although they can be disabled or customized prior to that date. However, alone these defenses simply aren’t enough for today’s complex email threats.

Criminals are canny creatures and their communications are devious by design. Every day they find new ways to evade detection from filters, just like those introduced by Google.

As an illustration, Business Email Compromise (BEC) attacks are wreaking havoc and costing businesses billions. These scams take one of three forms – either a fake invoice, a compromised employee email account of an actual employee or a spoofed email address to look like a real organization. According to figures released by the FBI, these scams have cost organizations more than $5 billion in losses over the past three years, spanning across at least 131 countries.

The issue is, if just one message gets through to a distracted or uninformed user who interacts with the criminal’s payload, the entire organization can find itself disabled – just like Google’s new functionality!

 

Advanced Mailbox Protection & Automated Response

According to Aberdeen Group, within 80 seconds of a phishing message arriving in an organization, someone will have interacted with it. Stopping most threats getting through is a start, but it’s not enough as it only takes one message to bring an organization to its knees.

While gateway-level solutions are beneficial for spam and malware filtering, organizations need to take a multi-layered approach that mitigates and remediates the risk before and after a phishing email has landed in the inbox as fast as possible.

Email-borne threats are a major issue for organizations, with many finding their targets, causing malware infections, credential theft and even persuading well-meaning employees to wire over cash. While it’s encouraging that the big players, like Google, are introducing security tools to help defend against the tide of Business Email Compromise (BEC), rushing them through and then having to disable them doesn’t bode well.

Organizations deserve solutions that have been carefully considered and thoughtfully introduced that actually work at point of introduction.

IRONSCALES’s Platform Solves All Advanced Phishing Threats: (BEC, APT & Ransomware)

Acting as a virtual security analyst, IronSights delivers advanced mailbox level anomaly detection, based on a patented contextual and human behavioral analysis that proactively combats impersonation and spoofing emails in real-time. Harnessing the power of machine learning algorithms, it studies every employee’s inbox to detect anomalies and communication habits based on a sophisticated user behavioral analysis. All suspicious emails are visually flagged the second they arrive, with a referral button for users to notify the SOC team. By utilizing machine intelligence, it’s able to reduce the risk of human error in identifying malicious emails giving organizations a mailbox-layer of defense to ensure unprecedented protection and threat remediation.

Identifying the threat is only one element so, when an attack is detected, that’s when IronTraps kicks in sending an automatic notification simultaneously to the security team and our own servers. A comprehensive phishing forensic examination of the suspicious email then occurs using our integrated and proprietary Multi-AV and Sandbox Scan. Working in conjunction with IRONSCALES’s advanced technology, IronTraps analyzes both the number and skill ranking of the user reporting the message, whilst also examining other proprietary analytics, to determine the most appropriate mitigation or remediation response. Once the attack is verified, an automatic enterprise-wide removal of all malicious emails occurs to prevent anyone else falling for the scam.

The final element is intelligence sharing and that’s why we created Federation, the first and only anti-phishing technology that provides a comprehensive real-time, anonymous and automated intelligence sharing ecosystem between companies that is integrated into the automated incident response layer. Once a rogue message is confirmed, all our customers are instantly protected from the same scam.

The only way to significantly improve protection from email-borne threats is to have an automated solution that shifts focus away from the gateway to instead concentrate efforts on the inbox – where the threat resides. GSuite users will definitely look for more visibility and control over the process, and at the moment the prevention offered by Google is simply not enough.

Take a look and see how we compare, then contact Chi to arrange a demo so we can prove to you the power our platform wields.

 

Free IRONSCALES 30-Day Trial

Share