Celebrate National Email Week with us as we present an exclusive interview on the ever-evolving subject of email security. We are honored to introduce Gil Friedrich, the Vice President of Email Security at Check Point, who will be sharing his extensive expertise and insights. Join us as we navigate through the intricacies of email security and delve into the cutting-edge technologies needed to protect digital communications.
In this engaging conversation, Gil Friedrich sheds light on the pivotal role of artificial intelligence (AI) in combating malicious email threats and so much more. As we unravel the complexities of securing electronic communications, you’ll gain invaluable insights and actionable advice. Read on to discover the latest advancements in email security and empower your team to prevent and defend against emerging threats.
1. Help our readers get to know you. Please tell us about yourself and what you do: My name is Gil Friedrich. I’m the VP of email security here at Check Point. I came to Check Point through the acquisition of Avanan (2021), where I was Co-Founder and CEO.
2. Would you like to share a bit about how you decided to start Avanan?
Back in 2013-2014, my co-founders and I were all working together at another very successful IT security company, which helped secure internal networks. All was going well, but in conversations with customers, time and time again, they asked about how we could implement our technology in the cloud. We noticed that pretty much all existing vendors were asking themselves how to adapt their old tech into the cloud. Instead, we believed that the right question to ask was ‘what should be done to secure cloud and SaaS?’ Specifically, we saw the proliferation of APIs and cloud-to-cloud connectivity, and believed that if we were to leverage APIs to implement security, we would end up having a superior solution. With this cloud-first approach for security, we started meeting with prospects that quickly directed us to Office 365 as their most popular service and phishing as their biggest problem. We were the first, or among the first to implemented machine-learning (ML) and Natural Language Processing (NLP) to solve the phishing problem. So, with this cloud-first and AI-first approach to email security, we quickly found ourselves in a position to reinvent how email security was delivered and started getting a lot of traction from customers.
3. Can you speak to the need for email security in the modern threat landscape?
Email is the number one cause of breaches. It is estimated that around 90% breaches start with email. Hackers are getting significantly more sophisticated with the types of email scams out there. The sheer deluge of email scams requires advanced solutions that focus on AI and NLP (Natural Language Processing).
4. What are business leaders missing when it comes to email security? Where is the gap in understanding?
Email is often seen as being trusted to Microsoft or Google. Sure, these native solutions do work in preventing some threats, but certainly nowhere close to enough. Thinking that default security has it under control means they’re not looking under the hood to see the real issue. Utilizing a solution that can catch the email attacks that the default security misses is a big step forward.
5. How does Avanan’s email security solution differ from traditional solutions?
As email transitioned to cloud-based email (mostly Microsoft 365 and Gmail), so did how email security is implemented. In the past, the security relied on gateways, while modern email security technologies rely on APIs and cloud-to-cloud connectivity. We were fortunate to lead this transition, which is now becoming the best practice; so that’s the first differentiator compared to the legacy vendors of email security. Secondly, among the API vendors, we’re the only one that can block the attack inline – really protect the inbox. This is also one of our key patents. What it also means in addition to preventing any end-user exposure to the attack, is that we can offer the full capabilities expected from an email security solution; something the other API-based solution cannot deliver. So, having an API-based solution that has a full prevent-mode is unique to us and a key driver to our continuous success.
6. How has Avanan’s product been integrated into Check Point’s Infinity architecture?
For those that don’t know “Check Point Infinity” is the unified UI that has all of Check Point’s products inside a single pane of glass. In addition to having all products inside one view, it also consolidates security events from all products to single screens and reports, and correlates events from different products to provide the full picture. It really reflects the power of a complete solution vs a set of point solutions.
HEC has been fully integrated into the Infinity architecture. From the day-to-day management, to sending events to the shared data-lakes, to taking actions from events of other products, all of that has been made available. In addition, we have integrated with ThreatCloud, a one of its kind Threat-Intel source from everything Check Point sees across all products. ThreatCloud analyzes over 2 billion websites and files, performs 30 million file emulations, and gets updates on close to 2 million malicious indicators every day. It is also the source of data for a lot of the AI training we do. It allows for unparalleled AI prevention across the enterprise suite. Finally, it serves as a threat-feed, so whenever a threat is detected from a firewall or endpoint, it is automatically and instantly updated across all devices and all customers.
7. Would you like to speak about how Avanan/Check Point Harmony Email & Collaboration use AI to prevent malicious attacks? One of the first things we learned early on the “AI journey” was that relying on a single AI model for all email was not the best approach. That approach will keep you in a constant struggle balancing between false-positive and false-negative rates. Instead, we adopted a multimodality approach that I’m happy to see has seen become the emerging best practice in AI. A way to think about it is similar to how different regions in the brain carry out specific functions. Similarly, different AI models provide different insight that are then integrated into a single answer. For example, the advances in language analysis allow us to have the ML understand what the email is about. Have the machine understand the context, if the sender expresses urgency, and so on. With that context, we’re able to run dedicated ML-models tailored to that type of email. If for example, it’s an email from an automated network device that comes out periodically, then that’s evaluated through one lens. But if on the other hand, it has financial related content, with a request to change a bank account that also expresses urgency, then obviously the type of algorithm and the weight provided to the authenticity of the sender is of a different level and is achieved through a dedicated AI model. In total, the AI scans for over 300 phishing indicators, as well as impersonation for person and domains. We build social and reputation graphs by scanning a year’s worth of emails and conversations. We also inspect email metadata and headers, attachments, and more.
Another strong indicator where AI comes handy is stylometry. Now, with generative AI, everyone can experiment with tasking ChatGPT to write similar content in different styles. For phishing detection, we use these capabilities in reverse. The AI learns the style of different writers from prior legitimate communication. Every future email is then compared to that baseline to indicate how similar or how likely it is that the writer is the same vs. a potential sender from a compromised account. This proves very important to protect from BEC, where your partner account is compromised and is used to attack you.
Another important difference is the data available to us for training. Everyone now understands the importance of the training set and we see the competition between the different generative AI vendors on how to train on the latest data available on the internet. For us, the advantage is that we have data others don’t have. First, compared to legacy email gateways, we are installed as the last layer and we know what bypassed Microsoft and Google. Because we see the attacks they miss, we can train and make our algorithm much better tuned to catch the most sophisticated and evasive attacks out there. Secondly, we are incorporating information from ThreatCloud, Check Point’s data lake of attacks from all sensors. This, we believe gives us the largest and most in-depth training set for our AI, leading to the best detection capabilities.
8. What kind of reporting and analysis capabilities does the Avanan/Check Point Harmony Email & Collaboration solution provide to help organizations assess email security risks and to identify potential areas for improvement? We have started using a specialized focus of UI called “Analyst Interface”. An analyst, which is who are system users are, is a more sophisticated user on average, that needs a vast amount of information presented effectively. They need to handle a lot of events of different types, quickly and efficiently.
To achieve this, everything an analyst needs to investigate email security is provided on a single screen. Analysts can see everything — email headers, body, etc. They can review all indicators of the ML and AI to understand why the decision was made. They can also search for similar emails from a single pane of glass and do global clawbacks. This helps them analyze and collect comprehensive data on active threats to their email environment including:
- Sophisticated phishing attacks
- Malware attacks
- Data leak events
- Account takeover events
In addition, managers need to see periodic reports and trends. We provide a default weekly report that includes comprehensive summary data and offer the ability to run his report ad-hoc on a configurable time period. Finally, the data can be exported or pulled via API to external platforms for further analysis.
9. What innovative developments is Avanan/Check Point working on to stay at the forefront of the industry? We are constantly innovating and working on new features to help stop the most advanced email threats. One thing, among many, that we are focused on is BEC 3.0 attacks. This type of attack leverages legitimate sites to send out phishing information. Traditional NLP isn’t effective for this because the emails are 100% genuine (coming from a legitimate service with identical language), and so we’ve already deployed and will continue to deploy new sets of tools to prevent these damaging and hard-to-decipher attacks. We’re working on many exciting things with generative AI as well, for example auto-identifying if a text was generated by a machine or a human as a way to help block hackers from leveraging ChatGPT or similar for phishing attacks.
10. Is there anything else that you wish to share with our executive-level audience? Email is unique compared to other lines of communication because by design we allow everyone in our organization to communicate with anyone in the world. This is why so many attacks start with email and that is not going to change. The problem the default security from Microsoft or Google have is that they are the default – hackers first make sure they are able to craft an attack that will bypass them and then unleash the attacks. This is why security-aware organizations should not rely on the default alone. Adding another layer to secure your email is one of the most important security investment. By stopping the number one cause of breaches in its tracks, your organization can secure your data and people and prevent costly damages down the line. A more secure email service is a better secured organization.
