Google turns to machine learning for additional email security
Suspicious Gmail messages to corporate users of the cloud email system will be delayed for up to four minutes while the message content is scanned and links in it are checked for malware by new machine learning software, Google said Wednesday.
In a blog post, Andy Wen, the company’s senior product manager for counter-abuse technology, unveiled several new security features for G Suite, Google’s collection of email and other cloud tools for enterprises. The features are designed to protect users from unwanted commercial spam and phishing emails designed to trick users into entering passwords, clicking malicious links or downloading booby-trapped attachments.
Early phishing detection, Wen wrote, is “a dedicated machine learning model that selectively delays messages (less than 0.05 percent of messages on average) to perform rigorous phishing analysis and further protect user data from compromise.”
“Gmail’s security experts have developed a new algorithm that flags and delays potentially suspicious messages,” explains a more technical posting for system administrators. “This selective delay facilitates additional checks on the content of the message prior to delivery and benefits from real time updates to the spam filter — as well as up to date phishing protection from Google’s Safe Browsing technology” — which is constantly collating new warnings about malicious URLs.
The new algorithms, writes Wen, “combine a variety of techniques such as reputation and similarity analysis on URLs, allowing us to generate new … warnings for phishing and malware links. As we find new patterns, our models adapt more quickly than manual systems ever could, and get better with time.”
The technical post adds that “This feature is not a replacement for anti-malware/phishing software, and we do not recommend using it in place of your organization’s existing security software.”
This GIF from Google shows the company’s new “unintended external reply warnings” for corporate Gmail accounts in operation
Other security measures introduced Wednesday include an “unintended external reply warning” to help prevent corporate data leaks or loss. When a G Suite user seeks to reply to an email from a sender outside of their company domain, they receive a warning to ensure they intend to send that email outside the corporate firewall. “And because Gmail has contextual intelligence, it knows if the recipient is an existing contact or someone you interact with regularly, to avoid displaying warnings unnecessarily,” Wen writes.
Gmail engineers also unveiled new anti-malware measures.
“We now correlate spam signals with attachment and sender heuristics,” writes Wen, “to predict messages containing new and [previously] unseen malware variants. These protections enable Gmail to better protect our users from zero-day threats, ransomware and polymorphic malware.”
“Machine learning has helped Gmail achieve more than 99% accuracy in spam detection,” concludes Wen.
