Send message to

Do you want to send the message without a subject?
Please note that your message can be maximum 1000 characters long
Special characters '<', '>' are not allowed in subject and message

Your message has been sent

You can find the message in your personal profile at "My messages".

An error occured

Please try again.

Make an appointment with

So that you can make an appointment, the calendar will open in a new tab on the personal profile of your contact person.

Create an onsite appointment with

So that you can make an onsite appointment, the appointment request will open in a new tab.

Forums it-sa Expo 2023 Knowledge Forum D

New innovations in email security - applying behavioural AI

Behavioural AI learns on your business data - respecting privacy - and stops spear-phishing and other targeted attacks

calendar_today Tue, 10.10.2023, 12:00 - 12:15

event_available On site

place Knowledge Forum D

Action Video


Action description





Education and training Awareness / Phishing / Fraud Data security / DLP / Know-how protection SIEM / Threat Analytics / SOC Trend topic

Key Facts

  • Fundamentally different, innovative approach to email sec.
  • Stop phishing, CEO & invoice fraud
  • Applying unsupervised machine learning to email security



This action is part of the event Forums it-sa Expo 2023

Action Video

grafischer Background

This video is available to the it-sa 365 community. 
Please register or log in with your login data.

Action description

The use of the right AI can have significant advantages for email security. The behavioural approach using unsupervised machine learning is trained on the email data in your organization. Because of this, deviations in behaviour can be identified and stopped based on the given context - for example (spear) phishing, CEO & CFO fraud, supply chain attacks or invoice-fraud.

The AI learns in-depth the communication patterns between internal and external users, how emails are exchanged with third parties, what topics are being discussed, what types of links and attachments are being received and sent and hundreds of other data points. The AI builds up a model of your organization that is continuously evolving to discover deviations - attacks - and to stop them. Even complex metrics such as linguistic or syntactic complexity is being analysed. Thanks to this approach, even novel attacks that have never been seen before can be stopped.

As the AI learns your organization from the ground up, your organizational data is never shared with other customers. You keep control of your data. The AI is not trained on data from other customers, but is instead learning your bespoke organization based on your own data.

The approach presented here is vastly different to previous email security solutions - most of which are stuck in the arms race of threat intelligence, signatures and sandboxing. Even approaches leveraging supervised AI, trained on historic attack data, are fundamentally different to the approach suggested here, which is trained on your organizational data.

Even unintentional data loss can be reduced in this way - for example emails that are directed to the wrong recipients. The AI can learn this based on previous behaviour and anomalies - not based on signatures and rules that need constant maintenance.

The AI can surgically respond via API interactions to disarm links and attachments. It can hold back emails, put emails into spam folders or add contextual banners to emails to react to anomalies.

The best part? It works in the real world. As the AI sits behind all your other email security solutions (spam filter, gateway, ...) you can immediately see which attacks still make it through your current defenses, and what the AI could stop.

This talk will go into more detail on the unsupervised machine learning approach used here. Practical examples will be used throughout the talk.
... read more

Language: German

Questions and Answers: No


show more
Remember Remove

This content or feature is available to the it-sa 365 community. 
Please register or log in with your login data.