Vade Expands AI-Based Threat Detection with New Computer Vision Engine
Adrien Gendre
—October 16, 2019
—3 min read
Based on deep learning algorithms, Vade’s Computer Vision Engine detects
common images used in phishing attacks, including brand logos, QR
codes, and text-based images
Boston, Mass. - October 16, 2019 - Vade the global leader in predictive email defense, today unveiled its new Computer Vision Engine, a proprietary technology now available in all Vade products that enhances phishing detection accuracy.
Trained to view web pages and emails as humans see them, Vade’s
Computer Vision Engine identifies brand logos, QR codes, and text-based images, thwarting phishing attacks designed to bypass content filtering technologies and even computer vision algorithms relying on template matching or feature matching.
“Cybercriminals are carrying out increasingly targeted and dynamic phishing attacks, going so far as changing every element of the code in order to evade
detection,” said Sebastien Goutal, Chief Science Officer, Vade. “Such attacks often contain thousands, even millions, of unique emails from a code point of view, but to the human eye, the messages appear identical.
Vade’s Computer Vision Engine accurately detects common images in phishing attacks by analyzing the rendering instead of the code, adding another layer to our best-in-class AI-based threat detection capabilities.”
Vade’s Computer Vision Engine is based on the VGG-16 and ResNet CNN object detection deep learning algorithms. Through the process of Transfer
Learning, these algorithms have been optimized specifically to detect
common images in email threats using examples from Vade’s 600 million protected mailboxes. In addition, Vade has developed a proprietary algorithm that combines predictions from the two algorithms to render a final verdict that is leveraged in its multi-layered analysis for phishing detection.
The Vade Computer Vision Engine currently supports the following use
cases:
- Brand logo detection – Cybercriminals subtly modify logos to fool template matching and
feature matching algorithms while still being recognizable to humans. The Vade Computer Vision Engine has been trained to detect 66 logos across the 30 most impersonated brands, including Microsoft, PayPal, Netflix, Bank of America, and Facebook. The engine can also detect key product logos, such as Microsoft Office 365 and OneDrive. - QR code detection – Cybercriminals often use QR codes in lieu of URLs in order to
evade detection by URL scanning technologies. The engine can detect and blacklist QR codes, providing additional protection against this phishing technique. - OCR for text-based images – To avoid detection by content filtering technologies, cybercriminals send image-only torsion emails (e.g scamsthat are screenshots of plain text emails). The Vade Computer Vision Engine leverages OCR capabilities to understand the
text in images and block these threats.
Extending Vade’s Track Record of AI-Based Innovation
The Computer Vision Engine extends Vade’s long track record of innovation in applying artificial intelligence in the fight against advanced email threats. Partners and customers currently benefit from the following AI-based capabilities:
- Supervised machine learning for phishing detection – Supervised machine learning models perform real-time analysis of the URL and webpage, evaluating more than 40 features (e.g. how the page and form are crafted, use of redirections and shorteners, obfuscation techniques, etc.) to determine whether it’s fraudulent.
- Anomaly detection and NLP for spear phishing detection – Anomaly detection and natural language processing (NLP) scan for patterns, anomalies, and behaviors common in spear phishing emails. If spear phishing is suspected, a customizable banner is displayed within the email alerting the user.
- AI-based auto-remediation – Leveraging a real-time view of emerging global threats from 1 billion mailboxes, Vade’s AI engine learns from its mistakes and takes immediate action to remove any threats that have reached users’ inboxes. This capability is uniquely available in Vade for M365 thanks to its native API integration.
Available in all Vade products
The Computer Vision Engine is leveraged by all Vade products, including its native, API-based solution for Office 365; its cloud-based solution for Exchange, G Suite, and other environments; and its Content Filter SDK for ISPs and telcos. Vade will continue to develop the engine to support additional use cases.
To learn more about Vade’s anti-phishing capabilities, visit
https://www.vadesecure.com/en/solutions/anti-phishing-2/
About Vade
Vade helps SMBs, enterprises, ISPs and OEMs protect their users from advanced cyberthreats, such as phishing, spear phishing, malware, and ransomware. The company’s predictive email defense solutions leverage artificial intelligence, fed by data from 600 million mailboxes, to block targeted threats and new attacks from the first wave. In addition, real-time threat detection capabilities enable SOCs to instantly identify new threats and orchestrate coordinated responses. Vade technology is available as a native, API-based offering for M365; as cloud-based solutions;
or as lightweight, extensible APIs for enterprise SOCs.
For more information, visit www.vadesecure.com.