A new way to detect CXO impersonation

This is our first public ‘product update’ since we started RavenMail this year. We’ve had lot of 1:1 conversations with some of you reading this, we will reiterate what we are solving for

Today’s email security products doesn’t solve for the new-threat landscape realities

• Not built to prevent for AI-powered attacks (Check Malla's)

• Can’t custom configure without using Powershell / Regex / DSQL

• Doesn’t have control on human-behaviour in real-time

One of the paradoxes that email security has - it has the most 'organisational context’ yet it uses very little of it to make it work effectively for your organisation.

Example: The detection logic works exactly same for a tech start up vs. a regulated Pharma company.

We are building “Context-Aware Email Security” that is adaptive to modern security problems

Beta Launch in Sep’24: CXO Impersonation Detection

Human impersonation is one of the difficult problems to solve - it is low volume & high impact scenario. Even big techs like Facebook & Google lost millions of $ to attackers.

Traditional email security methods focus primarily on technical indicators rather than content and context.

They check for malware, bad links, or spoofed addresses, but not the appropriateness of the request itself. Here's why this approach is insufficient:

1. Inability to understand communication patterns: They can't detect if a supposed CEO's email style differs from their norm.

2. Lack of integration with business processes: There's no awareness of typical approval chains or transaction procedures.

3. Absence of real-time learning and adaptation: These systems can't evolve with changing organizational dynamics.

4. Over-reliance on predefined rules: Rigid rule sets can't account for the nuanced and evolving nature of business communications

AI-Native approach to solving CXO Impersonation

We have fundamentally relooked at our security engines & detectors to solve for challenges like data availability for training, optimising resources & explainable verdicts.

Key Features:

1. Modular architecture with independent detectors that can change with growing number of internal & external signals

2. Tiered model that has explainable verdicts at each layer

3. Multi-modal understanding (Text + Images + links etc)

Architecture:

1. Detection Layer: Multiple independent detectors

2. Classification Layer: Combines detections to produce final verdict using SLMs

Notable Detectors:

• Context & Relational-based Detectors

• Spoof & Typosquat Detectors at each layer - not just display name

• Content authorship detector (still under testing)

• Communication Frequency Detectors

Key Innovations:

• Combination of org & business domain context with mail graph

• Automated labeling using enterprise-grade language models

• Authorship certainty