Armorblox has expanded its use of Natural Language Understanding from the solution’s core engine to specific business workflows, like preventing data loss in Microsoft Office 365, Microsoft Exchange and Google Workspace.

Today, Armorblox is announcing a major enhancement to the Data Loss Prevention [DLP] capabilities it provides to its cloud delivered email security platform. Natural Language Understanding [NLU] has always been a part of the platform. Now, however, it has been expanded in what Armorblox is calling Advanced Data Loss Prevention. While NLU has been part of the core functionality it is now being extended to new use cases, such as preventing data loss in Microsoft Office 365, Microsoft Exchange and Google Workspace.

“We have been talking about the convergence between email security and DLP for years,” said Anand Raghavan, Chief Product Officer at Armorblox. “Customers had to buy too many point solution products that don’t talk to each other or learn from each other. That’s where NLU comes in.”

NLU uses deep learning models that take multiple different approaches to assessing the integrity of language in the body of an email.

“Let’s say you have an email coming from a senior executive, that asks for a request to have something done, or for a wire transfer,” Raghavan said. “Legacy solutions put a tag on things coming from an external email, but since most sales contacts are external, this isn’t very effective. In these attacks, the attack is in the body of the email. It is in the language of the email. We have a fraud model based on multiple deep learning models that can identity sensitive business workflows with a much higher degree of confidence. One deep learning model looks for things around deadlines. Another is focused on financial terms. All of the deep learning modules are configured to understand language. In 2020 Gartner created a new category – cloud office security – and we were one of the cool vendors in it.”

Raghavan added that while the traditional approach to anti-phishing involves signals around bad domains, this doesn’t keep up with changing attacker tactics.

“Now they put a bad link on a ‘mom and pop’ site, which won’t show up as a bad site. Using computer vision-based brand impersonation detection, we track it down to the final destination site. Then we can identify if it looks like a proper sign in-page, so that with a high degree of confidence we will know if it is a bad email.

“We are also API-based so we don’t have to make DNS or other changes to the email environment,” Raghavan continued. “Because we can build these custom models, if gives us unprecedented visibility into what is normal and not normal for each organization.”

So what exactly is new with this release, and what is Armorblox’s Advanced Data Loss Prevention all about? Essentially it extends the functionality of NLU in the platform by extending it to analyzing email content for business workflows like Invoice, Payroll, Payments, Wire Transfer, Medical Records Management, Legal Documents.

“We used NLU to solve the hard problems first,” Raghavan said. “For example,  9-digit identifiers for Social Security numbers also trigger false alerts with Zoom meeting IDs. With NLU, those false positives can be removed. Now we are extending that to business workflows covering other areas. If someone is sending out 100 credit card numbers in an email, we can now identify that, and impose a limit on the number of credit card numbers in an email to something more reasonable, like three numbers. This also greatly reduces the number of false positives in this kind of email content compared to legacy solutions, by a factor of 10x.”

Raghavan said that Armorblox can solve a lot of problems across these different verticals with their platform-based approach.

“Everyone claims to stop Business Email Compromise,” he said. “We go much further with a solution that is designed as a complement to existing solutions like Proofpoint or Mimecast – at least initially.” Longer term, they envision it as a replacement for them in Armorblox’s core area, and specifically are looking to take advantage of recent channel discontent with these legacy companies.

“After the acquisition of Proofpoint and Mimecast by private equity, there has been some unhappiness in the channel, which has seen them looking more at API-based vendors like us,” Raghavan noted. “The channel can use us as an augmentation solution. We don’t do some of the things that the legacy vendors  do, although we do replace some things like TAP [Targeted Attack Protection] from ProofPoint. Using language techniques, we have also completely automated about 95% of the work for the security teams.”

Raghavan said that the upgraded version of Armorblox will be easy for partners to use.

“They should be able to do it without much difficulty at all,” he indicated. “We have good integration partners as well like Intermedia. Fidelity is also an exclusive partner of ours.”