How xorlab is transforming the email security game for defenders

Founded in 2015 and spun out of ETH’s Laboratory for Software Technology, xorlab harnesses machine intelligence to defend organizations against never-been-seen-before cyber threats in email, and soon also in other services like Slack, Teams or Confluence. Its software understands human communication behavior and relationships to uncover even the most sophisticated attacks.

According to CEO and Co-Founder Antonio Barresi, xorlab was created at a time when “the trend was that you cannot solve every problem with technology and that you still need the human in cybersecurity. In addition, there were a lot of companies focused more on detection and response rather than on prevention, especially in the email security field. Not a lot of innovation was happening there.”

This is what xorlab is changing. “We were saying that we could do better with technology, not that there is no human factor in email and messaging security. We strongly believed that we could do better prevention with technology and that we could innovate in the email security field.”

xorlab’s contextual threat detection engine understands local context, communication relationships and behavior, and knows what the typical communication patterns of an organization are. The company then uses this understanding to proactively protect organizations against emerging threats. “As we are solving different use cases– not just phishing or malware–there isn’t one technological building block that solves everything,” said Barresi. “We build an understanding of what is legitimate and we use that to prevent new attacks when we see them for the first time.”

Utilizing machine intelligence to enhance threat detection and automate email security workflows

What does xorlab identify as the main pain points it is looking to solve? “We see that companies struggle considerably with email attacks. Especially if you don’t use any more advanced technology, a substantial number of attacks still makes it to the user inbox. And as the majority of successful breaches start with a malicious email, this is a key pain point,” Barresi explained.

“The other pain point we are tackling is automating processes, specifically the process where employees can report suspicious emails and receive feedback in a timely manner. Imagine the employees of an enterprise being able to report any email without generating costs while always getting a contextual feedback saying what the email is. As security is usually perceived as an obstacle or not seen at all, this is a particularly great way to engage with users and to offer visible value to them.” This, Barresi noted, is more about reducing costs, enjoying the benefits of automation, and providing a visible security service to the end-user. “These are the main pain points: reduction of the risk of breach, cost savings, automation, and offering a visible and highly valuable security service to the end-user.”

Challenges and new approaches

Whilst the CyberTech market is growing with force as new technological innovations come onto the market, there are a lot of cases of CyberTechs crashing and burning. Why is this the case and how can it be dealt with?

“Talking specifically about our space in messaging and email security, what we’ve seen is that there wasn’t a lot of innovation happening. Instead, traditional solutions tried to solve a problem–one that has changed in the last five to seven years–by using concepts that have once worked but do not work anymore because they rely on attacks not changing too quickly,” Barresi explained.

“In the last few years, attackers have invested heavily in their infrastructure and tools, and what we’re seeing today is that phishing campaigns are getting more sophisticated, and they’re very dynamic. Even phishing emails within the same campaign look different, come from different mail servers, and have different links. There is also more sophistication in the form of attacks. Trying to apply the old technology–that worked for an old problem–to a new reality, where the problem has massively changed, can lead to many CyberTechs failing. But in general, CyberTech is a very challenging field as the problem we are solving is constantly changing. Such a dynamic field always carries risks, even for the best and most innovative companies.”

What new approaches are required?

In the email security space, Barresi believes the sector should focus more on understanding what legitimate email communication is and how to further reduce the attack surface within the email channel.

Going forward, the industry needs solutions that understand what should be allowed instead of trying to determine what is bad based on a static definition of what was considered malicious in the past.

Another approach is attack surface reduction. “This is a very strong concept that we’ve seen applied in different fields. It’s about making it expensive for attackers by removing the attack surface completely, as long as it’s not absolutely necessary,” Barresi added. “If you look at email as an attack surface, it’s quite astonishing to see that a lot of file formats are allowed, although they may not be required for the business to function. This is an unnecessary attack surface that can be misused.”

He further explained that “At xorlab, we help security teams gain control of the email attack surface across tens of thousands of individual relationships in real-time by running both static and dynamic analysis on all incoming emails, and then deciding if we actually want to allow a certain file type or link. Imagine a solution that only allows VBA script in Office documents in communication relationships, where this is actually needed, and stripping it everywhere else.”

Pandemic effects

When discussing attack surface, the effects of the pandemic across a wide range of industries cannot be overlooked. One of the biggest trends has been the move to remote working. This particular trend has driven the uptake of communications tools such as Zoom as people find new ways to conduct their business. According to Barresi, this has helped to expand the attack surface.

He commented, “With people now using their laptop from home and an internet connection that is not under the control of an organization, the attack surface has definitely expanded. For attacks on the technical and the psychological level, people may be more isolated than before. In these circumstances, it may be easier to trick people into clicking on certain links when they’re at home compared to when they’re in the office.”

“If you’re in the office, you may have your colleagues nearby and you can mention that you have received a weird and suspicious email–everyone in this environment can tell you that they have received the same email or none at all– whereas you can’t get this kind of environment at home.”

CyberTech trends

As an industry that is seeing heightened attention due to the increasing number of cyberattacks that are plaguing governments and companies globally, there are a number of key trends that are currently taking center stage. What trends stand out for xorlab?

“One of the key trends, as already mentioned, is that of remote working, along with the main aim of making it safe,” Barresi said.

Alongside remote working, Barresi mentioned supply chain and ransomware attacks, and cloud security management as other top trends.

He also noted the challenges around communication, “There are also trends in communication, not just by means of email but also in platforms like Slack and internal messaging channels. We’re starting to understand that email is not the only communication channel that can be attacked. Communication channels like Teams or Zoom can also be attack vectors.”

“If you invite people who you don’t know that well, you may never know what kind of things may be shared through those channels. In addition, social engineering attacks are getting more sophisticated, with attackers constantly investing in their tools and infrastructure.”

Plans going forward

Going forward, xorlab has its sights set on growth and expansion. Barresi remarked, “We did a Series A at the end of last year and now it’s all about growth, expansion, and bringing our technology to other regions. We have a strong customer base in Switzerland already, and we are now expanding into Germany and Austria. We are also looking at the UK and the US.”

“As cybersecurity threats are always changing, the product we are developing will never be done and we will have to continuously invest and innovate. This is something we are already doing. We aim to not only expand on the customer side but also to mature as a company and push our product and technology forward.”

While the company has predominantly focused on email security in the past, Barresi stressed that xorlab’s aim is to build a comprehensive communication and collaboration security layer throughout multiple services in the years to come.

Copyright © 2022 RegTech Analyst

Enjoyed the story? 

Subscribe to our weekly RegTech newsletter and get the latest industry news & research

Copyright © 2018 RegTech Analyst

Investors

The following investor(s) were tagged in this article.