Armorblox helps Caltech secure their students and faculty against targeted email attacks
The California Institute of Technology (Caltech) is a private research university in Pasadena that is world-renowned for its strength in science and engineering as well as its focus on the instruction of pure and applied sciences.
With a large and diverse set of students streaming through the gates every year, ensuring they have an open yet secure learning experience is critical for Caltech. A key component of this security ideal is keeping malicious emails out of the inboxes of students, faculty members, and staff.
Caltech had built-in email security from Office 365 and had deployed a Secure Email Gateway (SEG) in front for additional protection against spam, phishing, and targeted email attacks. While spam was largely taken care of by these incumbent security controls, targeted email attacks were still making their way into inboxes.
RuthAnne Bevier, Senior Information Security Advisor at Caltech, said:
“Malicious emails that made it through to our users’ mailboxes were tough to identify and remediate programmatically using our SEG and other controls. In addition, systems that only analyze headers and metadata weren’t enough to reliably detect sophisticated threats like gift card scams or Business Email Compromise (BEC) attacks.”
Email risk is a reality for every educational institution. The 2021 Verizon Data Breach Investigations Report found that 50% of breaches in the Education sector involved social engineering. Around 80% of these social engineering breaches involved Pretexting as a tactic, which is heavily associated with BEC.
“Scammers are really good at getting information from university directories, knowing whom to impersonate, and finding the most likely recipients to target. We also get a cohort of brand new users - incoming students - on a regular basis, and these users don’t know which workflows are normal and which aren’t. Scammers exploit this uncertainty by hijacking predictable periods of change such as onboarding, the start of a new academic term, or commencement, with the ultimate goal of stealing money or data.”
Caltech was looking for an email security solution that augmented built-in Office 365 capabilities, provided effective protection against advanced phishing and targeted email attacks, and eliminated manual, repetitive work for the security team.
Armorblox inbound email protection
Armorblox connects over APIs with Office 365 to provide highly effective protection against targeted email attacks like BEC, account takeover, impersonation, and vendor fraud. By using Natural Language Understanding (NLU) and other detection algorithms, Armorblox stops advanced email attacks from endangering Caltech students, faculty, and staff.
Emails are automatically classified under granular threat categories (e.g. payroll fraud, payment fraud, phish URL in mail body, email account compromise), minimizing the need for custom policy setup and upkeep. Armorblox also automatically remediates a vast majority of detected threats, based on remediation actions configured by the security team (e.g. delete, quarantine, lock user account).
Armorblox has helped Caltech meet its email security objectives while also positively impacting its people and processes.
Improved protection against targeted email attacks
Armorblox provides highly effective protection against socially engineered email attacks targeted at the stakeholders Caltech serves. The vast majority of targeted email attacks are automatically remediated (delete, quarantine) by leveraging Office 365 APIs, keeping people safe without negatively affecting email availability or overloading the security team.
“We liked the fact that Armorblox looks at message body elements and learns from historical correspondence patterns. More recent capabilities that allow us to search for specific malicious emails and remediate them are also very useful and make our team’s life much easier.”
Time savings frees up security team for other projects
Armorblox has simplified and automated large portions of email threat protection at Caltech. The platform is easy to use and provides quick time to value for the security team without interrupting their daily work. Suspicious emails are analyzed by Armorblox and automatically remediated across user mailboxes if they flag existing detection categories.
“It’s been very helpful to have Armorblox match malicious or fraudulent emails with similar messages that landed in other user mailboxes. Our manual filters have to be exact, but Armorblox does a more fuzzy match on emails that saves us time while remediating targeted attacks.”
Security teams are also able to provide feedback to Armorblox with manual actions and overrides that the platform learns from to get better with time.
“We appreciate that we can give Armorblox in-product feedback when an email is legitimate, and it fine-tunes its algorithms to continue reducing false positives with time. The number of false positives dropped precipitously during our first few weeks of using Armorblox. We now have numerous policies that auto-enforce rather than applying manual remediations.”