CyberCompare spoke to Adrian Kyburz, Head of Marketing at xorlab AG, about E-Mail Security.
Dear Adrian, how would you describe xorlab in 3 quick-witted words?
E-Mail Security: more secure, more efficient, AI-driven
Please introduce yourself briefly and tell us something about your background.
My background is technical. I studied computer science at ETH Zurich and got my master’s degree in information security. I’ve always been interested in how things work. Learning to program was the original motivation for my studies. However, it quickly became more important to me that the program works well (and securely), is easy to use and has a great UX. As Head of Marketing at xorlab, I get to combine all of this. Together with my team, I try to anticipate the needs of the market and develop concrete offers for them.
What distinguishes xorlab?
We are a European company based in Switzerland with a mission to provide best-in-class security against email threats. E-Mail Security today faces two challenges:
First, today’s email attacks are perfectly tailored to the victim’s context: attackers hijack existing communication, impersonate trusted senders, or send emails from compromised partner accounts. Contextual attacks are difficult to detect, especially with common solutions.
Second, most email threats are so-called zero-hour attacks. An email is a zero-hour attack when its indicators of attack have not been seen before. Looking at phishing for example, we see that 4 out of 5 attempts are zero-hour attacks. Working with new customers confirms repeatedly that traditional solutions have significant gaps here.
xorlab addresses both challenges with a modern security platform that uses artificial intelligence (AI) to identify typical communication patterns and flag emails as soon as they deviate from these patterns.
How does xorlab help companies?
xorlab helps companies in three key areas. Firstly, xorlab maximizes E-Mail Security. Our understanding of how an organization typically communicates enables security teams to fight threats proactively and precisely and benefit from controls that dynamically adjust over time.
- Proactive – stop zero-hour threats.
- Precise – very low number of false positives.
- Dynamic – the security automatically adjusts to changes in the communication patterns.
Secondly, we observe that our customers can optimize their operational costs. For instance, the data collected is used to largely automate internal reporting processes. The proactive nature of the solution also eliminates the need to maintain block and allow lists.
Thirdly, the amount of data and focus on the UX lets xorlab customers regain control of their E-Mail Security. It is easy to understand when an email is classified as threatening and quarantined, and the parameters for the decisions can be adapted to the needs of the company by understanding the communication patterns.
What do you see differently from prevailing opinions in the field of cyber security?
I wouldn’t say it’s a prevailing opinion, but I often hear that employees are labeled as the weakest link in E-Mail Security, which oversimplifies and misrepresents the issue.
This is especially apparent in the context of user awareness training. While most organizations implement such training to control the human factor and mitigate its risks, a study by a team at ETH Zurich suggests that these efforts might not only be ineffective but could potentially worsen the situation by negatively influencing employee behavior (https://arxiv.org/abs/2112.07498).
I think that better user experience could help a lot. If you see a “Warning, sender is external” in almost every email, you stop noticing it over time. Bad UX, not weakest link. Good UX empowers individuals and makes them feel genuinely capable of making secure, independent decisions. Good UX transforms the so-called ‘weakest link’ into a strong line of defense, which improves overall resilience. This is what we’re working on at xorlab.
What’s next – what’s on your technical roadmap, what are your plans for 2024 and beyond?
Various examples and the ETH Zurich study mentioned show that the larger the company, the more likely it is that any employee will click. To help employees make better, more secure decisions, we are working on different situational user alerts. These contextual banners can then be used to selectively and efficiently warn an employee if, for example, a previously unknown external sender is sending an email, or a new organization is sending an invoice.
Another gateway for cyberattacks is the supply chain. With Third Party Risk Management, we are currently developing a feature that allows a company to see which suppliers and customers are potentially exposed. This should prevent attacks coming from trusted third parties. In addition, it will soon be possible to share self-created security rules, our so-called Adaptive Policies, with other xorlab customers via a kind of community and thus gain access to an even larger library of rules. This makes the filtering of malicious emails even more precise and automations such as the filtering of similar emails (same sender, same subject line, etc.) even easier. You benefit from the “swarm intelligence” and experience of other companies.
If you could send an email to all CISOs to address a security issue, what would you choose?
The number of German companies reporting losses due to phishing almost doubled from 18% in 2021 to 31% in 2023 (Bitkom Research 2023. Report: Wirtschaftsschutz 2023). We think that one reason for this uptick is a paradigm shift: 4 out of 5 phishing emails stopped by xorlab are unknown zero-hour attacks that successfully bypass traditional email security solutions as well as the native controls of cloud email services.
Seeing what we’re seeing? We are happy to discuss ways to help you close the gaps.
