Now on Demand: Zero Trust Strategies Summit - Access All Sessions
Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Email Security

Google Rolls Out Business-Focused Security Enhancements for Gmail

Google today announced a series of improvements to Gmail’s security aimed at making the service better at protecting business data.

Google today announced a series of improvements to Gmail’s security aimed at making the service better at protecting business data.

As part of the newly rolled out update, Gmail will provide customers with early phishing detection capabilities and “click-time warnings” for malicious links that might have been included in messages coming from outside sources. External reply warnings were also rolled out to help prevent data loss, Andy Wen, Senior Product Manager, Counter Abuse Technology at Google, says.

Gmail’s updated phishing detection mechanism takes advantage of machine learning, and Wen claims the service can keep sneaky spam and phishing messages out of customers’ inboxes with an over 99.9% accuracy. He also points out that 50%-70% of all messages received in Gmail are spam.

To improve their spam detection accuracy, Google launched early phishing detection, a dedicated machine learning model designed to selectively delay messages to perform rigorous phishing analysis. Only potentially suspicious messages will be flagged and delayed to perform additional checks on their content.

According to Wen, this should impact less than 0.05% of messages on average but should result in improved user data protection. In some cases, the additional checks could result in some messages arriving in the user’s inboxes with a delay of up to 4 minutes.

The feature, however, isn’t meant to replace anti-malware/phishing software, and admins can control it from the Admin console. The feature is launched On by default, Google says.

Paired with Google Safe Browsing machine learning, the detection models also aim at finding phishy and suspicious URLs and flagging them to the user.

These models leverage techniques such as reputation and similarity analysis on URLs, thus resulting in Gmail generating new URL click-time warnings for phishing and malware links. The feature was rolled out for Gmail on Android in the beginning of the month.

Advertisement. Scroll to continue reading.

Aiming at preventing data loss, Gmail now displays unintended external reply warnings to users when they try to respond to someone outside the company domain. The service should know if the recipient is an existing contact or someone the user interacts with regularly, thus avoiding unnecessary warnings being displayed.

“This feature can give enterprises protection against forged email messages, impersonation, as well as common user-error when sending mail to the wrong contacts,” Google explains.

In addition to these enhancements, Google’s email service also received new built-in defenses against ransomware and polymorphic malware, meant to help it block millions of other messages that could potentially harm users.

The feature is meant to correlate spam signals with attachment and sender heuristics, and should result in successfully predicting messages containing new and unseen malware variants, Sri Somanchi, Product Manager, Gmail anti-spam, says.

“We classify new threats by combining thousands of spam, malware and ransomware signals with attachment heuristics (emails that could be threats based on signals) and sender signatures (already marked malware),” Wen notes.

Related: Gmail Delivers Spoofed Messages Without Warning, Researchers Find

Related: Gmail to Block JavaScript File Attachments

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join SecurityWeek and Hitachi Vantara for this this webinar to gain valuable insights and actionable steps to enhance your organization's data security and resilience.

Register

Event: ICS Cybersecurity Conference

The leading industrial cybersecurity conference for Operations, Control Systems and IT/OT Security professionals to connect on SCADA, DCS PLC and field controller cybersecurity.

Register

People on the Move

Former Darktrace CEO Poppy Gustafsson has joined the UK government as Minister for Investment.

Nupur Goyal has joined cloud identity security and management solutions provider Saviynt as VP of Product Marketing.

Threat intelligence firm Intel 471 has appointed Mark Huebeler as its COO and CFO.

More People On The Move

Expert Insights

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest cybersecurity news, threats, and expert insights. Unsubscribe at any time.