Computer Vision: What It Is and How It Improves Threat Protection
 

With cyberattacks becoming more intricate and coming from all directions, businesses are turning to artificial intelligence (AI) to detect threats at a more granular level and scale up their defenses. According to the Economist Intelligence Unit, data security is the No. 1 reason companies are implementing AI, with the market for AI-driven cybersecurity solutions expected to hit $46.3 billion by 2027.[1]

Computer vision is one of the most powerful AI tools available, helping security teams detect malicious files, phishing websites, or suspicious URLs that would otherwise slip through the cracks and potentially snowball into widespread data loss or service interruptions.

What’s more, computer vision solutions like Mimecast Credential Harvesting Protection and Mimecast URL Protect take significant pressure off security analysts who must tackle a growing list of threats in the face of a skills shortage. 

What Is Computer Vision?

Computer vision uses AI algorithms to understand visual data, allowing machines to “see” and analyze 2D and 3D media. From facial recognition in modern smartphones to object detection and classification in image data analysis, the technology is already used in many fields. By some estimates, computer vision is 99% accurate when the underlying algorithms are well-trained using a robust data set. 

When it comes to cybersecurity, computer vision is used to analyze image data and URLs from incoming emails to detect signs of fraud, be it a fake signature or a phishing website. A seminal research paper from 2019 revealed that AI image analysis could distinguish malicious files from safe files with exceptional accuracy, noting differences that would not have been detected by traditional malware solutions.[2]

How Does Computer Vision Work?

Computer vision algorithms work by converting image data, at the pixel level, into a format that both humans and software-based security systems can understand. As importantly, this information is presented as high-level insight that businesses can act on. The mechanism behind computer vision involves three basic steps: 

1. First, the computer vision solution acquires an image, either taking a photo or video or using 3D analysis software. Image acquisition happens in real time and can be applied to large image sets, allowing businesses to analyze the immense volume of email and websites their employees share each day. 
2. Next, the image is processed using machine-learning algorithms that have been trained using thousands of previous images. Each image is labeled so that the computer vision model can learn the differences between legitimate and fraudulent files. This also ensures that the algorithms become more accurate with every new analysis because they have more historical data to draw from.
3. Finally, the solution interprets the image, looks for signs of fraud and classifies it as either safe or malicious. From there, companies decide what to do. Some may choose to automatically delete all suspicious files, while others may flag the danger to employees so they can make an informed decision about how to proceed. 

Computer vision allows security teams to better detect and stop phishing attempts and social-engineering attacks. In turn, credential theft and harvesting, as well as business email compromise, can be prevented. 

Computer Vision Best Practices

Computer vision is a powerful technology, but like all forms of AI, the underlying algorithms are governed by human input and enhanced by human thinking. They must be trained and overseen by experienced security analysts to ensure they deliver the most value. Any business looking to implement computer vision should keep three principles in mind:

1. AI cannot replace human judgment. Image analysis is subjective. Computer vision can detect anomalies in an image, but it cannot explain them. Only experienced security analysts can distinguish between dangerous and safe content that is crucial to their business’s operations. To paraphrase Yossi Sara, Mimecast’s Director of AI Product, AI can spot threats that people might never catch, but it will never replace a human’s high-level reasoning and judgment. 
2. AI algorithms are only as strong as their underlying data. AI-based security algorithms work best when they are trained by large, historical data sets. This ensures they learn an organization’s “standards” and can accurately distinguish anomalies from the status quo, which varies from business to business. This is not always easy. For instance, high-quality images are difficult to source in large numbers in the medical field, where patient privacy is rightfully protected.[3] This is a driver for the adoption of third-party solutions from security vendors, which have access to large data volumes spanning multiple industries. 
3. Complete solutions require years of expertise. Computer vision specialists are few and far between. Given the time and money required to build a team of AI experts, many businesses opt for a proven computer vision solution from security vendors like Mimecast, which has the experience, resources, and data required to build effective AI technologies. 

Where to Start With Computer Vision

New business cases for computer vision emerge each day. Following are two of the most popular applications for AI-based image detection among Mimecast’s customers: 

• Credential-harvesting protection. Credential-harvesting attacks lure victims to a malicious website where they unwittingly share sensitive business data or their internal network logins. This practice is on the rise, especially as more companies use file-sharing services like OneDrive and SharePoint to collaborate remotely. Mimecast Credential Harvesting Protection uses computer vision to check whether a URL is legitimate, with analyses so precise it can detect when a single pixel is off on a seemingly safe web page.
• Secure URL sharing. The sharing of malicious URLs over email is a favorite tactic among hackers, but employees must be able to safely access and share URLs between each other to perform their jobs. Mimecast URL Protection uses both proprietary and third-party threat intelligence to detect and block malicious URLs at multiple entry points. That includes pre-click URL discovery, inline employee education once they click on a suspicious link, and post-click resolution and blocking of dangerous files.

The Bottom Line

We are in the early days of computer vision in cybersecurity, but the technology has quickly demonstrated its value. From low-stakes applications, like the detection of inappropriate images in work emails, to in-depth analyses of thousands of employee emails in real time, computer vision will play a growing role in defending businesses against motivated hackers who are using increasingly advanced AI technologies of their own. 

For more information on computer vision and the promise it holds, read AI and Cybersecurity: the Promise and the Truth of AI Security Revolution.

[1] “Artificial Intelligence and Cybersecurity,” Pillsbury

[2]“Computer vision and deep learning provide new ways to detect cyber threats,” VentureBeat 

[3]“5 Pitfalls of Implementing Computer Vision and How to Avoid Them,” Infopulse