Mesa Email Security APIs Are Now Available

Incorporating effective email threat detection into your Security Orchestration, Automation, and Response (SOAR) systems, or unique workflows is critical for a proactive defense posture for your cybersecurity program. To better secure your organization’s against phishing and scam risk, Mesa Security is proud to announce a new Email Security API that will make it easy for developers to add advanced detection to their existing workflows.

Check it out at: https://scan.mesasecurity.com

Understanding Mesa Security’s Email Scanning API

At its core, Mesa’s scanning uses Generative AI to perform deep language analysis and image analysis of the email and its attachments. It does not depend on regular expression based rules as such rules require regular maintenance and do not scale. The API generates a JSON response that describes the level of risk, type of threat, and history of the sender for advanced threats including Callback phishing, Credential phishing, BEC, Ransomware, Extortion, Scam, and regular spam. Mesa’s detection technology utilizes multi-modal LLMs along with custom RAG models to achieve that.

Examples

Image-based Callback Phishing

These emails do not have any text content indicative of scam. The scam is entirely in the image attachment making rule-based systems and even OCR systems hard to detect them.

However, with multi-modal LLMs combined with threat intelligence RAG models (email headers etc.), Mesa’s API is able to accurately detect these threats.

Output from Mesa’s scanning API:

Scams from compromised accounts

There has been a rise in scam emails landing in inboxes from compromised accounts lately. Spam filters in GMail for example have not been able to block these as they originate from compromised gmail.com accounts.

When a user clicks on any link in these emails, it redirects them to a fake survey site that ends up stealing sensitive info including credit card information.

Similar to callback phishing, these threats are also detected by LLMs as they understand intent of the email more deeply than Named Entity Recognition (NER) or rule-based systems.

Getting Started with the API

To integrate the Email Scanning API into your workflows:

1. Account Setup: Register for an account on Mesa Security’s API platform.​
2. API Key Generation: After logging into the account you created, navigate to the dashboard, and generate an API key that will authenticate your requests.
3. File Upload for Analysis: Use the API to upload .eml files. Once the file has been submitted, the submission will return a job ID that can be used to track the upload and analysis of your email.
4. Retrieve Analysis Results: Query the API using the JOB ID to get the results of the analysis. You will receive a detailed analysis of the security of the email.

For detailed instructions and endpoint references, consult the Mesa Security API Documentation.​

Integration with SIEM and SOAR Systems

By integrating the Email Security API into either SIEM or SOAR platforms, ability to automate the detection of threats, and response to those threats, will be improved. For example, an integration with Splunk SOAR could detect and eliminate malicious emails in Microsoft 365 mailboxes automatically. The workflow with SIEM and SOAR platforms remove hours of manual work and reduce the time between detection of the malicious email and incident response time.

Building Custom Workflows

For organizations that need custom security solutions, the Email Security API allows for integration into custom workflows. By accessing the API endpoints, developers can automate workflows such as:

• Automated Email Analysis: Trigger email scans based on specific events or schedules.​
• Real-time Threat Intelligence: Incorporate analysis results into dashboards for continuous monitoring.​
• Incident Response Automation: Automatically initiate remediation steps upon detection of threats.​

The API’s compatibility with various authentication methods, including API keys and OAuth 2.0, ensures secure and seamless integration into diverse systems.

Best Practices

• Rate Limiting Awareness: Consider the API’s rate limits to provide continued service without interruption.
• Data Privacy Compliance: Treat all emails that are analyzed under the privacy regulations that apply (e.g., CCPA, GDPR) and any applicable policies or regulations that apply in your organization.
• Error Handling: Build in error handling so that your workflows can handle API response statuses.

Integrating Mesa Security’s Email Security API into your security ecosystem will enable your organization to better detect, and respond to email threats quickly and efficiently. We are always open to feedback on how we can improve.

Feel free to email team@mesasecurity.com as we love to hear from you!