A real approach to implementing machine learning to security awareness, by Ira Winkler

This whitepaper on the technology driving the Hoxhunt platform, and its innovative applications for security awareness, was originally published by Ira Winkler in 2020. Much has happened since then! Loads of new features, products, and development of the machine learning model and cognitive automation on our side; and Ira has since joined Walmart as Chief Security Architect. To be clear, Walmart is not endorsing Hoxhunt. But with Ira's appearance on the CISO Sandbox to promote his recently published Security Awareness for Dummies, we thought it worth noting that "The Awareness Crusader" is a forward-thinking CISO who can see around corners and appreciate the difference between illusory, incremental, and game-changing innovation.

Post hero image

Table of contents

An independent analysis of the Hoxhunt phishing engine

By Ira Winkler

Why Hoxhunt's approach is unique

There are so many buzzwords and trends in the security awareness industry that it is hard to determine what is useful and what is a gimmick. Every vendor out there has some sort of promise that they have some special characteristic about their product that makes it a revolutionary improvement to your security awareness posture that no other product can accomplish. After reviewing the Hoxhunt solution, it is safe to say that they actually do provide something unique that can really move the needle with your organization’s security awareness posture.

Machine learning and artificial intelligence are typically buzzwords and technologies that vendors tout as making a product unique. The reality is that machine learning and AI can be useful, however, they are just underlying technologies. It is how you apply the technologies that makes a difference. Hoxhunt uses machine learning in a way that provides a very unique and valuable method for improving security awareness in practice.

Specifically, Hoxhunt uses machine learning in a way to create individual learning experiences for every user within your organization.

The Traditional Approach

When you create phishing simulation campaigns, you choose a pretext to send out to the organization. The simulations typically intend to get the user to click on a link, submit credentials, or download malware. The system then tracks the user action, and, if warranted, provides training for improper responses.

Usually, everyone in an organization receives the same simulation. More advanced programs might send out messages to different groups of people within the organization. This allows for simulations to be somewhat more tailored to the recipients but requires exponentially more work.

Organizations target users who fall for the phishing simulations more frequently, however, they send out messages to everyone else with the same frequency. This tends to annoy users who do not fall for the typical phishing messages and has little impact in improving awareness for the majority of users. Using an analogy, it is like trying to teach all students in the same high school the same basic math course, over and over again.

The Hoxhunt Approach

Hoxhunt takes a unique approach. Using artificial intelligence, Hoxhunt can tailor phishing education to each individual user. After an organization provides the platform with user information and the appropriate access, the system then sends out messages. Based on the responses of each user, the system itself then determines the appropriate frequency and simulations moving forward.

Should a user fall for the simulation, they receive the designated training, and the next phishing messages are of similar sophistication. However, when users do not fall for the phishing simulation, the system can then raise the sophistication of future messages. This has the impact of improving learning by making future simulations and any resulting training more advanced. Similarly, if a user consistently demonstrates awareness, they receive fewer simulations.

Should a user begin to fall victim to the simulations again, the system can throttle up the simulations to that particular user. This clearly provides for a very personalized learning experience that cannot be achieved through the competition.

The individualized nature of the messages and the training allows for yet another unique feature; customized spear-phishing messages. The Hoxhunt platform allows the tailored messages to appear as if they come from another user within the organization. Hoxhunt pulls the name of other users on the system, from within the same department. This simulates the targeted messages sent by more sophisticated attackers.

In short, there is simply no other platform available that allows for this level of phishing customization, automatically tailored to individual users. All of this is accomplished with little administrator input.

Hoxhunt Optimizes Learning

From a learning science perspective, this approach has very distinct advantages (editor's note: please see DocuSign Director of Trust & Security Training & Awareness, Lisa Kubicki's behavioral science-themed webinar: This is your Brain on Trust). Training needs to be appropriate to its targeted users. Training that is too complex will not benefit a novice user. Likewise, training that is too simple for a person with more expertise will not only be a waste of time, it will also be likely to aggravate the student.

In the case of phishing, hitting less experienced users with advanced attacks will lead to frustration, and will overwhelm the user. On the other hand, if you send out basic phishing messages to accommodate the less knowledgeable users, advanced users will never improve their expertise.

The Hoxhunt approach provides for users of all knowledge levels to increase their expertise at a reasonable and steady pace. No other tool out there allows for this customized learning experience. Having used most major phishing platforms, we have found that there are a few distinguishing factors. However, the Hoxhunt machine learning approach to customize the phishing simulation experience for each individual user is an incredibly unique and valuable feature, which means that all organizations should consider the Hoxhunt solution for their phishing simulations needs.

Discover how Hoxhunt is applying machine learning and behavioral science to level up security awareness

This report gives cutting edge insights into the responses of 1.6 million users to 24.7 million phishing simulations.

Want to learn more?
Be sure to check out these articles recommended by the author:
Get more cybersecurity insights like this