SafetyDetectives
$ United States dollar
$ United States dollar Euro£ British poundAED UAE dirhamARS Argentine pesoAU$ Australian dollarBGN Bulgarian levR$ Brazilian realCA$ Canadian dollarCHF Swiss francCLP Chilean pesoCN¥ Chinese yuanCOP Colombian pesoCZK Czech korunaDKK Danish kroneEGP Egyptian poundHK$ Hong Kong dollarHUF Hungarian forintIDR Indonesian rupiah Israeli new shekelINR Indian rupee¥ Japanese yen South Korean wonMX$ Mexican pesoMYR Malaysian ringgitNOK Norwegian kroneNZ$ New Zealand dollarPLN Polish złotyRON Romanian leuRUB Russian rubleSAR Saudi riyalSEK Swedish kronaSGD Singapore dollar฿ Thai bahtTRY Turkish liraNT$ New Taiwan dollarUAH Ukrainian hryvnia Vietnamese DongZAR South African rand
English
EnglishDanskDeutschEspañolFrançaisHrvatskiBahasa IndonesiaItalianoMagyarNederlandsNorskPolskiPortuguêsRomânăSuomiSvenskaViệt NamTürkçeČeskySrpskiΕλληνικάРусскийไทย日本語中文한국어Българскиעבריתالعربية

AI-Driven Security: Eric Vaughan on GFI Software’s Approach to Anomaly Detection

Petar Vojinovic
Petar Vojinovic Writer
Published on: October 23, 2025
Updated 2 times since publishing
Petar Vojinovic Petar Vojinovic Writer
Published on: October 23, 2025 Updated 2 times since publishing

Eric Vaughan, CEO of GFI Software, takes us through the journey of GFI Software, from its 1992 launch in Malta to becoming a leader in AI-enhanced IT solutions for SMBs worldwide. Talking with SafetyDetectives, he highlights how GFI leverages cutting-edge AI, including RADAR™ AI, to detect and prevent fraud, monitor anomalies, and strengthen cybersecurity in ways traditional systems can’t. Eric also delves into real-life cases where AI caught hidden threats and shares his vision for how emerging AI trends will reshape fraud prevention and risk management.

How did GFI Software begin, and how has the company evolved over time?

GFI Software started back in 1992 in Malta. Think about that timeframe – Windows was just becoming a thing in the business world. The founders saw this gap where small and medium businesses needed real enterprise-class IT solutions, things like network security and messaging tools, but everything out there was either too expensive or way too complex for companies with 50 or 100 employees.

Through the 2000s and into the 2010s, GFI grew into this truly global company. We built out offices across multiple continents, developed nine core products, and established relationships with over 10,000 channel partners worldwide. We became a Microsoft Gold Certified Partner. The focus was always on that SMB sweet spot – organizations with fewer than 1,000 end-users who needed powerful tools without the enterprise price tag or complexity.

Then, in January 2017, we acquired Kerio Technologies. That was significant because Kerio had these proven unified communications and security solutions that were already deployed in over 100 countries. I’m talking about products like GFI KerioConnect, GFI KerioControl, GFI KerioOperator, and GFI KerioCloud. That acquisition really expanded what we could offer customers.

Fast forward to April 2024, and this is where things got really interesting. We integrated AI across our entire product portfolio. I’m talking about GFI AppManager AI with RADAR™AI anomaly detection, GFI KerioControl AI, GFI KerioConnect AI, GFI ClearView AI, and GFI LanGuard AI. This wasn’t just adding a feature or two – this was a fundamental shift in how these products work.

We’ve continued growing strategically and recently appointed exclusive distributors in regions like DACH to strengthen our European presence. Today, we’re serving customers in over 120 countries with more than 200,000 installations worldwide. We’ve evolved from a traditional software provider into what I’d call an AI-first company, but we’ve never lost sight of that original mission – making enterprise-class solutions accessible to SMBs and MSPs.

What core problem in fraud detection or risk management does GFI Software aim to solve most effectively?

Here’s the thing about fraud – it’s getting more sophisticated every day. What we’re focused on is identifying and preventing these threats before they cause damage. We use AI to provide real-time insights and automated responses across your entire environment – network, email, and devices.

Think about how fraud actually happens. You’ve got email attacks – phishing, scams, malicious attachments that lead to credential theft or financial loss. You’ve got compromised accounts where attackers are using weak or leaked passwords. There are malicious network connections, suspicious traffic, often enabled by Shadow IT and unmanaged devices. Shadow IT is a huge one – employees or attackers installing unauthorized software without IT knowing about it, creating these hidden entry points. And then there’s just poor password hygiene or previously exposed credentials getting exploited to breach your defenses.

So how do our products address these risks?

On the log side, GFI KerioControl AI delivers what we call Log Insights – helping organizations monitor system events and spot irregularities connected to fraud attempts. GFI KerioConnect AI gives you granular logging of user logins and connection protocols, so you can audit everything and detect unauthorized account access.

For monitoring network traffic, GFI ClearView AI uses AI-driven Traffic Insights to analyze network patterns, detect unusual activity, and identify Shadow IT or anomalous traffic that might signal fraud. GFI LanGuard AI enhances LAN security through network device discovery and vulnerability analysis, quickly identifying compromised endpoints or malicious behaviors. And GFI KerioControl AI is monitoring network traffic in real time, automatically blocking malicious attempts before they reach your users.

Then there’s email flow monitoring. GFI KerioConnect AI warns users about potentially fraudulent or phishing emails and applies multiple layers of anti-spam, anti-malware, and anti-phishing controls. Same with GFI MailEssentials AI – multiple controls defending against these threats.

It’s about covering all the bases where fraud can happen.

How does GFI Software’s AI-driven technology differ from traditional rule-based systems in preventing fraud?

This is where things get really interesting. I should mention that what I’m about to describe with RADAR™ AI is yet to be released, but it represents where we’re headed.

Traditional rule-based systems are like having a security guard who only knows yesterday’s playbook. They require constant manual updates to address new threats. They generate tons of false positives, wasting resources and flagging legitimate transactions. And when you get a novel attack pattern or a zero-day attack? They fail catastrophically because they can’t adapt to unknown threats in real time. They don’t learn from past incidents.

GFI Software’s RADAR™ AI technology is fundamentally different. It’s adaptive, it learns, and it evolves. It’s a platform that continuously stays ahead of emerging threats.

We use proactive threat detection with a multi-factor anomaly detection system. This goes beyond known threats to identify completely novel attacks. The system leverages advanced machine learning that learns from historical patterns and continuously builds a sophisticated understanding of what’s legitimate behavior versus what’s malicious.

We’ve reduced false positives dramatically by employing state-of-the-art deep learning frameworks, including 27 specialized outlier detection models. This provides unparalleled accuracy in threat identification.

RADAR™ AI has three core components. First, Supervised Learning Intelligence – this analyzes historical patterns to identify threats based on labeled security events, continuously learning from past incidents. Second, Unsupervised Anomaly Detection – this identifies completely novel threats and zero-day exploits that have never been seen before. Traditional systems can’t do this. And third, Advanced Deep Learning Integration – this powers RADAR™ AI with sophisticated deep learning frameworks for superior accuracy and efficiency.

In essence, while traditional systems are stuck recognizing only yesterday’s threats and need constant retraining, RADAR™ AI is continuously learning and can anticipate and adapt to the ever-changing landscape of cyber threats, including entirely new ones.

Can you share a use case where your platform caught a threat that other systems missed?

RADAR™ AI discovered an insider policy violation, catching it through behavioral anomaly analysis.

We had a mid-size enterprise, about 500+ employees. An employee configured their email client to send bulk promotional emails for a side business after hours. Now, this wasn’t malicious in intent – they weren’t trying to hack anything. But this misuse of corporate email infrastructure created real risks around compliance, reputation, and operations. Traditional rule-based systems just aren’t geared to detect this kind of thing.

Here’s what was happening. The employee was sending hundreds of emails nightly, from 7 PM to 11 PM. That’s a 600% increase over their baseline. By distributing the traffic and timing it after hours, they evaded rule-based thresholds and content filters.

Think about the risks here. Business risks – you could get your domains blacklisted, experience deliverability failures, or disrupted client communications. Compliance risks – potential CAN-SPAM violations, GDPR issues, corporate policy violations. Security risks – hidden attack vectors during those after-hours blind spots.

Traditional email monitoring lacked behavioral baselining and off-hours analysis, so this went undetected for weeks.

RADAR™ AI flagged it through behavioral analysis. It detected configuration anomalies, temporal anomalies, and distribution anomalies through multi-factor analysis.

Here’s what people need to understand – “innocent” misuse, even without malicious intent, presents significant business risks. Those after-hours blind spots that rule-based systems miss are critical vulnerabilities. Behavioral AI like RADAR™ AI addresses these by detecting the full range of anomalies and proactively preventing costly remediation. It protects your infrastructure and reputation from all policy violations, not just the obviously malicious ones.

What upcoming innovations or trends in AI for fraud prevention do you believe will most impact your roadmap?

We’re looking at several directions here.

First, extending RADAR™ AI’s dataset by ingesting logs, metrics, and events from non-GFI systems that are co-located on the network. We’re correlating them with existing GFI telemetry. The more data points you have, the better the anomaly detection becomes.

Second, we’re combining AI-driven phishing analysis with our current rule and signature detectors. When you feed rule context into the model, it improves feature signals and boosts precision while reducing false positives. It’s about making the AI smarter by giving it more context.

Third – and this is interesting – we’re correlating GFI LanGuard AI’s endpoint telemetry (service and port inventory, software footprint, vulnerability data) with GFI ClearView AI’s network analytics. This improves Shadow IT identification accuracy and lowers false-positive rates.

The trend here is correlation and context. The more you can correlate data across different parts of your environment, the more accurate your threat detection becomes. That’s where AI really shines – finding patterns across these massive datasets that humans would never spot.

About the Author
Petar Vojinovic
Petar Vojinovic
Writer
Published on: October 23, 2025

About the Author

Petar is a passionate cybersecurity writer with a deep curiosity for how digital systems work—and how to keep them safe. With a keen interest in everything from ethical hacking and malware analysis to privacy tools and emerging threats, Petar turns complex security topics into clear, actionable insights. He’s dedicated to helping individuals and businesses stay informed, protected, and ahead of the ever-evolving cybersecurity landscape. When he’s not writing, you’ll find him exploring new security tools, testing VPNs, or digging into the latest data breach reports.