CERN protects world-class researchers with AI-powered email security

While CERN, the European Laboratory for Particle Physics, pushes the boundaries of experimental physics, it faces constant threats from email and web attacks. With xorlab, CERN enhanced their security with an AI-powered contextual engine, protecting its employees and researchers from advanced email attacks.

Video not displaying correctly? Click here.

Learn why CERN chose xorlab and how you organization can elevate its email security.

Empowering scientists to push the boundaries of our understanding of the universe

CERN is dedicated to understanding the fundamental particles and forces that make up our universe. Known for its leading role in particle physics and innovations like the World Wide Web, CERN provides an open environment for its scientists to pursue groundbreaking research. To ensure they can work freely and securely, CERN must protect them from advanced email attacks.

CERN's email security challenge

The organization recently decided to move its email infrastructure to the cloud. Having a culture of "bring your own device", CERN must secure email and web traffic before it reaches the endpoint. That became increasingly difficult as people were receiving more and more sophisticated threats.

For CERN and other organizations, the potential damages of a successful attack are severe and vary from operational interruptions and data breaches to misuse of the organization’s 150+ data centers. 

During the migration project, the Computer Security team identified several gaps related to fighting modern email attacks such as phishing and decided to look for additional solutions.


The xorlab solution

In 2023, CERN integrated the xorlab Email Security Platform seamlessly with their cloud email service. The API-like inline deployment allowed CERN to keep the MX configuration untouched and to perform threat analysis before emails get delivered to the inbox. xorlab's AI-powered solution analyzes email messages based on context and behavior, filtering out phishing, business email compromise, and malware attacks and eliminating any possibility of engagement by the user.




The solution also provides end-users with an intuitive way to manage their quarantine and get actionable insights into why emails were filtered. "We are using xorlab also as a platform to train our users. When logging in, people see why an email has been quarantined and why the security team believes that this is a malicious email. With this information, people are empowered to reconsider whether they would like to release the email themselves" - says Stefan Lüders, Computer Security Officer.


Why CERN chose xorlab email security

Before engaging in a contract, CERN conducted a Proof of Concept (PoC). In it, the Computer Security team compared the detection capabilities of two shortlisted solutions with one another: xorlab and a Gartner-recognized industry leader.

In this Proof of Concept, both solutions analyzed the same email volume and labeled each message with their verdict. xorlab detected 4 times more threats than the competing solution and demonstrated higher accuracy with a false positive rate of only 0.06%. 

The significantly better detection due to xorlab's unique approach, a low false positive rate, and the ability to integrate end-users into daily quarantine management convinced the team to engage with xorlab as their partner for email security.


"xorlab  is  one  of  the  puzzle  pieces  to  protect  this  organization,  securing  better against  malware,  phishing, and  other  threats  coming  via  email". 

Dr. Stefan Lüders Computer Security Officer, CERN

xorlab's security ROI

The risk of getting attacked via email is dramatically lower since deploying xorlab. In the past 3 months (Feb-Apr 2024), the Computer Security team at CERN stopped a total 643 515 email threats, including 82 553 phishing attacks, 1 532 business email compromise (BEC), and fraud attempts. Of the 82 553 phishing attacks, 67 223 were so called zero-hour threats, meaning their indicators of attack (sender addresses, sender domain and IP, link domain, etc.) were unknown at the time of delivery.

The time saved by providing better and more intuitive self-service to end users is only starting to become visible.

With xorlab, CERN has a robust email security solution that protects its 18 000 employees and researchers from advanced email attacks and lets them focus their full attention on pioneering research into the mysteries of our universe. 


CERN – the European Laboratory of Particle Physics
Industry: Science & Research
Location: France & Switzerland
Established: 1954
Protected mailboxes: 18 000+
Emails per 90 days: 12.5M

643 515

Threats prevented per 90 days

82 553

Phishing attacks prevented
per 90 days

67 223

Zero-hour phishing attacks stopped per 90 days

1 532

BEC/Fraud attempts
detected per 90 days


Why CERN chose xorlab after PoC

Read more about the PoC results and how xorlab performed in comparison to the alternative solution.

See xorlab in action

Book a personalized demo, and we’ll show you the features to enhance the email security of your organization, taking into account your unique needs.