• Product
    • Overview
    • Why Area 1
      • Customer Reviews
      • Case Studies
    • Technology
    • Pricing
    • Free Trial
  • Solutions
    • Phishing Attacks
    • Business Email Compromise
    • Cloud Email Security
      • Office 365
      • Gmail
    • Autonomous Phish SOC
    • COVID-19 Phishing
    • Election Security
  • Partners
    • Find a Technology Partner
    • Find a Channel Partners
    • Become a Partner
  • Resources
    • Resources
    • Blog
    • Events | Webinars
    • Newsletter
    • Phishing Glossary
  • Company
    • About
    • Trust Center
    • News
    • Careers
    • Contact
  • Search
Area 1

Request a FREE Demo Today!

  • KEY USE CASES

    Area 1’s cloud-native SaaS solution supports three key use cases: preemptive anti-phishing across all threat vectors (email, web, social, network); cloud email security / SEG replacement; and phishing security automation for SOC teams.

    Learn More
    Area 1

    Request a FREE Demo Today!

  • THE CHALLENGE

    SEGs, cloud email and DMARC struggle against the most sophisticated phishing attacks. Area 1 is the only company that preemptively blocks Type 1-3 BEC phishing, and other highly targeted attacks.

    Learn More

    PHISH OF THE WEEK

    This much should be clear by now – we at Area 1 absolutely detest phish! But in some weird karmic way, we exist because phish exist…and we exist to quell each and every one of the attacks hitting our customers.

    Well, it just got a lot harder on those pesky creatures, and a lot better for our current — and future — customers.

    View Now
    Area 1

    Request a FREE Demo Today!

  • FIND A TECHNOLOGY PARTNER

    Area 1 is a Microsoft Certified Partner and a Google Cloud Security Technology Partner of the Year. We also integrate with a number of SIEM, SOAR, SEG and firewall technology providers to fit your unique infrastructure.

    Learn More

    FIND A CHANNEL PARTNER

    Work with trusted cybersecurity experts across the globe to secure your business. Learn about our partnerships with Legato Security, Optiv, SADA Systems, SYNNEX and others.

    Learn More
  • NEW ON THE BLOG

    A rapidly evolving phishing campaign is on the loose.

    Read Blog

    UPCOMING WEBINAR

    How did one million phishing emails bypassed Office 365 defenses?

    Register Here
  • WHO WE ARE

    At Area 1 Security, We Stop Phish. We’re accountable to you: that means we believe you should pay only to cybersecurity company that works. If it doesn’t protect you, why invest in it?

    Learn More

    IN THE NEWS

    Read Here

    Need to Contact Us?

    We’re here to help

    Area 1
Area 1 Security
  • Product
    • OVERVIEW
      • Why Area 1
        • WHY AREA 1
          • Customer Reviews
          • Case Studies
      • Technology
      • Pricing
      • Free Trial
  • Solutions
    • SOLUTIONS
      • Phishing Attacks
      • Business Email Compromise
      • Cloud Email Security
        • CLOUD EMAIL SECURITY
          • Office 365
          • Gmail
      • COVID-19 Phishing
      • Autonomous Phish SOC
      • Election Security
  • Partners
  • Resources
    • RESOURCES
      • Blog
      • Resource Library
      • Newsletter
      • Events | Webinars
      • Phishing Glossary
  • Company
    • COMPANY
      • About
      • Trust Center
      • News
      • Careers
      • Contact
  • Search
  • Try Area 1

Blind URL Inspection | Catch Never-Before-Seen Phishing Emails

Phil Syme June 15, 2020
BlindURL

Over a third of the phish we stop each day involve malicious links. These are often missed by email gateways, DMARC and cloud email suites, which lack our proprietary computer learning approach: blind URL inspection. Hear from Area 1’s Umalatha Batchu (Lead Software Engineer), Javier Castro (Principal Security Researcher), Torsten Zeppenfeld (Sr. Software Engineer – ML) and Yen Chang (Software Engineering – ML), about how we accurately determine if a never-before-seen URL is malicious.

What’s the root cause of most cyber breaches? Phishing attacks.

At Area 1, we see and stop many thousands of daily phishing attacks against our customers. Over a third of the attacks that we stop use emails containing malicious links. These links lead victims to phishing sites custom-built to capture username and password information (so called “credential harvesters”) or to sites with malicious downloads, or both. All of these sites have criminal purposes and intend to perpetrate fraud against our customers.

Traditional security defenses (such as email gateways, cloud email suites, DMARC) often miss malicious links, whether in the body of an email or in a document within an email attachment. 

Why? Phishing web sites are easy to create, and in some cases are created automatically by attackers en masse. Emails are sent with links pointing to newly-created phishing sites, never before seen by a security vendor. So what does your security tool do when it sees this link for the first time? The answer, unfortunately, is nothing. 

Phishing Sites May Appear Completely Legitimate

Some examples of phishing sites that we see on any given day include pixel-perfect forgeries of well-known sites, such as LinkedIn, Microsoft and Chase

BlindURlDetectionBlogImages

Yet not all phishing sites are as well crafted – in many cases very basic pages that purport to be internal IT systems can be extremely effective in a phishing campaign.

All of these sites have URLs that are “not quite right” when looking at the URL Address Bar in a desktop or phone browser. But, not every employee has the time or judgement to inspect URLs, especially when faced with a looming deadline or urgent task. It’s human nature to quickly prioritize tasks at hand, and URL authenticity can quickly fall to the bottom of the list during the course of normal business activities. Which led us to ask the question: “Can computers automatically do this for us, in a reliable way?”

How Blind URL Inspection Helps Catch Phishing 

To make accurate determinations on first-ever-seen URLs, Area 1 uses a proprietary computer learning approach that we call blind URL inspection.

Machine learning and artificial intelligence are overhyped terms in today’s technical environment. But hidden beneath the bold public claims is real progress in the field for recognition and pattern-matching problems. Sophisticated pattern-matching algorithms have migrated from academia into practical and applied scenarios. (Higher-level tasks, such as planning, decision making, and creativity are still active areas in the research community.)

Machine-learning algorithms for pattern matching are heavily dependent on large volumes of example data.  While human beings are able to learn from just a few examples, building an accurate machine-learning model requires very large volumes of training data.

Area 1 Security monitors a sensor network and web crawler that is able to observe hundreds of millions of URLs per day. In addition, we have a broad sampling of email traffic URLs, again amounting to millions of samples per day. This large volume of URL data allows us to train sophisticated machine learning models that have very high accuracy.

To implement blind URL inspection, we use neural networks – they are the most capable approach available for use today, given enough sample training data.  The goal of any machine learning model is to generalize from training samples –  to correctly categorize previously unseen examples that are similar enough to known examples to be matched accurately. Neural networks do the job well.

What are some of the patterns that Area 1’s neural networks recognize? 

BlindURLDetectionImg2

Figure 1: Key URL Attributes That Make URLs Suspicious

All of these attributes are something that are clear to us as humans, but can evade our decision-making process if we have more important things to do.

Blind URL inspection is just one building block in our comprehensive anti-phishing solution. For more information about Area 1 Security and how we protect organizations from phishing, please visit our website or register for a demo.

Want to keep up to date with the latest phishing trends?

Subscribe to our newsletter here!

Subscribe

Over a third of the phish we stop each day involve malicious links. These are often missed by email gateways, DMARC and cloud email suites, which lack our proprietary computer learning approach: blind URL inspection.

  • dmarc
  • gmail security
  • office 365 email
  • phishing
  • social engineering
  • spoofing
Related Blogs
 

Blog

Area 1 Security Is Honored to Be in the Forbes Cloud 100

We’ve always been really proud of being a cloud company. That’s why it’s an honor to be named by Forbes …

 

Blog

#SEGxit 2020: Ditch the Security Status Quo

Every now and then — whether the establishment likes it or not — a small flash revolution gains momentum and …

 

Blog

Timing is Everything

It doesn’t take a lot of time to make a difference. But time does make a difference. All of the …

View More Blogs >
Detect. Disrupt. Defeat.

No-Phishing Zone

Schedule A Demo
Area 1 Security

[email protected]

Sales 650.381.1647

142 Stambaugh Street
Redwood City, CA 94063

Partners
  • Product
  • Overview
  • Why Area 1
  • Technology
  • Demo Request
  • Solutions
  • Resources
  • Company
  • About
  • News
  • Events
  • Careers
  • Contact Us
  • Blog
Area 1 Security
  • Product
  • Overview
  • Why Area 1
  • Technology
  • Demo Request
  • Solutions
  • Resources
  • Company
  • About
  • News
  • Events
  • Careers
  • Contact Us
  • Blog

[email protected]

Sales 650.381.1647

142 Stambaugh Street
Redwood City, CA 94063

Partners
© 2021 Area 1 Security
  • Trust Center
  • Privacy