Our mission is making INBOX.CLEAN™ a reality: stop phishing attacks — the root cause of 95% of breaches — before they reach users. Get the only solution that preemptively stops Business Email Compromise, malware, ransomware and other advanced threats by discovering and eliminating them before they cause damage.
A cybersecurity analyst or engineer wakes up every morning, flips on their laptop, and defends others from attacks, responding at the speed of lightning to beat cyber villains, and with unmatched adaptability and agility stops cyber villains from getting into your inboxes and organizations – all while calling it just a normal day at the office.
Area 1’s cloud-native SaaS solution supports three key use cases: preemptive anti-phishing across all threat vectors (email, web, social, network); cloud email security / SEG replacement; and phishing security automation for SOC teams.
Area 1 is a Microsoft Certified Partner and a Google Cloud Security Technology Partner of the Year. We also integrate with a number of SIEM, SOAR, SEG and firewall technology providers to fit your unique infrastructure. Learn More
FIND A CHANNEL PARTNER
Work with trusted cybersecurity experts across the globe to secure your business. Learn about our partnerships with Legato Security, Optiv, SADA Systems, SYNNEX and others. Channel Partners Become A Channel Partner
Over a third of the phish we stop each day involve malicious links. These are often missed by email gateways, DMARC and cloud email suites, which lack our proprietary computer learning approach: blind URL inspection. Hear from Area 1’s Umalatha Batchu (Lead Software Engineer), Javier Castro (Principal Security Researcher), Torsten Zeppenfeld (Sr. Software Engineer – ML) and Yen Chang (Software Engineering – ML), about how we accurately determine if a never-before-seen URL is malicious.
What’s the root cause of most cyber breaches? Phishing attacks.
At Area 1, we see and stop many thousands of daily phishing attacks against our customers. Over a third of the attacks that we stop use emails containing malicious links. These links lead victims to phishing sites custom-built to capture username and password information (so called “credential harvesters”) or to sites with malicious downloads, or both. All of these sites have criminal purposes and intend to perpetrate fraud against our customers.
Traditional security defenses (such as email gateways, cloud email suites, DMARC) often miss malicious links, whether in the body of an email or in a document within an email attachment.
Why? Phishing web sites are easy to create, and in some cases are created automatically by attackers en masse. Emails are sent with links pointing to newly-created phishing sites, never before seen by a security vendor. So what does your security tool do when it sees this link for the first time? The answer, unfortunately, is nothing.
Phishing Sites May Appear Completely Legitimate
Some examples of phishing sites that we see on any given day include pixel-perfect forgeries of well-known sites, such as LinkedIn, Microsoft and Chase
Yet not all phishing sites are as well crafted – in many cases very basic pages that purport to be internal IT systems can be extremely effective in a phishing campaign.
All of these sites have URLs that are “not quite right” when looking at the URL Address Bar in a desktop or phone browser. But, not every employee has the time or judgement to inspect URLs, especially when faced with a looming deadline or urgent task. It’s human nature to quickly prioritize tasks at hand, and URL authenticity can quickly fall to the bottom of the list during the course of normal business activities. Which led us to ask the question: “Can computers automatically do this for us, in a reliable way?”
How Blind URL Inspection Helps Catch Phishing
To make accurate determinations on first-ever-seen URLs, Area 1 uses a proprietary computer learning approach that we call blind URL inspection.
Machine learning and artificial intelligence are overhyped terms in today’s technical environment. But hidden beneath the bold public claims is real progress in the field for recognition and pattern-matching problems. Sophisticated pattern-matching algorithms have migrated from academia into practical and applied scenarios. (Higher-level tasks, such as planning, decision making, and creativity are still active areas in the research community.)
Machine-learning algorithms for pattern matching are heavily dependent on large volumes of example data. While human beings are able to learn from just a few examples, building an accurate machine-learning model requires very large volumes of training data.
Area 1 Security monitors a sensor network and web crawler that is able to observe hundreds of millions of URLs per day. In addition, we have a broad sampling of email traffic URLs, again amounting to millions of samples per day. This large volume of URL data allows us to train sophisticated machine learning models that have very high accuracy.
To implement blind URL inspection, we use neural networks – they are the most capable approach available for use today, given enough sample training data. The goal of any machine learning model is to generalize from training samples – to correctly categorize previously unseen examples that are similar enough to known examples to be matched accurately. Neural networks do the job well.
What are some of the patterns that Area 1’s neural networks recognize?
Figure 1: Key URL Attributes That Make URLs Suspicious
All of these attributes are something that are clear to us as humans, but can evade our decision-making process if we have more important things to do.
Phil Syme has 22 years of information technology experience. His areas of expertise include system architecture, data processing at scale, and cloud technologies. Phil was previously a Chief Engineer at Next Century Corporation, co-founder and Principal Engineer at eSymmetrix, and co-authored two introductory programming books. He holds a B.S. in Mathematics and Computer Science from Carnegie Mellon University School of Computer Science.
Today is National Superhero Day, and we would like to dedicate this day to you—the SOC teams and the security experts on the frontline of the phish fight.
https://www.area1security.com/wp-content/uploads/2022/05/BlogBanner_PoTWSuperhero_2022MAY.png20845209Shalabh Mohanhttps://www.area1security.com/wp-content/uploads/2022/04/Cloudflare-A1S-Logo-1-1.pngShalabh Mohan2022-04-28 13:51:312022-06-01 10:55:30Superhero strategies for the Phish Fight
Business Email Compromise (BEC), also sometimes referred to as email account compromise (EAC) or vendor email compromise (VEC), is a type of phishing attack that takes advantage of an existing relationship between a victim and organization.
https://www.area1security.com/wp-content/uploads/2022/04/BlogEmailBanner_BECAttackType_2022APR14.png13072500Elaine Dzubahttps://www.area1security.com/wp-content/uploads/2022/04/Cloudflare-A1S-Logo-1-1.pngElaine Dzuba2022-04-18 10:07:242022-04-28 08:48:24Understanding the Four Business Email Compromise Attack Types