Phishing continues to be the number one threat vector for data and financial breaches — and the most effective tool in a hacker’s toolbox. In fact, 95 percent of cyberattacks start with phishing. We need one stop phishing protection
Businesses invest heavily in secure email gateways (SEGs) to protect them from email threats.
Although SEGs have long reported 99.99 percent effectiveness against spam, phishing attacks keep evading detection. In a recent survey, 76 percent of infosec professionals indicate their organizations experienced phishing attacks in 2017.
Why? SEGs optimize for spam detection, but spam is a different beast than phishing.
With spam, attackers target many victims and send out large volumes of similar, nuisance messages, creating a productivity sink. Even if very few of these emails get through to victims, the attacker can still succeed. To protect from attacks, spam filters rely on collection and analysis of large volumes of threat samples from active campaigns. Data extracted from the samples identifies malicious domains, IPs, and malware and is then used to create signatures and threat intelligence optimized for large-scale bulk email detection.
Phishing Attacks Are Different
With phishing campaigns, however, attackers use social engineering to personalize emails and lure victims to click a link or download a file. Another popular phishing technique is business email compromise (BEC). In this case, the victim is urged to respond to a request for information or to take an action such as transferring funds, leading to data and financial loss.
To close the phishing gap, spam filters have added advanced threat protection features: sandboxing of suspicious files and time-of-click link analysis are intended to help detect threats missed by reputation- and signature-based defenses. Nevertheless, phishing attacks continue to evade detection. For example, the Financial Services Information Sharing and Analysis Center (FS-ISAC), an industry forum for sharing data about critical cybersecurity threats facing the banking and finance industries, recently reported that a successful phishing attack on one of its employees was used to launch additional phishing attacks against FS-ISAC members. In this case, the FS-ISAC’s Microsoft Office 365 and Proofpoint email threat defenses missed the phishing email and the attack succeeded.
Early Detection of Phishing Campaigns
Organizations urgently need a new approach to detect phishing campaigns. Waiting until after a campaign launches to start collecting and analyzing threat data is too late to defend against phishing campaigns. Protecting an organization from attacks calls for earlier insight into phishing sites and campaigns.
Fortunately, advances in computer processing, artificial intelligence, and machine learning now make possible proactive new methods of hunting and identifying malicious phishing sites and infrastructure before campaigns launch.
Area 1 Security pioneered early detection of phishing campaigns. Using high-speed web crawlers and network sensors, the Area 1 Horizon™ phishing protection service gathers in-depth threat actor information and critical attack data across 150+ parameters. The technology collects, tracks, monitors, and parses live data from email, web, and network streams. Detailed, real-time visibility reveals crucial information, such as who the actors are, and how and when they deliver their attacks. This exposes early, accurate threat information, enabling Area 1 Security to defeat the attack.
Adding Area 1 Security phishing protection service to your security infrastructure reduces risk by closing the phishing security gap that other technologies miss.
Learn more about effectively shutting down phishing:
- How phishing attacks evade secure email gateways
- The breakthroughs that fortify defenses and stop phishing attacks
- How to augment existing spam filters to stop phish
- How early insight into phishing campaigns effectively protects a Fortune 500 business from attacks