How it Works

Every attack has a launch point, whether that’s an email address, IP address, URL, or domain. Using a combination of high-speed web crawling and small pattern analytics, Area 1 Security preemptively identifies campaign events and discovers these launch points in advance of the campaign going active. Combining that with deep contextual analysis of a target’s live email, web, or network traffic allows us to detect and block targeted phishing comprehensively, before the attack can cause damage.

ActiveSensors™

ActiveSensors™ discover emergent campaign infrastructure and aggregate attack data from relay points that actors are using to launch their threat campaigns. Our ability to crawl the web at massive scale is unique, looking at every web page, URL, domain, and IP address to find tell-tale emergent patterns. Just as Google indexes the web for commerce and content, we index the entire web—8+ billion pages and 220 million TLDs every couple of weeks. That’s the most comprehensive web-crawling capability focused on uncovering threats ever built.

  • High-speed phish indexing through massive scale web crawling; biweekly full web sweeps

  • Actor infrastructure monitoring, infrastructure clustering and correlation

  • Live attack flow analysis, delivery mechanisms, campaign discovery, and real-time data exfiltration

  • Dynamic frontier management for deep and wide link traversals; along with ad hoc frontier variations

  • User and target impersonation-based crawls

  • Payload analysis, in-the-wild sandboxing, content detonation, and reconstruction

SPARSE™

Small Pattern Analytics Engine

Phishing makes up approximately 0.1 to 1 percent of an organization’s traffic, but causes nearly 100 percent of the damage. In order to ferret out these low volume/high damage attacks, Area 1 Security created a small pattern analytics engine that aggregates the entire web, passing it through various models and analytics to characterize phishing attacks. SPARSE understands the patterns of attack formation, finding those threats within the datasets generated by the ActiveSensors network.

  • 5+ PB attack data warehouse comprising attack events, infrastructure records, and campaign context

  • 250+ billion attack metadata records (MDRs) with curated patterns of past and current campaigns and associated TTPs

  • In depth Domain, WHOIS, MX, DNS, IP records, along with ongoing dataset enrichment

  • Discrete small-pattern recognition and analysis for detection of emerging and active campaigns

  • Model diversity optimized to find distinct campaigns and their characteristics

  • Combination of declarative rules, a variety of supervised and unsupervised ML models, computer vision analysis, and lexical pattern assessments

  • Proprietary algorithms that deconstruct, score, and correlate attack infrastructure across actors, methods, industry, and targets

  • Multivariate analytics and scoring for high precision

  • New pattern discovery driven through self-learning and continuous assessments against current and new datasets

Detect. Disrupt. Defeat.

No-Phishing Zone