Our mission is making INBOX.CLEAN™ a reality: stop phishing attacks — the root cause of 95% of breaches — before they reach users. Get the only solution that preemptively stops Business Email Compromise, malware, ransomware and other advanced threats by discovering and eliminating them before they cause damage.
Email Security has certainly come a long way. With cloud messaging now the standard versus the legacy on premise approach (Lotus Notes anyone?) the strategy of securing these clouds has also experienced a revolution.
Area 1’s cloud-native SaaS solution supports three key use cases: preemptive anti-phishing across all threat vectors (email, web, social, network); cloud email security / SEG replacement; and phishing security automation for SOC teams.
Area 1 is a Microsoft Certified Partner and a Google Cloud Security Technology Partner of the Year. We also integrate with a number of SIEM, SOAR, SEG and firewall technology providers to fit your unique infrastructure. Learn More
FIND A CHANNEL PARTNER
Work with trusted cybersecurity experts across the globe to secure your business. Learn about our partnerships with Legato Security, Optiv, SADA Systems, SYNNEX and others. Channel Partners Become A Channel Partner
OVERVIEW As cybercrime evolves, fraud — in particular phishing and business email compromise (BEC) — has risen to the top both in terms of prevalence and financial damage caused. The FBI recorded $3.5 billion in reported losses due to cybercrime in 2019. Much of this was due to financial fraud like BEC, rogue wire transfers, ransomware, and spoofing. In fact, the most costly cybercrime in the US was BEC, costing over $1.7 billion and making up over 40% of all internet crime related losses in 2019.
The latest forms of cyber fraud present a particular challenge to legacy email security systems. TradiIn fact, legacy solutions miss over 30% of attack campaigns. With 95% of breaches caused by phish, this creates a huge security gap and adds exponentially to security operation workloads. To combat modern cybercrime, organizations need to adopt solutions with Active Fraud Prevention capabilities to comprehensively detect and stop attacks missed by SEGs.
ACTIVE FRAUD PREVENTION WITH AREA 1 Stopping modern fraud attacks requires the ability to detect low-volume, targeted phish and BEC. As attackers increasingly use social engineering over malware for many of these attacks, detecting malicious intentions, even if there is no malware present, is key. Discovering fraud attempts, often conducted over a span of multiple conversations, over weeks and months, also calls for advanced machine learning algorithms.
Area 1 Security takes a machine + human approach for comprehensive Active Fraud Prevention across all threat vectors for fraud: email, social, web and network. Our approach allows us to stop all the threats anti-spam, anti-virus and advanced threat protection systems typically catch, but we also go above and beyond to preempt attacks and stop active fraud campaigns before they do harm.
Preempting attacks starts with Area 1’s ActiveSensors™ for massive-scale web crawling and small pattern analytics engine (SPARSE™), which allow us to proactively discover and track attacker infrastructure. With these technologies, Area 1 is able to detect emerging attack infrastructure an average of 24 days before phishing campaigns go live. Through our extensive research and detection of phishing campaigns, we’ve tracked and divided BEC evolution into the following types:
Type 1 BEC uses CXOs and display names as a lure through inter-organization impersonation.
Type 2 BEC uses hijacked employee accounts as a lure in intra-organization impersonation.
Types 3 and 4 BEC rely on account takeovers and spoofing of trusted supply chain partners respectively, making them the most difficult to detect and most financially damaging.
Area 1 excels at detecting all four types of BEC, but we’re particularly good at catching the sophisticated, long-con Types 3 and 4 BEC fraud commonly missed by legacy email security systems.
Our Active Fraud Prevention approach includes:
Area 1’s automated supply chain BEC phish detection, which addresses the vast majority of these partner account takeover-based BECs. We also take a combined machine/human approach designed to uncover the slow, drawn-out development of Types 3 and 4 BEC phish..
Area 1 conducts continuous machine level assessments of all messages for emergent signals of fraud. Messages are also auto-classified, surfacing categories of interest like financial messages.
After multiple levels of machine-driven detection, we employ escalated analyst reviews of change requests in the small amount of financial messages with undetermined verdicts.
Final joint confirmation with Area 1 security analysts and customer SOC teams results in precise verdicts with low false-positive rates. This process allows for scalable and accurate detections that stop active fraud campaigns in their tracks.
The methodologies and technologies we employ for preemptive and active fraud prevention can be summarized in the chart below:
Through this advanced method, Area 1 has intercepted more than $233 million Type 3 BEC fraud campaigns targeting Fortune 500 companies in just the first 12 weeks. Since 2019, we have also caught more than 100 million phish missed by SEGs.
Area 1 Security is the only cybersecurity company able to comprehensively block phishing and fraud attacks before they do harm. To protect your organization from modern cybercrimes, try us out at www.area1security.com/try-area1.
https://www.area1security.com/wp-content/uploads/2021/12/Resource_SolutionBrief_MitreAttack_Thumbnail.png410667Marcos Rodriguezhttps://wordpress-alpha.area1.net/wp-content/uploads/2021/10/Area-1-horizontal-white.pngMarcos Rodriguez2020-09-28 12:36:182021-12-15 14:42:11How Do You Map Anti-Phishing to the MITRE ATT&CK™ Framework?
https://www.area1security.com/wp-content/uploads/2021/12/Resource_eBook_BEC123_Thumbnail.png410667Marcos Rodriguezhttps://wordpress-alpha.area1.net/wp-content/uploads/2021/10/Area-1-horizontal-white.pngMarcos Rodriguez2020-03-20 14:39:472021-12-15 19:55:54The New Era of Business Email Compromise Phishing Attacks