How Innovative Detection Techniques Prevent Phishing

Vivek Bhandari |@Area1Security| Area 1 Security

Is your security infrastructure able to block targeted phishing attacks? According to a recent research report, most organizations can’t. Specifically, 76% of infosec professionals surveyed indicate their organizations experienced phishing attacks in 2017. And the annual cost of detecting and remediating attacks is on the rise, averaging $11.7M in 2017. Why are phishing attacks still succeeding despite continued investment in security solutions? Email, web, and other traditional security technologies typically use signature- and behavior-based threat information derived from analyzing current cyberattacks to detect and block threats. Only after a cyberattack is launched and active, and early victims impacted, is threat data finally collected and analyzed, and information extracted that traditional security infrastructure needs to protect against the latest attack. And by that time, it’s too late.

Early detection of phishing campaigns

To improve the effectiveness of your security infrastructure, you must get ahead of phishing attacks. Your security infrastructure needs information about malicious phishing sites before their attacks go live. Proactively hunting for phishing sites as they’re set up, plus uncovering new campaigns before attacks launch enable data harvesting early in the attack lifecycle. That early threat data coupled with decisive actions provides the critical missing ingredient necessary to protect you from targeted phishing attacks.

HIgh-speed indexing helps uncover phishing sites

To make possible the early detection of phishing sites and infrastructure, Area 1 Security uses several automated systems that execute a variety of techniques, including high-speed phish indexing to discover new sites. Behind every phishing campaign, attackers typically set up infrastructure to host their credential harvesters to breach the front door; or exploit kits that install malware on target machines to breach the back door. Area 1 Security web crawlers proactively and continuously search the Internet to find new phishing infrastructure as it’s set up. They track usage of exploit kits, identify compromised sites, and discover exploit kit gates that serve malware. Browser emulation, simulating different endpoints, OSs, and browsers, uncovers compromised sites serving suspicious content, which is then preemptively sandboxed and analyzed to uncover hidden malware. These techniques provide early insight into new phishing infrastructure and campaigns, plus the early, accurate threat information that powers Area 1 Security’s Horizon™ anti-phishing service.

Area 1 Horizon service provides phishing protection

The Area 1 Horizon anti-phishing service inspects customer email and web traffic, as well as effectively detecting and blocking targeted phishing attacks that other security technologies miss. The service also integrates with select edge infrastructure, such as firewalls and web proxies, to identify and stop targeted phishing attacks, protecting all traffic, including email, web, and network for maximum security effectiveness. Adding Area 1 Security anti-phishing service to your security infrastructure reduces risk by closing the targeted phishing security gap that other technologies miss.

For more information about Area 1 Security detection techniques against targeted phishing attacks, including instant email link analysis, encrypted attachment analysis, and computer-vision imposter detection, watch the webinar “To Catch a Phish: Detection innovations.”