Industry reports suggests that over 90 percent of all breaches involve phishing and social engineering, so what are you doing to protect users from phishing at your organization? Well, according to our research the number one priority of organizations for protecting against phishing threats is employee education and training. Is that enough? Shouldn’t security teams be doing a lot more to keep users from being exposed to phishing threats, especially with today’s distracted, multi-tasking employees?
While we certainly recommend employee education and training against phishing threats, given the number of phishing sites that go live in any given day and the sophisticated new attack vectors that play on employee vulnerabilities, education and training may not be enough. What is needed today is a layered approach to security defenses, combining employee training bolstered by real-time phishing site detection.
In combination with other preventative measures, a real-time phishing site detection tool should have a number of features to ensure that phishing threats are detected quickly to benefit more users. Here are 9 features that your phishing site detection solution should have:
- Real-time phishing site detection technology with machine learning at the heart of the solution to detect malicious phishing sites by examining page contents and server behavior instead of relying on traditional URL analysis and domain reputation, methods which are easily evaded. (here’s our SEER™ technology as example)
- Definitive, binary threat verdicts: malicious or benign. Without definitive verdicts, overworked IT security teams may be burdened with researching sites with inconclusive threat risk scores and may not spot them until it’s too late to protect employees.
- A solution that works across all phishing attack vectors including email, pop-ups, ads, search, social media, IM, etc.
- A track record of near-zero false positives so that timely, automated blocking by firewalls or other blocking infrastructure is feasible.
- It should produce an accurate and continually updated blacklist of malicious sites, with aggressive re-checking to remove inactive sites, to yield a more manageable sized list of current threats to block.
- To protect more users, it should be device and OS agnostic.
- Threat detection should be zero-latency, out-of-band, and cloud-powered with no PII sent to the cloud.
- Ability to detect malware callbacks to malicious C&C servers.
- Detailed forensics with phishing site screen capture, reporting and incident information for on-going employee education and training.
Compromising on any of these key features can leave your organization vulnerable to today’s fast-moving, web-based phishing threats. With thousands of new threats appearing each day, it only takes one successful phishing attack to cause organizational mayhem. SlashNext definitively detects phishing sites with virtual browsers and state-of-the-art machine learning algorithms, producing a dynamic blacklist for automated blocking by your URL filtration / blocking defenses. It’s a whole new level of protection from the growing number of sophisticated zero-hour phishing threats on the web.
For more information about SlashNext SEER technology, visit our technology page.