Anti-Phishing Requires A Three-Pronged Strategy: Technical Controls, End-user Controls and Process Automation
Posted on November 1, 2019 by Benjamin Bressington
Anti-Phishing Requires A Three-Pronged Strategy: Technical Controls, End-user Controls and Process Automation.
Email phishing remains the most commonly exploited attack vector despite many organizations making significant financial investments in phishing awareness training, DMARC and gateway-level email security tools. According to research from CyberDB, 156 million phishing emails are sent out every day and email users receive up to 20 phishing emails each month.
This whitepaper explores how modern phishing techniques, such as business email compromise (BEC), ransomware, spear-phishing and advanced persistent threats (APTs) are meticulously designed to defeat traditional email security approaches and how The ChatFortress Email Guardian and Ironscales’ advanced threat protection platform is uniquely built to addresses the contemporary techniques of phishers.
After reading this whitepaper, CISOs, SOC teams and IT security professionals will have an understanding for how ChatFortress Email Guardian anti-email phishing platform:
- Detects and responds to phishing emails that bypass traditional email security, minimizing risk, workplace disruption and ensuring business continuity.
- Reduces SOC workload burden by combining automation, orchestration and rapid response into a repeatable workflow.
- Closes the gap between end users and technology by creating a human-centric automated, adaptive and repeatable workflow that strengthens detection and response of suspicious emails.
- Decentralizes intelligence by anonymously leveraging user-led email threat sharing of emerging phishing campaigns.
- Is deployed on-premises or via the cloud andthat seamlessly integrates natively into O365 or G Suite as a standalone platform or as a complement to email security tools already in use.
Why is Email Phishing Still so Successful?
- Sender impersonation is very easy, as the email protocol was not designed to truly authenticate sender identity.
- Efforts like DMARC to authenticate domains are not granular enough to authenticate users and do not address all attack types.
- The proliferation of highly-targeted phishing schemes is overwhelming to SOC and security teams, who stand no chance to detect and respond quickly enough to every attack without the proper workflow for dealing with suspect emails.
- Gaps in email security exist because humans and technology have traditionally operated in silos, leaving gapping vulnerabilities for phishing attacks to exploit.
- Most implemented secure email gateways (SEGs) are not designed with post- delivery detection and remediation capabilities, costing incident responders and email admins time.
Many smaller companies don’t have a person or role within their company that manages email security. Quite often these SMB’s are relying on existing software or hardware solutions to protect them from these phishing attacks. ChatFortess solves this problem by being your Virtual Email Security Officer.
Learn More about Virtual Email Security Officer
IRONSCALES analyzed data of more than 2 million mailboxes across four continents to better understand trends in email phishing, attacker patterns, phishing tools & capabilities, and hacker preferences. In total, more than 7,500 human verified attacks that bypassed other counter measures like SEG were evaluated. Of those attacks:
- For every 5 brand spoofed attacks (Like Paypal or DHL) identified by email filters, approximately 20 spear-phishing attacks bypassed the safeguard of email filters and went undetected into the mailbox.
- One-third (33%) of attacks targeted just one mailbox.
- Almost 95% of email phishing attacks were highly-targeted campaigns, with the majority impersonating internal communications teams or individuals (i.e. CEO fraud).
Vulnerabilities of Existing Email Security Tools
- Humans are not prompted with indicators of compromise to detect attacks missed by technical controls, leaving gaps in dealing with suspicious emails.
- There is no post email-delivery threat detection that is supported by an automated workflow consisting of threat analysis and rapid response, costing incident responders and email admins valuable time.
- A lack of real-time user-lead email threat intelligence (both human and machine) to mitigate and resolve emerging phishing campaigns quickly.
- Tools are not easy to use, unified, integrated and orchestrated into a single platform.
- Neither end users nor end-user reports are integrated into most email security solutions and workflows, meaning that such tools are absent of any intelligence gained from employees.
Adapting to the New Email Threat Landscape
“We can’t escape the fact that humans and machines complement each other and together they can outperform each alone. ML reaches out to humans for assistance to address intent uncertainty. ML aids humans by supporting administrator awareness and providing assistance to higher-tier SOC analysts.”-- Gartner
The ChatFortress Email Guardian platform combines human intelligence with advanced machine learning to help organizations limit risk from specific phishing attacks, including those with:
- Malicious Attachments: (malware and ransomware)
- URL’s in email body or attachment: (malware, credential theft or ransomware)
- Business Email Compromise (BEC): (Spoofing & Impersonation)
Reduce Risk with Multi-Layered Human Centric Threat Protection
Anti-phishing requires a three-pronged strategy: technical controls, end-user controls and process automation.
“Use technical controls to block as many phishing attacks as possible. But make users an active part of the defense strategy.” -----Gartner
A best practice of email security is to always assume one control will always fail and that another is prepared to cover for it. IRONSCALES has built the world’s first multi-layered platform to detect, prevent and respond to phishing attacks at any stage (pre and post-delivery) in the form of rapid incident response.
The ChatFortress Email Guardian platform combines human centric detection, mailbox intelligence, user- led anonymous intelligence sharing and rapid response inside of an automated, adaptive and repeatable workflow.
The Layers of the ChatFortress Email Guardian Platform
Layer 1: Attack Simulation and Awareness Training: IronSchool
IronSchool is a customized micro-learning method to help employees to think and act as a virtual SOC response team members, becoming proactive against malware attacks. Our gamified, interactive micro-learning method is customized to each employee based on an initial assessment of users phishing recognition and classification skills.
Layer 2: Advanced Malware and URL/Link Protection: IronShield
IronShield is a cloud-based email protection module that helps protect organizations from zero-day malware and phishing websites by providing real-time protection against all inbound emails, using various multi AV and Sandbox engines.
Layer 3: Advanced Protection Against Business Email Compromise (BEC): IronSights
IronSights prevents email spoofing and impersonation attacks in real-time by combining smart fingerprinting with trusted relationships to determine what is normal user behavior and communication habits. Using machine learning algorithms, IronSights continuously studies every employee’s inbox to detect anomalies based on a first-of-its-kind sender fingerprint technology, which can identify the authenticity of a sender based on both email data and metadata extracted from previously trusted communications.
Layer 4: Automated Email Phishing Investigation, Orchestration & Response: IronTraps
IronTraps streamlines phishing incident response by conducting email phishing investigation, threat intelligence gathering (forensics), orchestration and rapid response automatically or at the click of a button. This process eliminates the need for an army of highly trained SOC or security analysts to manually deal with the continuous growth of daily reported email threats, reducing the time from detection to remediation from weeks or months to just seconds.
Layer 5: An AI-Driven Virtual Security Analyst: Themis
Themis is an AI-driven virtual security analyst that helps security teams determine a verdict on suspicious email incidents in real-time. By mimicking security analyst’s decision-making criteria, Themis can predict with high-confidence the legitimacy of any suspicious email, improving the efficiency of email phishing classification and expediting the resolution of confirmed phishing threats.
Layer 6: Automated & Collaborative Phishing Campaign Detection: Federation
Federation offers real-time human verified actionable collaboration, integrated with automated incident response, as a means to better prepare and respond to new attacks before they target other employees’ or other companies’ inboxes. By decentralizing and distributing threat intelligence automatically, companies around the world can implement proactive phishing protection to defend against unknown threats that have already been verified by other security experts within the Federation community.’
If you want to know more about our Virtual Email Security Officer solution please contact our team.
ChatFortress Eliminates Bank Transfer Wire Fraud and Eliminates Email Phishing Attacks!
Helping you verify the device and the person you're sharing wire information with via our secure chat platform. When you need to validate the person you are sending information you need ChatFortress communication. To speak with a ChatFortress Agent call (307) 999-7755. If you want a demo you can Schedule a ChatFortress demo here.
Speak with a ChatFortress Specialist
Discover how ChatFortress can help your company reduce your risk and exposure without installing complicated systems that require your team to work harder. Call your ChatFortress Specialist now. 307-999-7755