Phishing emails continue to be the single largest threat source for cyber-attacks. While most organizations believe that an email security gateway can guarantee a phish free environment, it certainly is not true. According to a survey conducted by PhishRod on “State of Phishing Readiness across Middle East & Africa” 99% of organizations reported that they have been receiving phishing emails despite having an email security gateway in place.
Lessons learned by organizations over the year confirm that phishing is not a technology problem. The solution requires blending the technology, end user engagement & robust phishing incident response.
Email Gateway is critical but not the only solution
There is no doubt that email security gateway plays the role of a primary defense layer against phishing attacks. The dilemma, however, is that this primary layer can easily be bypassed. Once a suspicious email bypasses the email gateway it is a one on one encounter between the hacker and the end user and this is where the end user engagement & empowerment is significant.
Conventional VS Next Generation Reporter Plug-In
End User Reporter Plug-In is a common form of engaging end users to report suspicious emails. The conventional reporter plug-in does not provide any intelligence to the end user hence the reporting is truly based on the look & feel of the email & largely on the instinctive behavior. This results in more false positives & an increased burden on incident response teams. Next Generation Reporter Plug-In capability provides intelligence & alerts to end users which facilitates their decision to report suspicious emails. Next Generation Reporter Plug-In is an active agent that scans every incoming email before it enters the mail client. During the scan, if it determines that the email is coming from a suspicious source, the end user is alerted and encouraged to report the suspicious email.
Automated & Proactive Phishing Incident Response
Once an end user reports a suspicious email through the next generation reporter plug-in, a robust remediation process should be in place to analyze, quarantine & delete the suspicious email. The analysis capability for remediation should be vendor-neutral and should provide multiple sources for threat intelligence. The analysis should focus on different dimensions of a suspicious email such as IP Reputation, Domain Reputation, URL Analysis, Payload Analysis, Site Verification & Email Verification. Once the analyst has enough evidence, the workflow must provide the functionality to quarantine/delete suspicious emails from all end user mailboxes.
PhishRod: A Comprehensive Suite for Phishing Defense
PhishRod is the fastest growing anti-phishing solution provider in the region that helps organizations to implement an effective phishing defense strategy. PhishRod suite contains the following modules.
PhishScout : Automated & Proactive Phishing Incident Response with 90+ Built-In Threat Intelligence Engines to analyze, quarantine & delete suspicious emails.
Phishing Simulator : Determine end user behavior against phishing attacks.
Security Awareness Manager : Automate Security Awareness Program through a rich content library.
Policy Compliance Manager : Ensure compliance & consent of corporate IT Security Policies.