By Lior Samuelson, CEO, Cyren
The cloud can stop phishing in its tracks faster than appliances
After the rise of ransomware over the last few years (largely combatted through better detection of the malware and more attention paid to having decent backups), phishing has stormed back onto the IT security manager’s radar.
According to our latest survey on IT security in the UK and Ireland, phishing is now the second most pressing cybersecurity issue after data breaches. The survey of 104 IT and security managers found that the majority of organisations report that their security was increasingly failing to block phishing emails over the past year.
With the intensity of phishing attacks increasing, simply waiting for malware to hit the endpoint is not enough. Many organisations have appliances in place within their infrastructure to check data coming into the network to see if it contains malware or phishing attacks. These appliances have to match suspicious content against signatures or carry out heuristic analysis. They also have to be constantly updated as threats change.
Not only that, these email and web content security solutions take up a lot of an IT professional’s time with such tasks as creating spam rules, examining quarantines and creating blocklists. If filtering is too aggressive, there will be more false positives, meaning more time spent in support calls and dealing with complaints. Such manual interventions are a direct result of technology failure.
Users can also be less than vigilant when it comes to clicking on links they see in emails or on the web. User training can help, but it only takes one person to click on something suspicious for an infection to occur.
Cybercriminals are getting smarter and will adapt quickly to any security measures put in place – basic security measures may weed out a lot of spam, but are no good against today’s sophisticated, targeted phishing attacks. In order to better protect an enterprise’s infrastructure, preventing phishing and malware should be automatic; it should just work.
Leveraging the cloud
In order to combat the evermore sophisticated phishing attacks we see today, we have to speed up the time it takes to detect and block such attacks. The cloud is by far the best way in which to do that, as everything gets updated instantaneously.
Why is that? Well imagine a vendor with an anti-phishing appliance in their customer’s network. If a vendor’s analysts spot something on that device and decide that it is malware or a phishing attack, they then have to update other appliances (sometimes running into the thousands) around the world. This takes a long time – even if a vendor is really fast, it could still take an hour. Most of the time, it takes far longer. If a vendor uses the word update, they are probably not secure.
All the while, attackers are looking to advanced cloud automation and evasion techniques to bypass these cyber perimeters. A legacy response just isn’t fast enough.
The key to a quick response is not just the cloud, but also automation and artificial intelligence. You have to be proactive to identify and mitigate evolving threats before they become a problem.
The cloud allows you to have a large, distributed system that can actively track millions of new domains and websites every day. This proactively fetches traffic, takes the output from that, whether that is URL lists, drive-by downloads, DNS transactions, etc. and harvest it in a multiple-cloud sandbox in real time without waiting for customers to harvest any data themselves.
Machine learning, analytics and automation
To process all of this information requires big data analytics, large-scale automation and machine learning. With this in-built intelligence, a system, such as the one we offer, can spot anomalies based on the behaviour exhibited. Instead of focusing in on one particular vector, we can analyse a multitude of different vectors including files, emails, domains, among others.
Multiple sandboxes are used in analysis to pinpoint suspicious activity and determine threat levels. This is used to prevent threats way before they can infect systems, saving a lot of money and heartache. Once a threat is detected, all users are protected – instantaneously – that’s the beauty of the cloud.
This new approach to internet security means that enterprises have the means to get ahead of the threats facing their business and protect themselves in seconds, not hours.