Four Steps To An Effective Anti-Phishing Solution

Abstract

Historically, threat actors used phishing tactics, and sent emails to try to dupe unsuspecting victims. These were mass email campaigns with a low success rate. Today, however, attackers carry out targeted and focused tactical email campaigns as part of spear phishing attacks. This solution brief provides a four-step recommendation to bolster your defense against sophisticated phishing email attacks. An effective anti-phishing solution combines innovative tools and techniques specifically designed to combat phishing with consistent and accurate communication. Four steps: Prevent, Protect, Align and Inform.

Prevent: Use analysis techniques specifically designed to prevent spoofing and unknown threats

Spam filters, which are specifically designed to let legitimate email into your corporate network, will not stop phishing email that looks identical to the real thing. An effective anti-phishing solution must be able analyze a variety of message attributes (including sources, formats, structures and content) that set phishing email apart from spam and legitimate email, and make definitive judgments about authenticity. The solution must include email authentication protocols such as DMARC (Domain-based Message Authentication, Reporting and Conformance), SPF (Sender Policy Framework), and DKIM (Domain Keys Identified Mail) to enforce proper validation on all incoming messages and prevent spoofed emails. 2 In addition, the solution must contain effective isolation techniques such as sandboxing to prevent advanced threats. A sandbox detects malwares and unknown threats hiding within email attachments in a safe environment and prevents them from reaching your network.

Protect: Develop containment and control protocols specifically for phishing email

Phishing email is not spam. It should not be placed into quarantine with spam and allowed into your corporate network where your employees might remove it from quarantine and act on it. An effective anti-phishing solution must be able to segregate phishing emails immediately from other types of unwanted email and offer your IT department the option of deleting them at the perimeter of your network, before they have a chance to reach any recipient. We strongly recommends that organizations allow only authorized IT staff members to view and delete phishing email once it has been identified and segregated.

Align: Make your anti-phishing solution part of an overall email security solution

Your anti-phishing solution should not stand alone. An effective solution should offer a number of options that align with other corporate security processes. Your legal department may want a paper trail of all attempted phishing attacks, while corporate security may want alerts about new types of phishing as they emerge. Your anti-phishing solution also should be linked into a greater network of security entities outside your business that send out regular alerts about emerging fraud techniques. This gives your IT department the best possible information and the longest possible lead time to build new defenses before a new phishing outbreak hits your organization.

Inform: Improve the phishing IQ of your organization

The more your employees know about how they are being targeted and what they should do when they suspect email phishing, the more likely they are to take appropriate action when you are hit by a phishing attack. An effective anti-phishing solution needs distinct phishing reporting and alert and feedback tools, so that administrators can be kept aware of trends, make necessary modifications at the network level and report those findings back to other entities that are part of your security network both inside and outside your organization. Alerts should be educational, instructional and should heighten awareness and caution.

Conclusion

Phishing tactics are evolving. Today phishing campaigns are used as a delivery mechanism for ransomware and zero-day threats. Social engineering has made it difficult to distinguish between spear-phishing or whaling emails from authentic ones. While specialized applications to prevent spam and virus attacks are available, a solution that integrates anti-spam, anti-virus, anti-phishing and advanced threat protection makes the most sense. Not only does an integrated solution reduce administration and increase efficiency, it also allows you to analyze the sources of greatest threat and respond accordingly.