The Dark Side of Phishing Protection
The transition to the cloud, poor password hygiene and the evolution in webpage technologies have all enabled the rise in phishing attacks. But despite sincere efforts by security stakeholders to mitigate them – through email protection, firewall rules and employee education – phishing attacks are still a very risky attack vector.
A new report by LayerX explores the state of phishing attacks today and analyzes the protections organizations have in place to protect against them. This report, “The Dark Side of Phishing Protection: Are You as Protected as You Should Be?” (Download here), can be leveraged by security and IT professionals across organizations in their security efforts. They can use it to pinpoint any internal security blind spots they have and identify controls and practices that can help them gain visibility into those blind spots.
Understanding the Threat: Phishing Stats
Phishing is on the rise. Based on a number of sources, the report describes the magnitude of the problem:
- 61% increase in overall phishing attacks on enterprises
- 83% of organizations were subject to a successful phishing attack
- Over 1100% increase in phishing URLs hosted on legitimate SaaS platforms
A Phishing Attack Breakdown: Where is the Protection Blind Spot?
Why are these stats so high? The report details the three main ways attackers are able to exploit systems through phishing:
- Email Delivery: Successfully sending maliciously crafted emails to the victim’s inbox or through social media, SMS messages and other productivity tools.
- Social Engineering: Luring the user to click the malicious link.
- Web Access and Credential Theft: Having the user access the malicious web page and insert his\her credentials. This is also where the protection blindspot resides.
The Three Alternatives to Protecting Against Phishing Page Access
As a security professional, you also need solutions to the problems. The report provides three paths forward to protecting from phishing page attacks:
- Page Reputation Analysis: Analyzing the target page’s URL by utilizing threat intelligence feeds and calculating its score. The gap: these feeds are not technologically able to cover all threats and risks.
- Browser Emulation: Any suspected web page is executed in a virtual environment to unfold any phishing or other malicious features it embeds. The gap: cannot be applied at scale, as it is resource-heavy and creates latency.
- Browser Deep Session Inspection: Analyzing every live web session from within the browser and inspecting the gradual assembly of the web page to detect phishing behavior, which triggers either session termination or disablement of the phishing component.
This solution protects the organization at the critical point of where the attack’s objective takes place: the browser itself. Therefore, it succeeds where other solutions fail: if an email protection solution fails to flag a certain email as malicious and passes it to the employees’ inbox and if the employee fails to avoid clicking the link in the email, the browser security platform will still be there to block the attack.
Deep Dive: Browser Security Platform and Deep Session Inspection 101
The key takeaway from the report is that IT and security experts should evaluate a browser security platform as part of their phishing protection stack. A browser security platform detects phishing pages and neutralizes their password theft capabilities or terminates the session altogether. It deeply inspects browsing events and provides real-time visibility, monitoring and policy enforcement capabilities.
Here’s how it works:
- The browser receives a web page code
- The browser begins executing the page
- The browser security platform monitors the page and utilizes ML to detect phishing components
- The browser security platform disables the page’s phishing attacks