Many attacks begin with a “spear phishing” email targeting a business or a specific employee. Often the message contains a link to a fraudulent website, enabling the attacker to steal login credentials.
“My secure email or Web gateways would detect phishing, right?”
More likely for general mass attacks than for targeted attacks. Cisco Umbrella can help with both. Umbrella’s PhishTank data is automatically integrated and enforced for known phishing sites. Then, similar to our advanced malware and breach protection, our predictive intelligence can discover Internet infrastructure used to host phishing sites—before your employees ever receive the phishing email.
Attackers often use social engineering tactics like phishing—to exploit our trust—rather than vulnerabilities to exploit our systems. It’s very common in targeted attacks, as stolen login credentials enable attackers to get “backdoor” access into systems without the use of malware. Even the most advanced email security technologies are challenged to detect spear phishing from a reputable sender. Your team may be deploying new user identity protections like two-factor authentication to mitigate the risk, but the rollout is often slow and incomplete. Umbrella fills the security gap quickly, because many phishes link to websites rather than to attach malware. When an employee clicks the link, Umbrella directs their device to connect to our block page server instead of the fraudulent URL.
Touchscreen email clients and mobile-formatted websites make phishing an even deadlier weapon. Even vigilant employees aware of security risks find it challenging to verify the true destination of Web links, let alone spot that the website is fraudulent. At the same time, your team must figure out how to implement network security and user identity protections on employee-owned devices and public cloud apps. Umbrella is one such network security solution. Our phishing protection works on any device without sacrificing performance because it works in the same way as the Internet. Using DNS, the Internet automatically translates the phishing site’s domain name to its IP address. And Umbrella leverages this process to block malicious domains, IPs, and even URLs using our Intelligent Proxy.
The Umbrella Security Research team takes a predictive approach to security. Our goal is to continually innovate ahead of the pace of technology change and build the best phishing protection and security platform possible without sacrificing performance. By analyzing 80 billion or more queries a day, we block more than 80,000,000 malicious requests each day. And we’re always iterating on our algorithms and expanding our visibility to provide predictive security whenever possible.