Vade Secure launched IsItPhishing Threat Detection, an anti-phishing solution that helps Security Operations Centers (SOCs) identify and block targeted phishing attacks. Easily integrating with existing SIEM and SOAR solutions through a lightweight API, IsItPhishing Threat Detection delivers a real-time verdict on whether a suspicious URL is phishing or not. These verdicts can be leveraged in SOC workflows to accelerate phishing detection, response and resolution.
Real-time phishing detection powered by machine learning
To detect unknown, targeted phishing attacks, IsItPhishing Threat Detection’s machine learning algorithms perform real-time analysis of nearly 50 features of the URL and page content. These models have been trained using Vade Secure’s global threat intelligence from 500 million mailboxes and 6 million daily URL scans. Moreover, the number of features is optimized frequently using an advanced Recursive Feature Elimination Algorithm to ensure accuracy, with zero false positives.
As part of its analysis, IsItPhishing Threat Detection leverages several features, including:
- Token anonymization: Tokens within URLs are randomly replaced in order to safely explore the page content without inadvertently triggering any action/tracking on behalf of the user.
- Mobile rendering: Pages are explored across more than 30 device-browser combinations to thwart attacks that display their content only when accessed from mobile devices.
- Regional page exploration: Pages are explored from four different zones to combat attacks that display content only when accessed from the target location.
Enhanced productivity and protection for SOCs
By automating phishing detection, IsItPhishing Threat Detection addresses several major challenges faced by SOCs, including a rise in phishing attacks, chronic understaffing and a deluge of alerts that make timely manual detection impossible.
“Phishing has overtaken ransomware as the top attack vector as hackers focus on exploiting human vulnerabilities,” said Adrien Gendre, Chief Solution Architect, Vade Secure. “Most SOCs are not set up for success against these threats – they are too understaffed to manually check every suspicious URL, and current processes make it difficult to react to short-wave attacks. IsItPhishing Threat Detection alleviates these issues by automating and accelerating phishing detection, response and remediation.”
IsItPhishing Threat Detection offers SOCs the following benefits:
- Detection of unknown, zero-day attacks: The solution detects new phishing URLs from the first wave or email sent thanks to its predictive, machine learning-based approach. SOCs can block new threats before attacks are over or a URL has already been clicked.
- Increased SOC analyst productivity: Through real-time detection of both known and unknown phishing attacks, the solution reduces the number of alerts and false positives SOC analysts must process, freeing them up to focus on higher value activities.
- Easy integration with SOC tools: The lightweight API easily integrates with leading SIEM and SOAR solutions, such as ArcSight, Demisto, Mandiant, Rapid7, Splunk, and Siemplify. Organizations can enhance their security without disrupting their existing architecture.
- Universal phishing defense: Instant detection of phishing URLs can trigger automated workflows to block access across an organization’s entire network, whether it originated via email or other means such as messaging systems, websites, documents and cloud services.