Phishing protection solutions are a category of cybersecurity software designed to prevent phishing attacks. Since their conception, phishing attacks have evolved to become highly complex and targeted, allowing them to evade traditional email security gateways. As a response to this, email security providers developed a new type of solution dedicated specifically to phishing protection and the prevention of business email compromise (BEC): Integrated Cloud Email Security (ICES) solutions.
Integrated cloud email security solutions sit within each user’s inbox and use machine learning to scan inbound and outbound emails—and sometimes other internal communications—for malicious activity. If the solution finds something suspicious—such as an unusual attachment type from an unknown sender, or an unusual request from a known user—the email is either removed, quarantines, or delivered with a warning banner explaining to the recipient about the potential risks associated with the email.
Cloud email security solutions usually also include a “report phishing” plug-in that enables users to report phishing attacks directly from their inbox. The best solutions combine this functionality with phishing simulations that train users to identify and report phishing threats. Together the combination of technological and human-centric security creates the most effective barrier against phishing attacks.
In this article, we’ll explore the best phishing protection solutions. Some of the providers on this list combine cloud email security with phishing simulations; others extend their phishing protection beyond email to cover other communication channels, such as Slack and Teams. We’ll give you some background information on the provider and the key features of each solution, as well as the type of customer for which they are best suited.
IRONSCALES is the fastest-growing email security company in the world and the market leader in anti-phishing technologies. Their post-delivery protection solution offers protection against advanced phishing email threats like business email compromise (BEC), VIP impersonation, and Account Takeover (ATO). Their cloud-based solution is fully compatible with Office 365 and Google Workspace, meaning it is easy to deploy and does not require any MX record changes. Delivered as a comprehensive platform with a single admin dashboard, IRONSCALES’ solution provides security teams with the ability to detect and remediate phishing attacks.
IRONSCALES combines artificial and human intelligence to identify and automatically remove malicious emails in real-time. Once a suspicious event has been detected, IRONSCALES’ virtual security analyst (named Themis) detects and removes the threat from all impacted end-user inboxes, thereby reducing the workload of your busy security team. Each time this happens, the platform logs and remembers it so that the same attack can never infiltrate the network again.
IRONSCALES also allows end-users to report suspicious emails with a button directly inside their email inbox, regardless of whether they’re on desktop or mobile. When an end-user reports an attack in this way, all other users who have received the email will be notified with a customizable warning banner. Finally, they offer tailored, gamified phishing awareness training to teach users how to identify and report real-world attacks.
IRONSCALES’ complete solution is suited for organizations that need powerful, automated protection against phishing attacks.
Trustifi is an email security an encryption provider that enable businesses to protect both their inbound and outbound communications against sophisticated email threats, including spear phishing and account compromise. Trustifi’s solution offers comprehensive security by combining outbound email encryption, which keeps sensitive data at rest, in storage and in transit safe from spying eyes, with inbound email security that scans inboxes for malicious content and blocks any threats. Trustifi deploys via API—requiring no MX record changes—and is fully compatible with local email clients, Office 356 Outlook and Google Workspace.
Trustifi’s Inbound Shield scans all inbound email communications for malicious content such as spam, phishing attempts and malware attachments, assigning each email a threat level and threat type. These range from “Authenticated”, meaning that an email is safe, to warning such as “Impersonation Attack” or “Spoofing Attack”, which warn that an email has been deemed dangerous. High-threat emails are either delivered with a warning, quarantined or blocked, according to admin-configured policies, ensuring malicious content never reaches its intended recipient. As well as configuring quarantine policies, admins can set up white- and blacklisting to prevent repeat attacks from known malicious senders, and to prevent trusted external senders from having their emails mistakenly quarantined.
As well as its inbound security, Tustifi offers AES 256-bit encryption for outbound emails that ensures all sensitive data is stored and sent securely. Recipients don’t have to have an account with Trustifi to decrypt emails, but admins can require that they must verify themselves via 2FA. This means that, if an inbox is compromised, the attacker won’t be able to access sensitive data by searching email content and they won’t be able to prove their identity.
Trustifi’s platform is praised for its ease of use, both from an admin and end user perspective. It comes with pre-configured setting to provide instant protection once deployed, before admins sign in to configure more granular email security settings such as email domain and file type blocking. We recommend Trustifi as a robust, user-friendly solutions for organizations trying to stop phishing attacks, and prevent bad actors accessing sensitive data in the case of successful business email compromise.
Abnormal Security provides enterprise-grade protection against sophisticated phishing, supply chain fraud, and social engineering attacks. The cloud-native, API-based email security platform uses behavioral AI to ensure strong email protection, detection, and response. Ten percent of Fortune 500 companies trust Abnormal Security to protect their cloud environments.
Abnormal uses behavioral AI to compute a thorough understanding of the people who make up and interact with your enterprise. Their solution works by baselining known good behaviors while analyzing over 45,000 signals to detect any anomalies deviating from the established baseline. By understanding known good behavior, Abnormal can block advanced socially-engineered and unwanted emails (both internal and external) while detecting and remediating compromised accounts. The solution allows you to simplify your email security stack and comes with one-click deployment via API, automated SOC operations, the ability to integrate insights and reporting, and the benefit of boosting employee productivity by streamlining the email experience.
Abnormal is a Microsoft Preferred Solution and easily integrates into Microsoft 365 via API with no disruption to mail flow. The solution leverages email and non-email data (including identity, calendar, event logs, and collaboration tools) to integrate smoothly with existing SIEM, SOAR, and XDR tools. Abnormal’s solution is rated highly by users who praise its easy integration with Microsoft 365, advanced email threat protection, and helpful support team. We recommend this solution for organizations currently using Microsoft 365, who are looking for enhanced business email compromise and phishing protection with easy deployment.
Agari is an email security provider that offer a cloud-native security solution, which uses predictive AI to defend against sophisticated phishing and business email compromise (BEC) attacks. Agari also help organizations become DMARC compliant, working with large enterprise organizations such as Apple. Agari’s post-delivery solutions are designed to work in tandem with secure email gateway solutions Office 365 and G Suite. Agari offer two anti-phishing products: Phishing Defense and Phishing Response.
Phishing Defense uses predictive AI to learn how an organization communicates through relationship and behavioural patterns. It then uses this information to detect unusual behaviour and determine the threat level of suspicious emails. The engine can then block spear phishing and BEC attacks from compromised accounts, preventing them from spreading throughout the organization.
Phishing Response allows employees to report phishing attacks, which Agari automatically analyze to determine whether they’re false alarms, or genuine threats that need to be removed. This automated analysis reduces the manual effort of security teams, whilst accelerating time-to-containment; Agari claim to reduce phishing response time by up to 95%. Agari’s solution is fast but also highly effective, investigating attachments, URLs and sender forensics as well as the message content itself.
A cloud-based solution, Agari integrates easily with Office 365 and Azure Active Directory. Because of this, it acts as an extra layer of protection for emails apps like Office 365 and G Suite, but it can also work alongside a third-party Secure Email Gateway to catch any threats that slip through them. This makes it a good solution for organizations that need an extra layer of powerful anti-phishing protection.
Avanan offers cloud-based email and application protection against sophisticated phishing, malware, account compromise and data loss attacks. Designed to work with Office 365 and G Suite, you can deploy Avanan’s solution in minutes as an Office 365 app or configure it manually with a fast and simple deployment process. Once deployed, it offers security for all connected cloud-based applications like OneDrive, Google Drive and Teams.
Avanan uses machine learning technology to analyze email communication patterns, which allows their engines to detect user impersonation or fraudulent messages before they reach the inbox. It does this by identifying indicators of malicious emails, including the time and location of sending, domain and email content itself, to detect threats.
The fact that Avanan’s solution uses machine learning technology means that it’s constantly adapting to new and innovative attacks designed to slip past legacy email security solutions and gateways. It provides protection for each user’s individual inbox, rather than the organization’s general domain, which protects users from inbound, outbound and internal emails.
Avanan can identify malicious behaviour across the email network, from permission changes and files updates to internal messages sent via other cloud applications. This helps detect and flag compromised accounts, mitigating against business email compromise attacks.
Avanan deploys within your network environment in a matter of minutes and is designed to work well alongside other third-party security providers such as ATP. This makes it an ideal solution for organizations looking to reinforce their existing email security stack.
Barracuda provides a comprehensive range of multi-layer email, cloud and network security solutions. Barracuda Sentinel is their AI-based security solution that protects users against spear phishing, account takeover and BEC attacks. It’s available as part of Barracuda’s Complete Email Protection solution, which also includes their PhishLine security awareness training and their Essentials package for email security, archiving and data protection.
Barracuda Sentinel integrates seamlessly with Microsoft 365 to detect and remediate inbound and outbound email attacks. It uses a powerful AI engine to learn each employee’s communication patterns and then identify indicators within every email as to whether they were sent with malicious intent. If a threat is detected, Sentinel blocks it before the user can open the email. The use of AI also means that Sentinel requires virtually zero IT administration.
Barracuda also offer anti-phishing training via their simulation platform, PhishLine, which organizations can use to support the technical protection offered by Sentinel. PhishLine aims to transform employees into an additional layer of defense through a series of customizable simulations.
Barracuda Sentinel is compatible with Office 365 and completely cloud-based. This, along with its competitive pricing, makes it the ideal solution for smaller organizations and MSPs looking for effective phishing protection in the cloud.
Cofense, formerly PhishMe, has built their anti-phishing solution around phishing protection and user awareness training. Their solution combines human detection with automated response, allowing organizations to detect and block attacks in a matter of minutes. The phishing protection of Cofense is based on technology from Cyberfish, an Israeli startup they acquired in 2021. In addition to their technical solution, Cofense offer highly effective training campaigns designed to improve employees’ awareness of, and resilience against, phishing attacks.
Cofense’s defense strategy is human-centric, and starts with Cofense Reporter. This is an add-on “Report phish” button that allows users to report suspicious emails to their security team. The Reporter button is compatible with Outlook, Gmail and IBM Notes. Cofense Triage then uses an automated spam engine, combined with human intelligence, to distinguish between genuine known threats and false alarms. Genuine threats are isolated. Security teams can then use the Cofense Vision tool to perform powerful searches to detect and quarantine any found threats. With one click, admins can quarantine a malicious email from all other user inboxes. If the email is later deemed harmless, it can be “un-quarantined”.
Cofense also offer extensive security awareness training that teaches users how to identify and react to phishing attacks through scenario-based simulations, videos and infographics. The phishing simulations are full customizable so that organizations can target their employees’ training towards specific threats that they’re facing. The training encourages more users to click on the “Report phish” button, taking initiative of their own inboxes.
Cofense’s solution provides effective protection for anyone wanting to tackle phishing by training their employees to report attacks directly, and then automatically remediating the threat. The technical products can also be used to bolster an existing security gate with an additional layer of security.
Microsoft Defender for Office 365 (formerly ATP) is a cloud-based email security service that offers protection against unknown malware and viruses. Defender is included in some Exchange and Microsoft 365 subscription plans and is also available for purchase as an add-on module. Administrators can also use the inbuilt reporting and URL trace capabilities to gain insight into the kind of attacks that are occurring.
Defender’s anti-phishing solution uses machine learning modules to check inbound messages for key indicators that they may be a phishing attempt. These include the header, sender’s address and message content. When a threat is detected, the attack is blocked. Defender also has the capability to detect and block malicious links and attachments. This feature extends to protect SharePoint, OneDrive and Teams from malicious files, which many third-party solutions struggle to achieve.
However, Defender isn’t as effective as some of the other third-party solutions explored in this list. This is largely down to it being less mature than other protection methods; it doesn’t have the experience in adapting to threats that other solutions have acquired over time.
Microsoft Defender is popular for its cost-effectiveness and seamless integration with an Office 365 environment. This makes it suitable for any organization looking for a quick and easy-to-deploy security solution. However, for more advanced and effective protection, users should consider investing in a more powerful third-party solution.
Mimecast is a market leader in cloud-based email management. With over 36,000 customers around the world, they target their fully customizable and flexible products largely towards enterprise organizations. Mimecast’s phishing protection technology is a part of their overarching email security, archiving and continuity solution, which is delivered via a subscription service to a user-friendly platform.
Mimecast offer a cloud-based secure email gateway which provides instant and automated protection from phishing attacks. Mimecast scans all inbound emails in-real time, looking for key indicators in the header, domain information and email content which could indicate malicious emails. When emails contain suspicious content, Mimecast blocks the email automatically.
In addition to this, URL scanning technology stops users from opening malicious links or visiting potentially dangerous websites. This extends to URLs in archived emails, to prevent against delayed attacks. Finally, Mimecast’s solution sandboxes all attachments before sending them on to the end user. This means that suspicious files are opened, or “detonated”, in an isolated test environment, so that malicious files never reach your system.
Mimecast offer a comprehensive solution to protect your organization against phishing attacks. They also offer email encryption, DMARC compliance, DNS filtering and phishing awareness training. Their easy-to-read reports and analytics, combined with a high level of flexibility and customization, make their product an ideal solution for mid-sized and enterprise organizations.
Proofpoint is a global market leader in email security solutions. They secure more than 50% of the Fortune 100, the top 5 banks across the world and 7 of the top 10 global retailers, as well as many smaller organisations. All of this contributes to their annual revenues of over $1bn. Proofpoint Essentials is their bundle of security services, which promises “complete defense” for small and medium-sized organizations. This multi-layer package solution combines email encryption, archiving, powerful anti-virus technology and a Secure Email Gateway to help prevent data loss and protect your employees from falling victim to phishing scams, hackers and malware.
The Proofpoint Essentials package leverages several security techniques that are designed to protect against phishing. Firstly, the Proofpoint MLX technology examines text, image and attachment content to detect spam and phishing emails. 99% effective, this machine learning technology automatically adapts to new threats as they appear. Secondly, the powerful “URL Defense” and “Attachment Defense” services detect, catch and sandbox malicious URLs and attachments that often target smaller organizations. Finally, sophisticated antivirus engines scan all messages to capture and block all known viruses. Proofpoint Essentials also uses heuristic scanning technology, in order to discover and protect against new, unknown viruses and modifications of known threats.
Proofpoint has enhanced its Proofpoint Essentials offering to give users more comprehensive and advanced coverage. These new features are available in the Business+, Advanced+, and Professional+ plans. Proofpoint now use the Supernova threat engine to increase the rate if BEC detection threefold. Predictive URL scanning can identify the riskiest links and ensure that they are sandboxed as a matter of priority. The new updates also make it easier for users to identify potentially suspicious emails with tags and notification. If a harmful email does make it into an inbox, one-click pull allows admin to easily remove all instances of that email directly from user’s accounts.
Proofpoint Essentials utilizes the capabilities and functionality of Proofpoint’s security technology and infrastructure, whilst adapting it to meets the needs of smaller organizations. This, along with the cost-effective way in which they wrap their features up in one easy-to-manage package, makes Proofpoint Essentials an ideal solution for small to mid-sized organizations across all sectors.
Phishing Protection Solutions: Everything You Need To Know
What Is Phishing?
Phishing is a type of cybercrime based on fraud. In a phishing attack, a cybercriminal contacts their target—usually via email—and tries to manipulate them into doing something that will put their data at risk. A user may be encouraged to share their credentials and financial information, or installing malware that will enable the attacker to access their machine.
Traditionally, phishing attacks were used to target hundreds or even thousands of people at once. Today, these attacks are becoming increasingly targeted; instead of sending a generic email to lots of users, the attacker will research their target before messaging them, then pretend to be someone the target knows in order to gain their trust. Because of this, the attacks are much more convincing and difficult to spot – the target is more likely to share sensitive information. These targeted phishing attacks are known as “spear phishing”.
Aside from traditional phishing and targeted spear phishing attacks, there are a few more types of phishing attack that you should make your users aware of:
- Whaling is a type of spear phishing that targets high-ranking members of an organization, such as C-suite executives, who are likely to have privileged access to critical corporate systems or valuable data
- Vishing, short for “voice phishing”, is a phishing attack delivered via phone call, rather than email. These attacks often create a high sense of urgency because the attacker is communicating with the user in real-time and can use this to add pressure
- SMiShing, or “SMS phishing” is delivered via text message. These attacks often claim to be from a trusted organization, such as a bank or an email post-delivery company, rather than a specific individual
- Phishing websites look like normal web pages—usually login or payment pages—but they scrape user data and send it directly to an attacker. Often, users open phishing pages from the links sent in phishing emails, but sometimes they can stumble upon them when browsing if the attacker has managed to hide the malicious page within a legitimate website
How Common Are Phishing Attacks?
According to the FBI’s Internet Crime Complaint Center (IC3), phishing is the most prevalent threat type in the US. Unfortunately, phishing attacks are not only prevalent but also highly successful; recent research from Verizon found that 82% of data breaches last year involved a human element, such as phishing or the use of stolen credentials. A further report from IBM discovered that one fifth of companies that suffer a malicious data breach are compromised due to lost or stolen credentials, while 17% are compromised via a direct phishing attack.
What Is Integrated Cloud Email Security And How Does It Work?
Traditionally, email protection came in the form of a secure email gateway (SEG). SEGs create a defensive perimeter around your organization’s email client, preventing the delivery of threats such as spam, graymail, and mail sent from senders on a deny list. However, they aren’t very effective at blocking highly specific and targeted spear phishing attacks.
Integrated cloud email security solutions sit within the user’s inbox, scanning all inbound and outbound (and sometimes also internal) messages for anomalous or malicious activity. Integrated cloud email security solutions use machine learning to detect threats; this enables them to pick up on indicators of compromise that are likely to go unnoticed by a SEG, such as unusual communication patterns, typos and grammatical errors, and unusual attachment types. When a cloud email security tool does find an indicator of malicious activity, it either deletes the email from the user’s inbox, quarantines it, or delivers the email but inserts a warning banner at the top to alert the user to its potential malice.
Some cloud email security providers (including many on this list) also offer a plug-in as part of a phishing simulation program that enables users to report phishing threats from directly within their inbox.
Many organizations choose to implement a SEG alongside an integrated cloud email security solution to ensure maximum protection against multiple types of email threat. The SEG acts like the wall around your castle, deflecting known threats; the cloud email security solution acts like the guards patrolling your castle grounds, looking for anything out of the ordinary.
What Are Phishing Simulations And How Do They Work?
Security awareness training (SAT) is a human-centric form of phishing prevention. Usually, a security awareness training course is made up of two parts: content-based learning, and phishing simulations.
Phishing simulations are fake phishing emails that test a user’s ability to identify and report phishing threats. The strongest phishing simulators include a “report phishing” button that plugs into each user’s inbox, enabling them to report simulations (and, in some cases, real phishing threats) directly to their IT team as they come across them.
If a user fails a phishing simulation, they’re informed of where they went wrong, and IT and security teams can assign them more training as required.
What Else Can You Do To Stop Phishing Attacks?
Implementing a robust email security solution that combines ML-driven threat detection with phishing simulations is one of the best forms of defense against sophisticated spear phishing attacks. However, there is no single silver bullet solution to phishing. To ensure your best chances of staying secure, we recommend that you take a multi-layered approach to defense by implementing the further following tools.
Using a variety of tools in a complimentary approach will result in a well-rounded, comprehensive cybersecurity infrastructure, which will also help protect you from other web, identity, and endpoint threats.
Security Awareness Training (SAT)
Security awareness training solutions train users on how to identify and correctly respond to a range of cyberthreats, including phishing attacks. Most SAT solutions combine a mixture of content-based, bite-sized training modules to teach users what different types of attack may look like, with phishing simulations that enable security teams to test how users are likely to respond to a real-life phishing attack. If a user clicks on a link in a phishing simulation, admins are notified and can assign that user further training. SAT is a great way of training users to be more vigilant in their work and personal lives, whilst instilling a culture of security within the organization.
Many organizations make the mistake of assigning security awareness training annually. While this might be enough to tick off a compliance checklist, it’s unlikely to actually improve your security. For best results, we recommend delivering regular, bite-sized training.
Multi-Factor Authentication (MFA)
Multi-factor authentication requires users to verify their identities in two or more ways before being granted access to an account, application, or system. By implementing MFA, you can stop an attacker from accessing a user’s account, even if they’ve managed to get their hands on that user’s password via a phishing attack.
Different MFA solutions support different methods of authentication—some of which are less “phishable” than others. The strongest methods of authentication to prevent phishing attacks are biometric authentication (such as fingerprint scanners, facial recognition, and behavior recognition) and hardware authentication (using smart cards or USB sticks).
Endpoint Security/Antivirus
Some phishing attacks are used as a means of infecting an organization with malware, such as ransomware or an infostealer. The attacker simply sends the malware as an attachment and tries to manipulate their victim into downloading it. Implementing strong endpoint security or antivirus software can help mitigate the impact of a successful phishing attack by preventing the spread of malware across your organization, even if a user clicks on a malicious attachment.
Web Security
Phishing attacks are usually delivered via email, but there are millions of phishing webpages online that trick users into thinking that they’re entering their credentials or payment information into a legitimate website, when really the information they enter is being harvested by a cybercriminal.
A strong web security solution can help prevent your users from entering their details into phishing pages. There are several tools that can be used to achieve this.
- DNS filters do this by blocking phishing domains
- URL filters block individual phishing pages that are being hosted on non-malicious domains
- Remote browser isolation solutions can prevent users from inputting data into suspicious or malicious pages by restricting them to “view only” access
Strong Password Practices
Enforcing strong password practices won’t necessarily prevent phishing attacks, because phishing involves the threat actor stealing a password directly from your users, rather than cracking it using brute force. However, it can help minimize the damage that an attacker is able to do if they do gain access to a user’s account.
We recommend that you ensure that passwords are regularly updated across your organization, either through the use of password policy enforcement software or a business password manager. This means that, even if a password is compromised, the attacker will only be able to use it for a limited amount of time.
