We live in a digital world and, as we become increasingly dependent on digital communication such as email, we become more vulnerable to cyber-attacks like phishing. Phishing is a type of cyber-crime based on email fraud. A bad actor disguises themself as someone trustworthy in order to trick their victims into giving them sensitive data such as usernames, passwords and financial information. Phishing emails can target hundreds or even thousands of people at once, and they’re one of the most common and financially dangerous online crimes that we see today.
In this article, we’ll explore the top ten solutions designed to protect your organization against phishing attacks. These include Secure Email Gateways, which filter dangerous emails before they reach the user’s inbox; post-delivery cloud email security solutions, which scan inbound and outbound emails for potential threats; and security awareness training platforms. One of the most useful forms of prevention is education; being aware of phishing attacks will make you less likely to fall victim to them. We’ll give you some background information on the provider and the key features of each solution, as well as the type of customer that they are most suitable for.
IRONSCALES is the fastest-growing email security company in the world and the market leader in anti-phishing technologies. Their post-delivery protection solution offers protection against advanced phishing email threats like business email compromise (BEC), VIP impersonation, and Account Takeover (ATO). Their cloud-based solution is fully compatible with Office 365 and Google Workspace, meaning it is easy to deploy and does not require any MX record changes. Delivered as a comprehensive platform with a single admin dashboard, IRONSCALES’ solution provides security teams with the ability to detect and remediate phishing attacks.
IRONSCALES combines artificial and human intelligence to identify and automatically remove malicious emails in real-time. Once a suspicious event has been detected, IRONSCALES’ virtual security analyst (named Themis) detects and removes the threat from all impacted end-user inboxes, thereby reducing the workload of your busy security team. Each time this happens, the platform logs and remembers it so that the same attack can never infiltrate the network again.
IRONSCALES also allows end-users to report suspicious emails with a button directly inside their email inbox, regardless of whether they’re on desktop or mobile. When an end-user reports an attack in this way, all other users who have received the email will be notified with a customizable warning banner. Finally, they offer tailored, gamified phishing awareness training to teach users how to identify and report real-world attacks.
IRONSCALES’ complete solution is suited for organizations that need powerful, automated protection against phishing attacks.
Avanan offers cloud-based email and application protection against sophisticated phishing, malware, account compromise and data loss attacks. Designed to work with Office 365 and G Suite, you can deploy Avanan’s solution in minutes as an Office 365 app or configure it manually with a fast and simple deployment process. Once deployed, it offers security for all connected cloud-based applications like OneDrive, Google Drive and Teams.
Avanan uses machine learning technology to analyze email communication patterns, which allows their engines to detect user impersonation or fraudulent messages before they reach the inbox. It does this by identifying indicators of malicious emails, including the time and location of sending, domain and email content itself, to detect threats.
The fact that Avanan’s solution uses machine learning technology means that it’s constantly adapting to new and innovative attacks designed to slip past legacy email security solutions and gateways. It provides protection for each user’s individual inbox, rather than the organization’s general domain, which protects users from inbound, outbound and internal emails.
Avanan can identify malicious behaviour across the email network, from permission changes and files updates to internal messages sent via other cloud applications. This helps detect and flag compromised accounts, mitigating against business email compromise attacks.
Avanan deploys within your network environment in a matter of minutes and is designed to work well alongside other third-party security providers such as ATP. This makes it an ideal solution for organizations looking to reinforce their existing email security stack.
Trustifi is an email security an encryption provider that enable businesses to protect both their inbound and outbound communications against sophisticated email threats, including spear phishing and account compromise. Trustifi’s solution offers comprehensive security by combining outbound email encryption, which keeps sensitive data at rest, in storage and in transit safe from spying eyes, with inbound email security that scans inboxes for malicious content and blocks any threats. Trustifi deploys via API—requiring no MX record changes—and is fully compatible with local email clients, Office 356 Outlook and Google Workspace.
Trustifi’s Inbound Shield scans all inbound email communications for malicious content such as spam, phishing attempts and malware attachments, assigning each email a threat level and threat type. These range from “Authenticated”, meaning that an email is safe, to warning such as “Impersonation Attack” or “Spoofing Attack”, which warn that an email has been deemed dangerous. High-threat emails are either delivered with a warning, quarantined or blocked, according to admin-configured policies, ensuring malicious content never reaches its intended recipient. As well as configuring quarantine policies, admins can set up white- and blacklisting to prevent repeat attacks from known malicious senders, and to prevent trusted external senders from having their emails mistakenly quarantined.
As well as its inbound security, Tustifi offers AES 256-bit encryption for outbound emails that ensures all sensitive data is stored and sent securely. Recipients don’t have to have an account with Trustifi to decrypt emails, but admins can require that they must verify themselves via 2FA. This means that, if an inbox is compromised, the attacker won’t be able to access sensitive data by searching email content and they won’t be able to prove their identity.
Trustifi’s platform is praised for its ease of use, both from an admin and end user perspective. It comes with pre-configured setting to provide instant protection once deployed, before admins sign in to configure more granular email security settings such as email domain and file type blocking. We recommend Trustifi as a robust, user-friendly solutions for organizations trying to stop phishing attacks, and prevent bad actors accessing sensitive data in the case of successful business email compromise.
Proofpoint is a global market leader in email security solutions. They secure more than 50% of the Fortune 100, the top 5 banks across the world and 7 of the top 10 global retailers, as well as many smaller organisations. All of this contributes to their annual revenues of over $1bn. Proofpoint Essentials is their bundle of security services, which promises “complete defense” for small and medium-sized organizations. This multi-layer package solution combines email encryption, archiving, powerful anti-virus technology and a Secure Email Gateway to help prevent data loss and protect your employees from falling victim to phishing scams, hackers and malware.
The Proofpoint Essentials package leverages several security techniques that are designed to protect against phishing. Firstly, the Proofpoint MLX technology examines text, image and attachment content to detect spam and phishing emails. 99% effective, this machine learning technology automatically adapts to new threats as they appear. Secondly, the powerful “URL Defense” and “Attachment Defense” services detect, catch and sandbox malicious URLs and attachments that often target smaller organizations. Finally, sophisticated antivirus engines scan all messages to capture and block all known viruses. Proofpoint Essentials also uses heuristic scanning technology, in order to discover and protect against new, unknown viruses and modifications of known threats.
Proofpoint has enhanced its Proofpoint Essentials offering to give users more comprehensive and advanced coverage. These new features are available in the Business+, Advanced+, and Professional+ plans. Proofpoint now use the Supernova threat engine to increase the rate if BEC detection threefold. Predictive URL scanning can identify the riskiest links and ensure that they are sandboxed as a matter of priority. The new updates also make it easier for users to identify potentially suspicious emails with tags and notification. If a harmful email does make it into an inbox, one-click pull allows admin to easily remove all instances of that email directly from user’s accounts.
Proofpoint Essentials utilizes the capabilities and functionality of Proofpoint’s security technology and infrastructure, whilst adapting it to meets the needs of smaller organizations. This, along with the cost-effective way in which they wrap their features up in one easy-to-manage package, makes Proofpoint Essentials an ideal solution for small to mid-sized organizations across all sectors.
Abnormal Security offers enterprise-grade protection against sophisticated phishing, supply chain fraud, and social engineering attacks. The platform offers precise, cloud-native email security with a behavioral data science approach that ensures strong email protection, detection, and response. Dozens of Fortune 1000 companies trust Abnormal Security to protect their cloud environments.
Abnormal Security uses AI to compute a thorough understanding of the people who make up and interact with your enterprise. Their solution works by profiling known good behaviors through behavioral AI systems while analyzing over 45,000 signals to detect any anomalies deviating from the established baseline. By understanding known good behavior, Abnormal can block socially-engineered and unwanted emails (both internal and external) while detecting and remediating compromised accounts. The solution allows you to simplify your email security stack and comes with one-click deployment via API, automated SOC operations, the ability to integrate insights and reporting, and the benefit of boosting employee productivity by streamlining the email experience.
Abnormal is a Microsoft Preferred Solution which integrates into Microsoft 365 APIs and deploys seamlessly and quickly with no disruption to mail flow. The solution leverages email and non-email data (including identity, calendar, event logs, collaboration tools and more) to integrate smoothly with existing SIEM, SOAR, detection tools, and ticketing systems. Abnormal Security’s solution is rated highly by users who praise its easy integration with Microsoft 365, advanced email threat protection, and helpful support team. We recommend this solution for organizations currently using Microsoft 365, who are looking for enhanced business email compromise and phishing protection with easy deployment.
Agari is an email security provider that offer a cloud-native security solution, which uses predictive AI to defend against sophisticated phishing and business email compromise (BEC) attacks. Agari also help organizations become DMARC compliant, working with large enterprise organizations such as Apple. Agari’s post-delivery solutions are designed to work in tandem with secure email gateway solutions Office 365 and G Suite. Agari offer two anti-phishing products: Phishing Defense and Phishing Response.
Phishing Defense uses predictive AI to learn how an organization communicates through relationship and behavioural patterns. It then uses this information to detect unusual behaviour and determine the threat level of suspicious emails. The engine can then block spear phishing and BEC attacks from compromised accounts, preventing them from spreading throughout the organization.
Phishing Response allows employees to report phishing attacks, which Agari automatically analyze to determine whether they’re false alarms, or genuine threats that need to be removed. This automated analysis reduces the manual effort of security teams, whilst accelerating time-to-containment; Agari claim to reduce phishing response time by up to 95%. Agari’s solution is fast but also highly effective, investigating attachments, URLs and sender forensics as well as the message content itself.
A cloud-based solution, Agari integrates easily with Office 365 and Azure Active Directory. Because of this, it acts as an extra layer of protection for emails apps like Office 365 and G Suite, but it can also work alongside a third-party Secure Email Gateway to catch any threats that slip through them. This makes it a good solution for organizations that need an extra layer of powerful anti-phishing protection.
Barracuda provides a comprehensive range of multi-layer email, cloud and network security solutions. Barracuda Sentinel is their AI-based security solution that protects users against spear phishing, account takeover and BEC attacks. It’s available as part of Barracuda’s Complete Email Protection solution, which also includes their PhishLine security awareness training and their Essentials package for email security, archiving and data protection.
Barracuda Sentinel integrates seamlessly with Microsoft 365 to detect and remediate inbound and outbound email attacks. It uses a powerful AI engine to learn each employee’s communication patterns and then identify indicators within every email as to whether they were sent with malicious intent. If a threat is detected, Sentinel blocks it before the user can open the email. The use of AI also means that Sentinel requires virtually zero IT administration.
Barracuda also offer anti-phishing training via their simulation platform, PhishLine, which organizations can use to support the technical protection offered by Sentinel. PhishLine aims to transform employees into an additional layer of defense through a series of customizable simulations.
Barracuda Sentinel is compatible with Office 365 and completely cloud-based. This, along with its competitive pricing, makes it the ideal solution for smaller organizations and MSPs looking for effective phishing protection in the cloud.
Cofense, formerly PhishMe, has built their anti-phishing solution around phishing protection and user awareness training. Their solution combines human detection with automated response, allowing organizations to detect and block attacks in a matter of minutes. The phishing protection of Cofense is based on technology from Cyberfish, an Israeli startup they acquired in 2021. In addition to their technical solution, Cofense offer highly effective training campaigns designed to improve employees’ awareness of, and resilience against, phishing attacks.
Cofense’s defense strategy is human-centric, and starts with Cofense Reporter. This is an add-on “Report phish” button that allows users to report suspicious emails to their security team. The Reporter button is compatible with Outlook, Gmail and IBM Notes. Cofense Triage then uses an automated spam engine, combined with human intelligence, to distinguish between genuine known threats and false alarms. Genuine threats are isolated. Security teams can then use the Cofense Vision tool to perform powerful searches to detect and quarantine any found threats. With one click, admins can quarantine a malicious email from all other user inboxes. If the email is later deemed harmless, it can be “un-quarantined”.
Cofense also offer extensive security awareness training that teaches users how to identify and react to phishing attacks through scenario-based simulations, videos and infographics. The phishing simulations are full customizable so that organizations can target their employees’ training towards specific threats that they’re facing. The training encourages more users to click on the “Report phish” button, taking initiative of their own inboxes.
Cofense’s solution provides effective protection for anyone wanting to tackle phishing by training their employees to report attacks directly, and then automatically remediating the threat. The technical products can also be used to bolster an existing security gate with an additional layer of security.
Microsoft Defender for Office 365 (formerly ATP) is a cloud-based email security service that offers protection against unknown malware and viruses. Defender is included in some Exchange and Microsoft 365 subscription plans and is also available for purchase as an add-on module. Administrators can also use the inbuilt reporting and URL trace capabilities to gain insight into the kind of attacks that are occurring.
Defender’s anti-phishing solution uses machine learning modules to check inbound messages for key indicators that they may be a phishing attempt. These include the header, sender’s address and message content. When a threat is detected, the attack is blocked. Defender also has the capability to detect and block malicious links and attachments. This feature extends to protect SharePoint, OneDrive and Teams from malicious files, which many third-party solutions struggle to achieve.
However, Defender isn’t as effective as some of the other third-party solutions explored in this list. This is largely down to it being less mature than other protection methods; it doesn’t have the experience in adapting to threats that other solutions have acquired over time.
Microsoft Defender is popular for its cost-effectiveness and seamless integration with an Office 365 environment. This makes it suitable for any organization looking for a quick and easy-to-deploy security solution. However, for more advanced and effective protection, users should consider investing in a more powerful third-party solution.
Mimecast is a market leader in cloud-based email management. With over 36,000 customers around the world, they target their fully customizable and flexible products largely towards enterprise organizations. Mimecast’s phishing protection technology is a part of their overarching email security, archiving and continuity solution, which is delivered via a subscription service to a user-friendly platform.
Mimecast offer a cloud-based secure email gateway which provides instant and automated protection from phishing attacks. Mimecast scans all inbound emails in-real time, looking for key indicators in the header, domain information and email content which could indicate malicious emails. When emails contain suspicious content, Mimecast blocks the email automatically.
In addition to this, URL scanning technology stops users from opening malicious links or visiting potentially dangerous websites. This extends to URLs in archived emails, to prevent against delayed attacks. Finally, Mimecast’s solution sandboxes all attachments before sending them on to the end user. This means that suspicious files are opened, or “detonated”, in an isolated test environment, so that malicious files never reach your system.
Mimecast offer a comprehensive solution to protect your organization against phishing attacks. They also offer email encryption, DMARC compliance, DNS filtering and phishing awareness training. Their easy-to-read reports and analytics, combined with a high level of flexibility and customization, make their product an ideal solution for mid-sized and enterprise organizations.
FAQs
What Is Phishing?
Phishing is a type of speculative cyber-attack that encourages victims to perform an action that puts them, or their data at risk. In practice, this will often involve a user click on a malicious link or download a dangerous file.
Once clicked, or downloaded, a type of malware can be installed on your system or device. This malware could lock your important files, demanding a ransom before being allowed to regain access or siphon your important files away to a third-party.
Alternatively, the phishing attack may try to convince you to willingly share your personal details. This might involve the use of a spoofed landing page – this is a website that looks like a well-known, reputable brand but is in fact fake. When a user inputs their login or sensitive details in a fake site, rather than gaining access to their account, their details will be stolen.
As time goes on, phishing attacks are getting more sophisticated and convincing.
What Are The Different Types Of Phishing?
Phishing is an ever-evolving form of attack. The attack methods are constantly evolving and being updated to fool as many users as possible. There are, however, some common attack types.
- Spear Phishing – This acts like a normal phishing attack, except they are more targeted. Rather than taking a scatter gun approach, spear phishing will target specific users within specific organizations. They may brand content to give the veneer of plausibility. At the end of the day, however, the aim of the attack is still to get a user to perform an action that jeopardises their data.
- Whaling – Whaling is an extension of spear phishing. In this case, the targeted user holds an important position within an organization – such as a C-level executive. This type of attack will take more effort from the attackers, but the rewards can be much higher.
- Vishing – This is an amalgamation of “Voice Phishing” and describes phishing attacks that uses phone calls as the means of communication. Users who are trained to look out for email attacks could well be taken in by this unexpected attack type.
- Smishing – as with Vishing is an amalgamation of terms. In this case it refers to SMS Phishing and accounts for phishing that is done by text message. This attack will most commonly be a message from your bank saying that you need to “act now” to prevent your account being compromised.
How Do Phishing Protection Solutions Work?
There are many ways to prevent phishing attacks from being successful.
Security Awareness Training – the aim of this training is to make users aware of what they need to look out for. If you can recognize the tell-tale signs of an attack, and know how to react, you are in the ideal position to not become a victim.
Secure Email Gateways – these solutions act as a perimeter to your inbox and prevent malicious emails from gaining access. These tools will use multiple layers of scanning and filtration to identify any indicators of compromise (IOC) and act accordingly.
Post-Delivery Cloud Solutions – even the best filters are not infallible. Post-delivery protection operates from within your inbox and can remove malicious emails from your inbox after they have been delivered. If, for instance, a benign link has been weaponised since being sent, the post-delivery solution can identify this and prevent you from accessing the link, thereby keeping you safe.
