Phishing is a type of cybercrime based on email fraud. A bad actor disguises themself as someone trustworthy in order to trick their victims into giving them sensitive data such as usernames, passwords, and financial information. Phishing emails can target hundreds or even thousands of people at once, and they’re one of the most common and financially dangerous online crimes that we see today. In this article, we’ll explore the top ten phishing protection solutions designed to protect your organization against phishing attacks.
There are lots of different types of phishing protection solutions out there; phishing is a sophisticated attack method, and combatting it requires a layered approach. These layers include integrated cloud email security solutions, which scan inbound and outbound emails for potential threats; and security awareness training (SAT) platforms. One of the most useful forms of prevention is education; being aware of phishing attacks will make you less likely to fall victim to them.
In this article, we’ll explore the best tools to prevent phishing attacks, including cloud-based email protection, and SAT platforms. We’ll give you some background information on the provider and the key features of each solution, as well as the type of customer for which they are best suited.
IRONSCALES is the fastest-growing email security company in the world and the market leader in anti-phishing technologies. Their post-delivery protection solution offers protection against advanced phishing email threats like business email compromise (BEC), VIP impersonation, and Account Takeover (ATO). Their cloud-based solution is fully compatible with Office 365 and Google Workspace, meaning it is easy to deploy and does not require any MX record changes. Delivered as a comprehensive platform with a single admin dashboard, IRONSCALES’ solution provides security teams with the ability to detect and remediate phishing attacks.
IRONSCALES combines artificial and human intelligence to identify and automatically remove malicious emails in real-time. Once a suspicious event has been detected, IRONSCALES’ virtual security analyst (named Themis) detects and removes the threat from all impacted end-user inboxes, thereby reducing the workload of your busy security team. Each time this happens, the platform logs and remembers it so that the same attack can never infiltrate the network again.
IRONSCALES also allows end-users to report suspicious emails with a button directly inside their email inbox, regardless of whether they’re on desktop or mobile. When an end-user reports an attack in this way, all other users who have received the email will be notified with a customizable warning banner. Finally, they offer tailored, gamified phishing awareness training to teach users how to identify and report real-world attacks.
IRONSCALES’ complete solution is suited for organizations that need powerful, automated protection against phishing attacks.
Avanan offers cloud-based email and application protection against sophisticated phishing, malware, account compromise and data loss attacks. Designed to work with Office 365 and G Suite, you can deploy Avanan’s solution in minutes as an Office 365 app or configure it manually with a fast and simple deployment process. Once deployed, it offers security for all connected cloud-based applications like OneDrive, Google Drive and Teams.
Avanan uses machine learning technology to analyze email communication patterns, which allows their engines to detect user impersonation or fraudulent messages before they reach the inbox. It does this by identifying indicators of malicious emails, including the time and location of sending, domain and email content itself, to detect threats.
The fact that Avanan’s solution uses machine learning technology means that it’s constantly adapting to new and innovative attacks designed to slip past legacy email security solutions and gateways. It provides protection for each user’s individual inbox, rather than the organization’s general domain, which protects users from inbound, outbound and internal emails.
Avanan can identify malicious behaviour across the email network, from permission changes and files updates to internal messages sent via other cloud applications. This helps detect and flag compromised accounts, mitigating against business email compromise attacks.
Avanan deploys within your network environment in a matter of minutes and is designed to work well alongside other third-party security providers such as ATP. This makes it an ideal solution for organizations looking to reinforce their existing email security stack.
Trustifi is an email security an encryption provider that enable businesses to protect both their inbound and outbound communications against sophisticated email threats, including spear phishing and account compromise. Trustifi’s solution offers comprehensive security by combining outbound email encryption, which keeps sensitive data at rest, in storage and in transit safe from spying eyes, with inbound email security that scans inboxes for malicious content and blocks any threats. Trustifi deploys via API—requiring no MX record changes—and is fully compatible with local email clients, Office 356 Outlook and Google Workspace.
Trustifi’s Inbound Shield scans all inbound email communications for malicious content such as spam, phishing attempts and malware attachments, assigning each email a threat level and threat type. These range from “Authenticated”, meaning that an email is safe, to warning such as “Impersonation Attack” or “Spoofing Attack”, which warn that an email has been deemed dangerous. High-threat emails are either delivered with a warning, quarantined or blocked, according to admin-configured policies, ensuring malicious content never reaches its intended recipient. As well as configuring quarantine policies, admins can set up white- and blacklisting to prevent repeat attacks from known malicious senders, and to prevent trusted external senders from having their emails mistakenly quarantined.
As well as its inbound security, Tustifi offers AES 256-bit encryption for outbound emails that ensures all sensitive data is stored and sent securely. Recipients don’t have to have an account with Trustifi to decrypt emails, but admins can require that they must verify themselves via 2FA. This means that, if an inbox is compromised, the attacker won’t be able to access sensitive data by searching email content and they won’t be able to prove their identity.
Trustifi’s platform is praised for its ease of use, both from an admin and end user perspective. It comes with pre-configured setting to provide instant protection once deployed, before admins sign in to configure more granular email security settings such as email domain and file type blocking. We recommend Trustifi as a robust, user-friendly solutions for organizations trying to stop phishing attacks, and prevent bad actors accessing sensitive data in the case of successful business email compromise.
Proofpoint is a global market leader in email security solutions. They secure more than 50% of the Fortune 100, the top 5 banks across the world and 7 of the top 10 global retailers, as well as many smaller organisations. All of this contributes to their annual revenues of over $1bn. Proofpoint Essentials is their bundle of security services, which promises “complete defense” for small and medium-sized organizations. This multi-layer package solution combines email encryption, archiving, powerful anti-virus technology and a Secure Email Gateway to help prevent data loss and protect your employees from falling victim to phishing scams, hackers and malware.
The Proofpoint Essentials package leverages several security techniques that are designed to protect against phishing. Firstly, the Proofpoint MLX technology examines text, image and attachment content to detect spam and phishing emails. 99% effective, this machine learning technology automatically adapts to new threats as they appear. Secondly, the powerful “URL Defense” and “Attachment Defense” services detect, catch and sandbox malicious URLs and attachments that often target smaller organizations. Finally, sophisticated antivirus engines scan all messages to capture and block all known viruses. Proofpoint Essentials also uses heuristic scanning technology, in order to discover and protect against new, unknown viruses and modifications of known threats.
Proofpoint has enhanced its Proofpoint Essentials offering to give users more comprehensive and advanced coverage. These new features are available in the Business+, Advanced+, and Professional+ plans. Proofpoint now use the Supernova threat engine to increase the rate if BEC detection threefold. Predictive URL scanning can identify the riskiest links and ensure that they are sandboxed as a matter of priority. The new updates also make it easier for users to identify potentially suspicious emails with tags and notification. If a harmful email does make it into an inbox, one-click pull allows admin to easily remove all instances of that email directly from user’s accounts.
Proofpoint Essentials utilizes the capabilities and functionality of Proofpoint’s security technology and infrastructure, whilst adapting it to meets the needs of smaller organizations. This, along with the cost-effective way in which they wrap their features up in one easy-to-manage package, makes Proofpoint Essentials an ideal solution for small to mid-sized organizations across all sectors.
Abnormal Security offers enterprise-grade protection against sophisticated phishing, supply chain fraud, and social engineering attacks. The platform offers precise, cloud-native email security with a behavioral data science approach that ensures strong email protection, detection, and response. Dozens of Fortune 1000 companies trust Abnormal Security to protect their cloud environments.
Abnormal Security uses AI to compute a thorough understanding of the people who make up and interact with your enterprise. Their solution works by profiling known good behaviors through behavioral AI systems while analyzing over 45,000 signals to detect any anomalies deviating from the established baseline. By understanding known good behavior, Abnormal can block socially-engineered and unwanted emails (both internal and external) while detecting and remediating compromised accounts. The solution allows you to simplify your email security stack and comes with one-click deployment via API, automated SOC operations, the ability to integrate insights and reporting, and the benefit of boosting employee productivity by streamlining the email experience.
Abnormal is a Microsoft Preferred Solution which integrates into Microsoft 365 APIs and deploys seamlessly and quickly with no disruption to mail flow. The solution leverages email and non-email data (including identity, calendar, event logs, collaboration tools and more) to integrate smoothly with existing SIEM, SOAR, detection tools, and ticketing systems. Abnormal Security’s solution is rated highly by users who praise its easy integration with Microsoft 365, advanced email threat protection, and helpful support team. We recommend this solution for organizations currently using Microsoft 365, who are looking for enhanced business email compromise and phishing protection with easy deployment.
Agari is an email security provider that offer a cloud-native security solution, which uses predictive AI to defend against sophisticated phishing and business email compromise (BEC) attacks. Agari also help organizations become DMARC compliant, working with large enterprise organizations such as Apple. Agari’s post-delivery solutions are designed to work in tandem with secure email gateway solutions Office 365 and G Suite. Agari offer two anti-phishing products: Phishing Defense and Phishing Response.
Phishing Defense uses predictive AI to learn how an organization communicates through relationship and behavioural patterns. It then uses this information to detect unusual behaviour and determine the threat level of suspicious emails. The engine can then block spear phishing and BEC attacks from compromised accounts, preventing them from spreading throughout the organization.
Phishing Response allows employees to report phishing attacks, which Agari automatically analyze to determine whether they’re false alarms, or genuine threats that need to be removed. This automated analysis reduces the manual effort of security teams, whilst accelerating time-to-containment; Agari claim to reduce phishing response time by up to 95%. Agari’s solution is fast but also highly effective, investigating attachments, URLs and sender forensics as well as the message content itself.
A cloud-based solution, Agari integrates easily with Office 365 and Azure Active Directory. Because of this, it acts as an extra layer of protection for emails apps like Office 365 and G Suite, but it can also work alongside a third-party Secure Email Gateway to catch any threats that slip through them. This makes it a good solution for organizations that need an extra layer of powerful anti-phishing protection.
Barracuda provides a comprehensive range of multi-layer email, cloud and network security solutions. Barracuda Sentinel is their AI-based security solution that protects users against spear phishing, account takeover and BEC attacks. It’s available as part of Barracuda’s Complete Email Protection solution, which also includes their PhishLine security awareness training and their Essentials package for email security, archiving and data protection.
Barracuda Sentinel integrates seamlessly with Microsoft 365 to detect and remediate inbound and outbound email attacks. It uses a powerful AI engine to learn each employee’s communication patterns and then identify indicators within every email as to whether they were sent with malicious intent. If a threat is detected, Sentinel blocks it before the user can open the email. The use of AI also means that Sentinel requires virtually zero IT administration.
Barracuda also offer anti-phishing training via their simulation platform, PhishLine, which organizations can use to support the technical protection offered by Sentinel. PhishLine aims to transform employees into an additional layer of defense through a series of customizable simulations.
Barracuda Sentinel is compatible with Office 365 and completely cloud-based. This, along with its competitive pricing, makes it the ideal solution for smaller organizations and MSPs looking for effective phishing protection in the cloud.
Cofense, formerly PhishMe, has built their anti-phishing solution around phishing protection and user awareness training. Their solution combines human detection with automated response, allowing organizations to detect and block attacks in a matter of minutes. The phishing protection of Cofense is based on technology from Cyberfish, an Israeli startup they acquired in 2021. In addition to their technical solution, Cofense offer highly effective training campaigns designed to improve employees’ awareness of, and resilience against, phishing attacks.
Cofense’s defense strategy is human-centric, and starts with Cofense Reporter. This is an add-on “Report phish” button that allows users to report suspicious emails to their security team. The Reporter button is compatible with Outlook, Gmail and IBM Notes. Cofense Triage then uses an automated spam engine, combined with human intelligence, to distinguish between genuine known threats and false alarms. Genuine threats are isolated. Security teams can then use the Cofense Vision tool to perform powerful searches to detect and quarantine any found threats. With one click, admins can quarantine a malicious email from all other user inboxes. If the email is later deemed harmless, it can be “un-quarantined”.
Cofense also offer extensive security awareness training that teaches users how to identify and react to phishing attacks through scenario-based simulations, videos and infographics. The phishing simulations are full customizable so that organizations can target their employees’ training towards specific threats that they’re facing. The training encourages more users to click on the “Report phish” button, taking initiative of their own inboxes.
Cofense’s solution provides effective protection for anyone wanting to tackle phishing by training their employees to report attacks directly, and then automatically remediating the threat. The technical products can also be used to bolster an existing security gate with an additional layer of security.
Microsoft Defender for Office 365 (formerly ATP) is a cloud-based email security service that offers protection against unknown malware and viruses. Defender is included in some Exchange and Microsoft 365 subscription plans and is also available for purchase as an add-on module. Administrators can also use the inbuilt reporting and URL trace capabilities to gain insight into the kind of attacks that are occurring.
Defender’s anti-phishing solution uses machine learning modules to check inbound messages for key indicators that they may be a phishing attempt. These include the header, sender’s address and message content. When a threat is detected, the attack is blocked. Defender also has the capability to detect and block malicious links and attachments. This feature extends to protect SharePoint, OneDrive and Teams from malicious files, which many third-party solutions struggle to achieve.
However, Defender isn’t as effective as some of the other third-party solutions explored in this list. This is largely down to it being less mature than other protection methods; it doesn’t have the experience in adapting to threats that other solutions have acquired over time.
Microsoft Defender is popular for its cost-effectiveness and seamless integration with an Office 365 environment. This makes it suitable for any organization looking for a quick and easy-to-deploy security solution. However, for more advanced and effective protection, users should consider investing in a more powerful third-party solution.
Mimecast is a market leader in cloud-based email management. With over 36,000 customers around the world, they target their fully customizable and flexible products largely towards enterprise organizations. Mimecast’s phishing protection technology is a part of their overarching email security, archiving and continuity solution, which is delivered via a subscription service to a user-friendly platform.
Mimecast offer a cloud-based secure email gateway which provides instant and automated protection from phishing attacks. Mimecast scans all inbound emails in-real time, looking for key indicators in the header, domain information and email content which could indicate malicious emails. When emails contain suspicious content, Mimecast blocks the email automatically.
In addition to this, URL scanning technology stops users from opening malicious links or visiting potentially dangerous websites. This extends to URLs in archived emails, to prevent against delayed attacks. Finally, Mimecast’s solution sandboxes all attachments before sending them on to the end user. This means that suspicious files are opened, or “detonated”, in an isolated test environment, so that malicious files never reach your system.
Mimecast offer a comprehensive solution to protect your organization against phishing attacks. They also offer email encryption, DMARC compliance, DNS filtering and phishing awareness training. Their easy-to-read reports and analytics, combined with a high level of flexibility and customization, make their product an ideal solution for mid-sized and enterprise organizations.
What Is Phishing?
Phishing is a type of cybercrime based on email fraud, where a cybercriminal contacts their target and tries to persuade them to do something that will put their data at risk. Usually, this involves them downloading a malicious attachment that contains malware or a virus that can infect their computer. Alternatively, they will be encouraged to click on a link that will take them to a phishing page. A phishing page looks like a normal webpage, but it’s used to harvest the target’s credentials. For example, the target might think they’re signing into their LinkedIn account to update their settings, but they’ll actually be sending their username and password directly to a criminal that wants to hack into their account.
Traditionally, phishing attacks would be used to target hundreds or even thousands of people at once. Today, these attacks are becoming increasingly sophisticated and targeted. Cybercriminals can research their targets before messaging them, then pose as a trusted contact to try and gain their trust. This results in the attacks being much more convincing, and, therefore, more likely to trick a user into sharing sensitive information directly. These attacks are known as “spear phishing”. So, instead of receiving an email like this:
“You’ve won a free holiday! Click here to claim it!”
You might receive something more like this:
“Hi Bob, please you could send over the invoice for the partner project we’ve been working on? I’ve got to get that sorted today! Thanks, Alice.”
What Are The Different Types Of Phishing?
There are a few different categories of phishing:
- Spear phishing is a targeted form of phishing attack that is usually delivered via email. The attacker researches their intended target, then emails them impersonating a trusted sender in the hope that the target will be more likely to engage with them.
- Whaling is a type of spear phishing that targets high-ranking members of an organization, such as C-suite executives, who are likely to have privileged access to critical corporate systems or data that the attacker would like to get their hands on.
- Vishing is a portmanteau of “voice phishing” and describes phishing attacks that are delivered via phone call, rather than email. These kinds of attack often create a high sense of urgency. The attacker will communicate with the user in real-time and use their responses to put pressure on them.
- SMiShing, or “SMS phishing” is delivered via text message. These attacks often claim to be from a trusted organization, such as a bank or an email post-delivery company, rather than a specific individual.
How Does Email Phishing Protection Work?
There are two main types of email-based phishing protection: Secure Email Gateways and post-delivery, cloud-based platforms.
Secure Email Gateways (SEGs) are a traditional type of email security. They sit on the perimeter of the inbox, filtering spam, greymail, and more obvious phishing attacks to prevent them from being delivered. While these solutions are great at detecting and blocking spam or greymail, they generally aren’t very good at identifying more sophisticated spear phishing attacks.
Post-delivery, integrated cloud-based email security platforms are a modern technology solutions that sit within the user’s inbox. These platforms use machine learning to scan the contents of all delivered emails for indicators of malicious intent. This might be identified through an email from a previously unknown sender or an unusual attachment type. The solutions then either remove these emails, quarantine them, or add a warning banner to them so the user is wary of them when reading or responding to them.
Some post-delivery solutions take this a step further, creating a baseline of each user’s normal communication patterns. When new emails are scanned, the tool will search for deviations from this baseline that may indicate that someone is trying to phish the user, or that the user’s account itself has been compromised and is being used by an attacker.
How Does Security Awareness Training Work?
Security awareness training solutions train users on how to identify and correctly respond to cyberthreats, including phishing attacks. They’re usually made up of two components: content-based training, delivered in bite-sized modules, teaches users what different types of attack look like and why they should be wary of them; phishing simulations send users fake phishing emails to test how they respond to them. If a user clicks on a link in a phishing simulation, admins are notified and can assign that user further training.