The dark art of phishing operates on a very simple premise: send an innocent-looking email to a planned victim to have the victim click on the link; thereby send the victim unwittingly to a site where they should not go; and have the site steal information from the victim. From the phishing perpetrator’s viewpoint, it’s a simple one-two-three process.
Against this background, different approaches can be taken to defend against phishing emails, at varying stages of the attack, for example: detect the attack before it reaches the user; defend against the attack once the user has reached the phishing site; or train the user not to click on the attack email in the first place. However, an integrated approach to this cyber threat management is likely to be the most successful.
“Since the birth of the mainstream internet, phishing has been a perennial issue,” says Anton Jacobsz, MD of Networks Unlimited Africa, which delivers Cofense phishing defence solutions to the local market. “Today, phishing remains top of the agenda for security teams. As the more technical types of attacks become harder to pull off, social engineering remains a potential weak link in even the most hardened security defences.”
But until recently, Jacobsz explains that most organisations considered phishing threats in isolation, dislocated from other aspects of their cyber-security threat management.
“The agreement with RSA NetWitness effectively pulls your organisation’s phishing defences into its broader portfolio of cyber-security defences,” he says. “Not only do CSOs get a consolidated view of all types of threats, but the organisation can generate new value from its overarching security operations centres or threat management tools.”
Cofense ‘plugs in to’ the RSA NetWitness platform, allowing security teams to quicken response times and reduce attack dwell times, ultimately meaning that any attacks would cause less damage (hopefully, no damage).
Cofense and RSA leverage the Structured Threat Information Expression (STIX) standard, to automatically feed data into RSA’s NetWitness platform. STIX is a structured language for describing cyber-threat data between trusted parties, so that it can be shared, stored and analysed in a consistent way. RSA Netwitness supports the import of STIX Indicators and STIX Observables.
“Part of the Cofense vision is to scale out its array of technical integrations, ensuring that is seamlessly operates within a variety of different cyber-security tools, processes and strategies, depending on the organisation’s existing set-up,” notes Jacobsz.
In fact, over the past year or so, Cofense has announced ten new integration partnerships with major cyber-security vendors, helping businesses to unify threat management and response, enhance efficiencies, reduce costs, and bolster defences.
“This is a boon for those local businesses using Cofense, who gain enhanced functionality and flexibility with each new partnership agreement that Cofense signs,” Jacobsz explains.
In Cofense’s Integration Brief for the RSA NetWitness platform, it refers to three broad benefits of the integration agreement:
* Valuable insights as attackers evade technical controls… Employees that have been taught to immediately recognise and report phishing attempts contribute valuable intelligence that might otherwise have gone unnoticed.
* Actionable intelligence… These insights help security teams to fully understand threats as they emerge, prioritising their activities, responding with lightning-fast agility, and future-proofing their organisation against future threats.
* Alert fatigue… By converging the phishing intelligence into the broader security operations, there are fewer potential alerts coming in from various systems. This helps to alleviate the ‘boy who cried wolf’ challenge (with so many false-positives, security analysts can easily get distracted and fatigued by excessive alerts).
“Already, we’re seeing a new class of professional attacker emerge. In the future, attacks will be deployed across multiple surfaces, or vectors – so phishing will be combined with various other technical tactics. By having all your cyber-security threats rolled into a single platform, IT security professionals are far better prepared for these complex attacks to come,” concludes Jacobsz.