Among the most impactful attacks on the Internet today is spear-phishing, in which an attacker takes targeted aim an individual or an organization in an attempt to steal information. The targeted nature of spear-phishing makes it more challenging to defend against traditional spam, and is driving email security vendor Cloudmark to develop a new purpose-built technology called Trident to protect users.
As part of its efforts to fully understand the spear-phishing challenges that enterprises face, Cloudmark commissioned a survey, which examines current attitudes and experiences about spear-phishing. The poll of 300 IT decision-makers, conducted by independent research firm Vanson Bourne, found that 73 percent reported that spear-phishing currently poses a significant threat to their organizations. While organizations are worried about spear-phishing, 71 percent indicated that they already have some form of email security technology in place.
“Even while many organizations have implemented technology solutions, they’re still seeing attacks getting through,” Angela Knox, senior director of engineering and threat research at Cloudmark, told eWEEK.
What’s more, 32 percent of respondents admitted that their organizations suffer a financial loss as a result of an attack. Additionally, 15 percent of respondents indicated their organizations suffered a decrease in stock price after a spear-phishing incident.
“It’s a very hard problem to solve, and many solutions out there today solve a big chunk of the phishing problem but not all of it,” Knox said. “Spear-phishing is very low volume and highly targeted.”
To help solve the targeted spear-phishing attack problem, Cloudmark is now launching its Trident technology, which has been purpose-built from scratch to help organizations detect and block spear-phishing attempts.
The Cloudmark global threat network, a commercial email threat database, feeds into the new Trident system, said Matt Grant, vice president of global marketing and communications. The global threat network provides IP address and domain reputation information that helps to provide context for Trident.
“Trident is an SMTP [Simple Mail Transfer Protocol] agent that an organization can put in front of an existing secure email gateway,” Knox said. “Many organizations are already filtering bulk spam and general phishing attacks.”
The idea with Trident is to go a step further and look at the email patterns of users and organizations to help identify potential outliers that could be indications of a spear-phishing attack. Cloudmark is also providing its customers with a dashboard that delivers visibility into the state of spear-phishing attacks inside an organization. The dashboard identifies which employees are receiving the highest volume of spear-phishing attack attempts and what types of messages are coming in and where they are coming from, Grant said.
Cloudmark used the open-source Go language to develop Trident. Go was first developed by Google and has become increasingly popular in recent years as a high-performance language for applications.
“A lot of our existing products are written in C, but Go provides us the ability to have the same speed but with a more structured language,” Knox explained. “With Go, you’re more likely to have fewer bugs when you’re doing development.”
Sean Michael Kerner is a senior editor at eWEEK and InternetNews.com. Follow him on Twitter @TechJournalist.
