IBM has been talking a lot lately about its cognitive capabilities, often in the context of the cloud and usually in reference to the company’s Watson platform.
IBM today announced a new cognitive technology that aims to help reduce the risk of phishing. The new cognitive phishing capability however is not directly related to IBM Watson.
“Cognitive phishing detection is an enhancement to our existing phishing detection capability in IBM Trusteer Rapport,” Eileen Turner, Program Director, Portfolio Marketing, IBM Trusteer, told eWEEK.
IBM acquired security vendor Trusteer back in September 2013 and has been steadily helping to develop the company’s security capabilities ever since. Turner explained that Trusteer had previously been using an approach that included a level of manual analysis by the Trusteer security research team, analyzing suspicious URLs for phishing attacks.
“With this new capability, we are now able to extend their research and automate the detection and protection process, increasing the speed and scale of detection,” Turner said.
The cognitive phishing capability is not a new product, but rather is an enhanced capability that is now part of the IBM Trusteer Rapport offering. Trusteer Rapport is a Software-as-a-Service application that provides a client agent that is installed on endpoints. The Rapport service helps to detect and prevent financial malware and phishing attacks.
Turner noted that the intelligence that IBM gathers from Trusteer Rapport can also help users who do not have the Rapport agent, but are protected with the IBM Trusteer Pinpoint Detect service that is designed to help defend online banking sites from attacks.
As opposed to many of IBM’s other cognitive computing efforts, the new phishing capability does not make use of the IBM Watson cognitive computing platform.
“With this new capability, we are leveraging a cognitive approach using machine learning and advanced analytics to transform phishing detection and protection,” Turner said. “We are evaluating the future use of Watson in this space.”
Though IBM is not using Watson for the cognitive phishing service, Watson is already playing an active role in IBM’s overall security portfolio. In February 2017, IBM announced its Cognitive Security Operations initiative which is powered in part by Watson.
Rather than using Watson, Turner explained that the new cognitive phishing capabilities make use of patented machine learning technologies developed in partnership with IBM Trusteer research and IBM Cyber Security Center of Excellence in Ben-Gurion University, Israel.
“It uses machine learning and advanced algorithms to learn and understand various components of the phishing attacks,” Turner said.
Turner explained that the new machine learning is used to analyze webpage content—including links, images, forms, text, scripts, URLs and more, to determine if a address is a malicious site. She added that the cognitive phishing capability enables IBM Trusteer to automatically understand the attack characteristics, detecting when fraudsters change their techniques with IBM continuously adapting protections in response.
Phishing attacks are blocked by the Trusteer Rapport agent that is installed on endpoint devices. Turner said that the agent continuously receives updates of confirmed phishing sites from the Trusteer cloud, and when the user attempts to access these URLs, the user will be warned or even redirected automatically.
While the new cognitive phishing capability is all about limiting the risk of malware, it can also potentially have an impact on helping to lower the risk of Business Email Compromise (BEC) attacks as well. BEC attacks are a growing concern for organizations of all sizes and just last week the U.S Department of Justice charged an individual with allegedly stealing $100 million from two U.S companies as part of a BEC fraud scheme.
“Business email compromise is a social-engineering attack by design that in many cases does not involve any means for credentials compromise, like malware or phishing,” Turner said. “However, our research shows the same gangs are operating both methodologies, and in many cases use financial malware for reconnaissance of the targets.”
“Thus, having Trusteer Rapport installed and remediating the financial malware can help reduce the chance of being targeted by BEC,” she added.