Security firm Rapid7 announced a beta release of its new InsightPhish service on Feb. 6, providing organizations with a way to incorporate phishing defense into Security Operations (SecOps).
The InsightPhish service provides phishing simulation, analysis and investigation capabilities and is built on top of the Rapid7 Insight platform, which provides security analytics.
“InsightPhish is purpose-built for SecOps teams to drive phishing awareness among employees and improve the efficiency of security analysts,” Lee Weiner, Chief Product Officer at Rapid7, told eWEEK.
Weiner added that the concept and technology behind InsightPhish was developed by the same team that helps to build Rapid7’s Metasploit products. The Metasploit framework is an open-source penetration testing framework, with Rapid7 selling commercial versions that provide enhanced enterprise capabilities. Metasploit has long provided multiple tools to help organizations test for email security and phishing. Weiner noted that Metasploit Pro is for testing the likelihood of exploitation, which is somewhat different than what the purpose is for the new InsightPhish service.
“We worked with various customers throughout the development of InsightPhish and believe these two tools complement one another,” Weiner said.
InsightPhish provides multiple capabilities, including the ability to ‘cast’ or conduct phishing simulations. Weiner said that InsightPhish can also enable users to catch potential attackers and classify indicators of phishing.
“It does not capture credentials, infect targets, or support phishing simulation on email domains that the user’s organization does not own,” Weiner said. “InsightPhish makes it easy for even the most time-constrained employees to report suspected phishing emails to catch the potential attacker with one-click reporting for G Suite, Office 365 and Outlook users.”
Weiner added that InsightPhish does not actually block phishing messages at the email gateway. That said, he noted that InsightPhish provides Indicators of Phishing (IOPs), which includes context about the messages being reviewed, allowing security teams to take action by quickly highlighting potentially malicious messages.
Business Email Compromise
Among the most costly types of phishing attacks are Business Email Compromise (BEC), which aim to trick users into paying fraudulent invoices. In May 2017, the Federal Bureau of Investigation’s Internet Crime Complaint Center (IC3), reported that BEC scams have led to $5.3 billion in financial loses globally since October 2013.
“Since BEC is a more targeted phishing approach we believe that the ability for users to share insight on what is happening within their environment and or their vertical industry will be critical,” Weiner said. “One of the goals for InsightPhish is not simply to help organizations with this critical challenge, but to also allow for the sharing of trends and analysis to help people in the same industry.”
The market for security technologies that protect against phishing is very competitive with multiple vendors actively developing services including Symantec, Knowbe4, Trend Micro and Barracuda Networks among others. Weiner said that security operations (SecOps) teams are increasingly looking to be more efficient through the use of technology and automation.
“Customers have told us that there is a strong need to increase visibility into the risk of phishing and reduce the time it takes to analyze potential phishing attempts,” Weiner said. “We saw an opportunity to do that with our technology and domain expertise, while providing customers with a superior user experience.”
While there is no shortage of competition in the phishing security space, there also is no slowdown in the continued volume of phishing attacks either.
“Phishing is the most common attack vector through which threats enter organizations,” Weiner said. “We don’t expect this to change dramatically in the future, and we anticipate publishing research that reflects our development experience with InsightPhish.”
Sean Michael Kerner is a senior editor at eWEEK and InternetNews.com. Follow him on Twitter @TechJournalist.