Laptop Displaying the GigaOm Research Portal

Get your Free GigaOm account today.

Access complimentary GigaOm content by signing up for a FREE GigaOm account today — or upgrade to premium for full access to the GigaOm research catalog. Join now and uncover what you’ve been missing!

Area 1

Key Criteria for Evaluating Phishing Prevention & Detection Platforms

Table of Contents

  1. Summary
  2. About the Vendor Profile
  3. Key Criteria Analysis
  4. Evaluation Metrics Analysis
  5. Bottom Line

1. Summary

We covered Area1 Security in our 2018 Phishing Landscape. The company has continued its upward trajectory and holds a strong position in its ability to detect, block, and report on sophisticated, targeted attacks.

Over the last year, Area 1 has been working on detecting broader attack types. These include mass-scale scams, in which attackers cast a wide net in the realization that the attack will be detected and stopped, but that nevertheless promise enough profit to be worth that effort. This does not mean that Area 1 has done any less work on their special sauce which is detecting sophisticated, targeted attacks.

Area 1 has also dedicated time to NLP and heuristics, doubtless as a result of the $5.3 Billion lost to Business Email Compromise (BEC). Area 1’s architecture and approach were to understand the behavior and relationships between senders and recipients or users and their destinations. Over the last year, Area 1 has built heuristic algorithms that enable their software to track the state of a conversation and its back-and-forths. This enables them to detect when a compromised account is being used to make an odd request in the middle of a thread that may extend over weeks. Area 1 not only claims to be able to stop these attacks, but they also have receipts to that effect.

Area 1 looked at the market landscape and realized that some capabilities they did not previously offer were now commodities. For example, while attachment detonation and analysis, and enforcement of Sender Policy Framework (SPF) and DomainKeys Identified Mail (DKIM) might not stop sophisticated attacks, these were nevertheless expected by enterprises; thus, Area 1 has begun offering them.

Area 1 listened to their customers’ pain, understanding that Security Operations Centers (SOCs) are overwhelmed. They launched enterprise-grade, cloud-native deployments, along with search to track down the source and scope of an attack. They also released their Autonomous Phish SOC and automated mbox abuse mitigation, which took a first pass at the abuse@company’s inbox to relieve SOC personnel of that burden.

Area 1 has been busy in 2019 and was the first company we saw to “put their money where their mouths were” with their now-famous Pay-Per-Phish model.