Laptop Displaying the GigaOm Research Portal

Get your Free GigaOm account today.

Access complimentary GigaOm content by signing up for a FREE GigaOm account today — or upgrade to premium for full access to the GigaOm research catalog. Join now and uncover what you’ve been missing!

Phishing Prevention and Detectionv1.0

Table of Contents

  1. Summary
  2. Market Framework
    1. Types of Attacks
    2. Understanding Attacker Motivation
    3. Enterprise Approaches to Protecting Messaging Platforms
    4. Solution Approaches to Preventing Phishing
  3. Maturity of Categories
    1. Embedded Email Spam Detection
    2. In-line and Out-of-band, Cloud and On-premises
    3. Endpoint Deployments, Detonation, and Sandboxes
  4. Considerations for Messaging Platform Security Solutions
  5. Vendor Review
    1. Category 1: Broadest Market Adoption Leaders
    2. Category 2: Newer Entrants Gaining Traction
    3. Category 3: Other Directions
  6. Near-term Outlook
  7. Key Takeaways
  8. About Simon Gibson

1. Summary

Information security touches every aspect of our digital lives in unpredictable and often unintuitive ways. We are all expert in understanding what it feels like to be secure, but deploying security in the enterprise presents a very different set of challenges. Finding trusted guidance in the security space can be difficult.

Phishing is the primary method for breaching businesses according to the Verizon Data breach report 2018, 96% of all attacks begin with phishing, so stopping phishes before they start has a huge ROI for security programs. From saving on security analysts time to lost productivity because of infected machines, everything is improved by stopping phishing before it can happen. The average pretexting or Business Email Compromise (BEC) attack costs companies around $130,000 each instance; which, for most companies, will be less than installing phishing protection.

Your enterprise is unique. Your employees’ varied skills, your appetite for risk, and your customers make up a unique environment. How your enterprise incorporates existing capabilities into your threat model can mean the difference between a reactive program and a proactive, sustainable one. Understanding the privacy concerns and capabilities of phishing prevention vendors is the goal of this report.  

This report will help C(x)Os and security practitioners evaluate phishing prevention solutions that reside between email servers and the internet that scan either email headers, attachments, the body, or some combination of them.

Key findings include:

  • Stopping phishing attacks before they are delivered provides economy of scale by reducing security teams’ workloads.
  • Email security gateways provide enterprises with a method to proxy inbound email communication, detect and remove phishing as well as adequately address privacy concerns.   
  • The vast majority of prevention solutions take place between the internet and the email service. Taken in context with the killchain, which says the earlier an attack can be stopped the less likely it is to succeed, stopping an attack after reconnaissance and weaponization, and before delivery, is the goal of phishing prevention platforms.
  • While other players in the space focus on endpoint detection and prevention, the goal of companies we talked with is primarily focused on removing the phishing attack before it hits the inbox.