Pros & Cons of Different Anti-Phishing Approaches

Just as there are a lot of hackers waiting to hook you into their nefarious phishing scams, there are a lot of anti-phishing services offering to protect you. Though there are seemingly an overwhelming number of solutions, they fall into a handful of categories defined by the approach they take. So how do you know which is best for your business? We take a look at the different methodologies and the various anti-phishing software and services that subscribe to them.

1. Native Email Provider Protection

When it comes to phishing prevention, an obvious line of thinking is  “Google and Microsoft have my back, they’re industry giants.” While they certainly are industry giants, they may not always provide the best protection. Although G-Suite and Office 365 have recently stepped up their anti-phishing game, they’re still far from foolproof (for example, Microsoft’s Advanced Threat Protection (ATP) puts the onus on you to define (and maintain) complicated rules for catching different types of phish, and both providers largely ignore file sharing, messaging, and other outlets for malicious phishing attacks).

Ultimately, the bulk of a provider’s email security rests in spam filters, and with nearly 15 billion spam emails deployed daily, their spam filters working overtime. Some phish are bound to slip through.

Pros: Tightly integrated with native email provider and price sometimes included with email service.

Cons: More focused on spam than phish. Require customers to manage cumbersome security rules.

2. Secure Email Gateways

Companies looking to take their security beyond the standard email provider protection may turn to a gateway-based technology like Mimecast or Proofpoint. These companies were once appliance based and have since “cloud-washed” themselves—but that doesn’t make them cloud-native. To use their anti-phishing services, email must be routed to their servers through a message transfer agent (MTA).

Not only does a reroute slow receipt of your emails, most MTAs only scan incoming mail. That leaves outgoing emails and employee-to-employee emails unscanned, putting organizations or those they communicate within danger because hackers often steal employee credentials to launch a phishing scam. With these stolen credentials, the phishing email will appear as a legitimate outgoing email or employee-to-employee email. And they also require you to stay up to date by managing complex rules that need to be updated to keep up with new types of attacks.

Pros: Well-established vendors with a long-standing history of anti-spam technology that has evolved into anti-phishing engines.

Cons: Require you to route traffic through their cloud, which can cause misconfiguration issues, lead to privacy and security concerns, and can have performance impact.

3. Training and Simulation

Many organizations gravitate toward training and simulation programs, offered by anti-phishing software companies such as KnowBe4, Cofense, and Wombat. Anti-phishing training programs involve ongoing e-learning courses and videos, and essentially rely on education to build a “human firewall.” However, ongoing training can be expensive and time-consuming and, despite the best training, “to err is human.”

A more sophisticated means of anti-phishing training involves sending simulated phishing emails to employees. Known as “phishing your own employees,” simulations send phony phishing emails with attachments, embedded links, and requests for personal information. If an employee takes the bait, they’re usually faced with a screen explaining that they fell for a phish and warned to be more careful in the future.

The company’s IT department will also be made aware, so they can monitor employees who are continually duped by fake phishing scams. In some instances, employees that repeatedly fall for simulated phishing scams may be censured, penalized, or even terminated. This can lead to resentment, and even the best employees can fall for a real phish from time to time, especially during times of hyperactivity such as the end-of-quarter (EOQ) or the end-of-year (EOY) when they’re up against tight deadlines and receiving countless emails.

Pros: Raising awareness of security-related concerns of all types (including phishing) is always a good thing.

Cons: Employees can see this type of recurrent training as a chore and tend to tune it out.

4. Natural Language Processing

A new wave of phishing prevention relies on natural language processing (NLP) to detect phishing. NLP is basically “communication profiling,” operating on the theory that the idiosyncrasies in a person’s writing can be used to help detect whether or not an email is a phish.

For example, some people use a particular phrase or “sign off” frequently; some have sophisticated vocabularies while others do not; and some people always use emoticons and texting abbreviations. NLP proponents believe that by analyzing word and phrases choices over time, it can create “profiles” and anything deviating from the profile will be determined to be a phishing scam.

While still in the early stages of development, a potential challenge for this anti-phishing software may be that people communicate differently based on who they’re writing to; an email to an executive is apt to look much different than an email to a close colleague.

Pros: Innovative use of Machine Learning and AI

Cons: Unproven technology that may require long “ramp time” before becoming effective, and can lead to a high false-positive rate.

5. Clearedin

Clearedin is a comprehensive anti-phishing software that combines the best of all the above approaches into a cohesive and integrated platform.

  1. Uses ML and AI to build a Communications Trust Graph, modeling your organization’s unique patterns of external and internal communications.
  2. Flags suspicious or phish emails as they hit the inbox without requiring complex rule maintenance or onerous re-routing to a third-party cloud.
  3. Cross channel to protect you against email phishing of course, but also dangerous messages in Slack and Microsoft Teams.
  4. Active Defense (Email Isolation) protects users by disarming emails so that links and attachments are unclickable and the email can’t be forwarded, replied to, or otherwise engaged with in any way.
  5. Micro-training during actual phishing attacks trains users in the “teachable moment”, which is far less intrusive and more effective for modifying behavior over time.

Want to learn more about Clearedin anti-phishing software? Contact us today for a free demo.

demo for anti-phishing attacks

What Are Spoofing Emails and ...

Subscribe for updates

Get weekly updates on phishing and other web attacks