Strengths: Purpose-built, delivers strong anti-phishing ptorection.
Weaknesses: Pricey; no real-time configuration changes, no client access to make changes.
Verdict: This solution is expensive, but delivers a valuable service for organizations requiring an anti-phishing solution.
SummaryCyveillance provides services that cover the entire spectrum of online risks - from fraud and identity theft, phishing and unlicensed product sales to corporate espionage. For this month's Group Test review, Cyveillance submitted its anti-phishing offering, a zero-footprint, cloud-based solution.
Cyveillance Anti-Phishing prevents, detects and recovers from phishing and malware attacks. The solution addresses the entire case management lifecycle, including attack detection. It uses its 24/7 monitoring of spam and the web's domain registration system, as well as phishing and malware site takedown, to automatically initiate takedown procedures once a fraud scheme is detected.
The Cyveillance tool emphasizes four primary areas: prevention/early warning, detection, response and recovery. The prevention/early warning section relies on fraud anomaly detection to monitor, in real time, for suspicious web traffic activity, suspicious new domain registrations and changes to existing registrations, as well as tracking and monitoring phishing kits traded on the so-called internet "underground."
Detection sources that are used by the anti-phishing engine include junk email box, honeypot accounts and feeds from partner ISPs and anti-spam companies. It crawls billions of web pages to identify fraudulent sites and continuously monitors the internet using crawling technologies from registrars.
Cyveillance initiates phishing site takedown procedures through its 24/7 security operations center (SOC) with real-time status updated via the client's web-based portal. The company delivers this takedown service through its international network of contacts in the legal, government and internet service provider (ISP) communities.
The service also provides a real-time feed of validated phishing sites to partner ISPs and security companies to block access and/or alert their subscription-based members. Recovery services gather all forensic information, as well as any compromised customer data and monitors removed phishing sites to ensure that they do not go live again.