Data protection is a fuzzy, sometimes nebulous term. Certainly everything we do on the network is intended to protect the data on it. In an era of widely dispersed global enterprise – sometimes with little or no perimeter – the data often seems to be alone on the internet. That's when we need to focus on the data itself in addition to the supporting infrastructure.
Data is under attack directly. Major breaches over the past two years have been targeted at critical and sensitive data in one form or another. Whether it is credit card data, personally identifiable information, medical records or trade secrets, the adversary is focused on exfiltrating as much data as possible. We see all too frequent reports of passwords in the millions exfiltrated from large organizations that we would have believed to be secure.
Our Innovator in this year's data protection category has been with us before. However, you will recognize a distinct evolution from training to active defense. Why? The reason is pretty straightforward: The delivery mechanism for large-scale attacks is not large-scale itself. It is subtle and deceptive. It can be widespread or very focused. But it is not an attack against the infrastructure. It is an attack against users and, through the users, their data.
So this year, as we were looking for Innovators we found a lot of traditional approaches. These are good in most cases but don't have the spark of innovation that we look for each year. In our view, traditional approaches – such as data leakage – are stressed almost to the breaking point. The creativity of the adversary is increasing rapidly and we need to keep up with it. There is a lot happening in this space and we believe that next year we'll see a bumper crop in this area.
Meanwhile, our Innovator for this year is coming up with clever ways to solve a very ugly problem, both at the education end and the direct protection end, and that is the kind of innovation we look for.
Flagship product: PhishMe
Cost: Starts at $10,000 subscription based upon number of subscribers.
Innovation: Information security training, social engineering training, crowd sources the data from analysis of phishing attacks to the cloud and provides content feed to users with real-time “zero-day spam.”
Greatest strength:Advanced ability to analyze and access spam – particularly phishing message – data to help focus training on weaknesses for susceptible employees and then use the employees' knowledge to leverage the organization's anti-phishing posture by identifying phishing messages and notifying the appropriate people.
We are pleased to welcome back PhishMe for its second consecutive year as an Innovator. This company has shown nothing but improvement since last year and fittingly appears to still be growing and evolving. Phishing attacks are a prevalent danger as approximately 70 percent of spam are classified as such. Therefore, it is necessary to identify and block further attacks, especially for organizations where sensitive information may become susceptible. PhishMe does just that, by providing clients with an extensive collection of tools to help train and raise awareness among employees.
PhishMe raises awareness by providing employees with training strategies to help properly identify and report – at the click of a button – potential phishing attacks. Training provided to the employees is hands-on and tests them with benign phishing emails. If the employee fails to identify these emails, the generalized data collected allows at-risk employees to be identified and further trained. Contextual intelligence helps leverage human sensors by constantly analyzing, grouping and generating benign emails to test employees.
The implementation of PhishMe could significantly decrease the chances of employees falling victim to the primary social engineering attack vectors, such as phishing and spear-phishing. For those security buffs, there is also a great aspect to this software that will soon be available which allows you to further analyze these emails. Data collected can help gauge existing attacks and set focus on specific attacks that employees need training on. This information collects data on headers, malware content, IP addresses, etc., allowing for the information to be sorted and then normalized to a content feed.
The customization and training focus available from PhishMe is endless and will not only meet, but exceed, your ability to gather, analyze and generate training data and strategies. This is a 360-degree approach because not only is the training and reinforcement present but the ability to use the targeted users to help the organization identify phishing messages is a significant leverage feature.
With the beta release happening soon and a tentative new product release in Q1 of 2015, we are more than pleased with PhishMe's effort to help provide training and security to its users. This company has shown nothing but exceptional innovation and we hope that it will only continue to improve safety and security to users in our industry.