Fairfax, Virgina based Cyveillance today launched a solution designed to identify and protect against targeted social engineering attacks and prevent enterprise employees from exposing valuable intellectual property and sensitive information as a result of such attacks. Cyveillance says the appliance, the Cyveillance Social Engineering Protection Appliance (SEPA), goes beyond currently available signature and malware detection technologies to examine email content and context, analyze real-time interaction with embedded web-links, access cloud-based intelligence, and leverage the cyber-footprint of the enterprise to detect targeted attacks.
Targeted social engineering and spear-phishing attacks have become the new vector of choice for attackers to gain entry to enterprise networks. It can happen to anyone. Even Intel’s CEO, Paul Otellini has been a victim of a spear phishing attack. At a Forrester security event in Boston last fall, Intel’s CISO Malcolm Harkins shared a story of how its top executive fell victim to a targeted attack. In this case, the attacker decided to use public information from a lawsuit that Intel was involved in at the time. The attacker crafted clever emails, appearing to be from Intel’s attorney, and sent along some malicious attachments which Otellini decided to click on. It was from a trusted source, right? Wrong. In the end no sigificant harm was done, but the attacker was successful in penetrating one of the largest tech companies in the world and getting its top executive to do his part in helping the attack be a success.
SEPA hopes to protect against these types of attacks. Once an email has passed through the traditional email gateway, SEPA inspects it, looking for indicators of social engineering attacks by examining the content and context of along with the methods and behavior of embedded Web page links to determine the trustworthiness of the email.
“The benefit of SEPA is that it allows organizations to put a new layer of security in place to protect against infiltration attempts before they even reach their intended target. This not only takes the erroneous click of an email out of the equation, it gives organizations the ability to gain insight into the types of attacks targeting their organization,” said Manoj Srivastava, Chief Technology Officer for Cyveillance.
Online criminals use highly targeted social engineering scams that leverage social media to acquire openly available personal information on their targets. When the desired target falls prey to the attack, the malicious actors then gain undetected access to the corporate network. Once inside, the criminals extract sensitive information, which poses potential damage to the enterprise, undermines customer confidence and causes irreparable damage to the brand and more. SEPA’s unique ability to rapidly detect and protect against these targeted social engineering attacks, ensures intellectual property, sensitive information and customer data remain safe, while helping organizations preserve revenue, business productivity and customer trust.
“As attackers shift from targeting weak systems to weak applications and people, Enterprises must invest in greater visibility and detection – better matching attacker methods and motives. The best adversaries have transcended reverse engineering and embraced social engineering,” said Josh Corman, Research Director for Enterprise Security at The 451 Group.
SEPA can be custom configured to each enterprise environment, and employs detection capabilities including:
• Email Intent Analysis – Inspection of email content and context to help determine whether the intent of the sender is malicious.
• Web link Evaluation – Embedded web links are traversed and the destination web pages are evaluated for malicious behavior using heuristic and behavioral analysis.
• Global Threat Intelligence – Real-time access to Cyveillance cyber intelligence on malicious web links distributing malware, hosting phishing attacks, command and control botnet servers, botnet drop sites, malicious IP addresses running rogue DNS servers and open proxies etc.
• High Value Target Protection – Leverage cyberspace footprint – including social networks of individuals with access to critical assets or sensitive information – to protect against targeted social engineering attacks.
The solution is priced based on a one-time cost for the appliance, as well as an annual license for the global threat intelligence service, additional line item for standard maintenance and support, as well as a “per target per year” (essentially read per user) fee. Other professional services are offered as well.
More information on the Cyveillance Social Engineering Protection Appliance™ is available here.
