Key Criteria for Evaluating Anti-Phishing Solutionsv3.0

1. Summary

Phishing remains the leading method used by cybercriminals to attempt to breach and infiltrate organizations with malware, credential harvesters, and ransomware. Successful phishing attacks lead to loss of data, services, and money—or worse, all three. As such, prudent, risk-aware IT security leaders must make it a high priority to combat phishing attempts.

Today, organizations use a number of tools for chat, messaging, productivity, collaboration, conferencing, and social media—all of which are channels that cybercriminals use as potential paths for a phishing attack. Often, attackers use a mix of these channels in a single attack. An attack chain may start with an email that leads to an instant message that leads to a phone call, all aimed at a single user.

In addition, attackers are leveraging AI to study a target’s online habits to more accurately craft a phishing attempt, one that is likely to catch the casual observer off guard. It is also used to augment information that has been previously stolen to create synthetic identities, which can then be used in further attacks or other cybercrimes.

There has also been an increase in the targeting of trusted brands, impersonating them to try to catch users unaware. For example, LinkedIn was the most popular platform used in phishing attacks in 2022, followed by Facebook, Google, and Microsoft.

There are a number of factors to consider when looking at solutions. First, an organization should understand its potential attack surface. While an attack may arrive via numerous channels, email remains the most prevalent. A suite of solutions from one vendor may provide a more complete picture of an attack, but it can also be less cost effective, locking an organization into a single vendor.

Organizations should also consider the degree of automation they want in a solution and how proactive a solution should be. Should all actions be automated, or does the organization want to retain control? Should solutions act on indicators of potential attack or deal only with known attacks? Should solutions take steps to better educate and arm users to identify threats?

This GigaOm Key Criteria report details the capabilities (table stakes, key criteria, and emerging technologies) and non-functional requirements (evaluation metrics) for selecting an effective anti-phishing solution. The companion GigaOm Radar report identifies vendors and products that excel in those capabilities and metrics. Together, these reports provide an overview of the category and its underlying technology, identify leading anti-phishing offerings, and help decision-makers evaluate these solutions so they can make a more informed investment decision.

This is the third year that GigaOm has reported on the anti-phishing space. This report builds on our previous analyses and considers how the market has evolved over the last year.