Key Criteria for Evaluating Phishing Protection Platformsv1.0

1. Summary

Phishing is the primary method for breaching businesses. According to a 2018 Verizon Data Breach report, 96% of all attacks begin with phishing, so stopping them before they start has a huge return on investment (ROI) for security programs. From saving on security analysts’ time to avoiding lost productivity because of infected machines, everything is improved by stopping phishing before it can happen. The average pretexting or business email compromise (BEC) attack costs companies around $130,000 each instance, which, for most companies, will be less than installing phishing protection.

Your enterprise is unique. Your employees’ varied skills, your appetite for risk, and your customers make up a unique environment. However, the threats faced, and the mechanism available in response, are the same. How your enterprise incorporates existing capabilities into your threat model can mean the difference between a reactive program and a proactive, sustainable one. Understanding the privacy concerns and capabilities of phishing prevention vendors is the goal of this report.

This Key Criteria report will help C(x)Os and security practitioners evaluate phishing prevention solutions that reside between email servers and the internet, and scan either email headers, attachments, the body, or some combination of them.

Key findings:

• Stopping phishing attacks before they are delivered provides economy of scale by reducing security teams’ workloads.
• Email security gateways provide enterprises with a method to proxy inbound email communication, detect and remove phishing, as well as adequately address privacy concerns.
• The vast majority of prevention solutions take place between the internet and the email service. Taken in context with the “kill-chain,” which says the earlier an attack can be stopped the less likely it is to succeed, stopping an attack after reconnaissance and weaponization, and before delivery, is the goal of phishing prevention platforms.
• While other players in the space focus on endpoint detection and prevention, the goal of companies we talked with is primarily focused on removing the phishing attack before it hits the inbox.