Easy Solutions, the Total Fraud Protection® company, today released its Swordphish predictive phishing and malware risk assessment technology in a public beta. Some of the world’s largest email providers, email security vendors, email marketing providers and Big 5 consulting firms have already signed on to beta test the technology, in the hopes of reducing their role in phishing attacks.
Despite the adoption of blacklist-based anti-phishing technologies, phishing attacks are at an all-time high. The Anti-Phishing Working Group (APWG) observed more phishing attacks in the first quarter of 2016 than in any other three-month span since it began tracking data in 2004. APWG reported that the number of phishing websites it detected jumped a startling 250 percent between October 2015 and March 2016.1Backward-looking anti-phishing technologies are no longer fast enough to keep up with the rapid proliferation of phishing sites. As a result, ISPs and hosting providers, online ad companies, social networks and short URL providers among other companies are dealing with a deluge of phishing complaints from their customers.
Swordphish is an API-based tool that helps these organizations leverage the power of prediction to combat “alert fatigue” common in large organizations to detect phishing, malware and ransomware attacks in the critical period before these threats are added to conventional blacklist-based solutions. Swordphish looks forward, while blacklist-based solutions look backward, thereby filling a critical gap in current detection systems.
Swordphish consists of three discrete machine-learning classifiers that have been trained to recognize subtle and discrete differences between benign URLs and malicious URLs used by cybercriminals, malware authors and fraudsters. Swordphish provides this unique capability without the use of blacklists and is designed to integrate into high-volume workflows to score and prioritize potential risk for thousands or even millions of URLs from various event sources.
“We developed Swordphish as an internal tool to enhance our ability to detect and prioritize truly critical attacks within a sea of streaming security event data,” said Daniel Ingevaldson, CTO of Easy Solutions. “Once we saw the power of Swordphish, we decided to make the technology available publically to support our customer’s requirements for predictive malware detection, predictive spear-phishing detection, improved security event processing efficiency and orchestration. We are excited to be accepting requests to access the Swordphish technology and we look forward to working with our customers to deploy Swordphish to decrease response time, gain insight into zero-day attacks and to help reduce the cost and complexity of managing large security volumes.”