Anti phishing solutions?

UnixGuyUnixGuy Are we having fun yet?Mod Posts: 4,280 Mod
I'm looking for enterprise anti phishing solutions. What solutions have you used and do you recommend it?

Also, what do you think of Google's safe browsing API for anti phishing (if you used it)?
In Progress: MBA


  • YFZbluYFZblu Member Posts: 1,462 ■■■■■■■■□□
    What do you perceive an "anti-phishing" solution to be? What functionality do you want exactly?
  • gespensterngespenstern Member Posts: 1,243 ■■■■■■■□□□
    FireEye EX is pricey but works. Two functions: URL rewrite so every URL gets rewritten to point to their cloud and by the time user clicks it they already know whether it's good or bad. And their trademark behavioral analysis of attachments launched in a sandbox. Delays emails for 1-2 mins needed to process the attachment.

    ProofPoint has a similar thingy called TAP, but I never used it.

    Also you can combat tons of phishing using your mundane anti-spam techniques, such as whitelisting domains that advertise DMARC and sign 100% of their messages with DKIM (google and google hosted, etc) and therefore drop everything that seems to be coming from these domains but isn't signed with DKIM or verification fails, you can also use SPF, reverse-DNS lookups, compare reply-to and from headers, etc.
  • Danielm7Danielm7 Member Posts: 2,306 ■■■■■■■■□□
    My only gripe with the URL rewriting is that some of the solutions don't allow you to see the real root domain and you have to trust the filter that everything is OK and blindly click, not a fan of that. Our old/on the way out solution, MXLogic, did it that way, we did a bunch of user training telling people to look at the root domain to help identify safe links, then they put a URL rewrite policy in place and no one had any idea what they are clicking on so they clicked everything.

    Thankfully the ones we looked at now at least solve that problem.

    /rant off, haha.
  • UnixGuyUnixGuy Are we having fun yet? Mod Posts: 4,280 Mod
    @YFZblu: something to stop users from clicking on malicious links...perhaps stop those URLs and filter them before the user see them.

    Has anyone used "Mimecast" ?

    Great suggestions! Keep them coming
    In Progress: MBA
Sign In or Register to comment.