Adopting public cloud infrastructure means security is now shared between you and your cloud provider. CloudGuard Network Security delivers automated and elastic public cloud network security to keep assets and data protected while staying aligned to the dynamic needs of public cloud environments.WATCH VIDEO
Block even the most sophisticated phishing attacks such as Business Email Compromise and impersonation
Prevent phishing attacks across email, mobile and endpoint devices
Anti-phishing is powered by the world’s most powerful threat intelligence database
Phishing started in the mid 1990’s with the goal of luring users to voluntarily give information such as account credentials or other sensitive data. That means that these scams have been around for nearly 30 years, and they don’t seem to be going away anytime soon. Phishing scams have greatly evolved since their early days, and now include sophisticated techniques such as social engineering. While most phishing attacks back in the day were sent in mass in the hopes of ‘catching’ a few users, this is not the case with many of these attacks nowadays, which often target very specific personnel or users.
Organizations must deploy anti phishing solutions to protect employees and their own businesses against today’s phishing attacks, which can be extremely targeted, well thought of, and include a hefty amount of research work behind them. Attackers spend a lot of time studying their pray and only then attack, to ensure the attack’s success. Today’s phishing schemes cost organizations millions of dollars, and include some more specific types such as Business Email Compromise (BEC) and impersonation attacks, which are extremely sophisticated. One example of a recent BEC attack is the Florentine Banker Group case that our own CPR revealed earlier this year, and included a meticulous plan and execution.
Phishing attacks may can come from different attack vectors, most common one being email. Another common attack vectors are phishing sites and text messages, usually aimed to stealing credentials in order to perform Account Takeover, which can lead to devastating results such as data loss, fraudulent money transfers and more. As mentioned, since these attacks are specifically designed to exploit the human nature, it is extremely important for organizations to take actions that would prevent these attacks from ever reaching their employees. Educating employees is important, but in times where remote work is so common and employees get much more emails and messages than they can deal with, let alone recognize a sophisticated attack, anti-phishing must come into play.
Check Point’s anti-phishing solutions includes different products to address different attack vectors from which phishing attacks come – email, mobile, endpoint and network.
CloudGuard SaaS deploys between the inbox and its native security. The solution secures inbound, outbound, and internal email from phishing attacks that evade platform-provided solutions and Email Gateways. It works with these other solutions and doesn’t require any MX record changes that broadcast security protocols to hackers.
API-based integration allows CloudGuard SaaS to analyze all historical emails in order to determine prior trust relations between the sender and receiver, increasing the likelihood of identifying user impersonation or fraudulent messages. Artificial Intelligence (AI) and Indicators of Compromise (IoCs) used in the past train the CloudGuard SaaS platform for what to look for in complex zero-day phishing attacks.
Granular visibility into Phishing attacks See every threat caught by CloudGuard SaaS, the email subject, content, and why it was determined to be phishing based on the 300+ indicators CloudGuard SaaS looks at in every email. Phishing indicators are explained in plain English, so it is easy to assess the potential impact of an attack.
Zero-Phishing identifies and blocks the use of phishing sites in real time. It even protects against previously unknown phishing sites. When a user browses a website, and prior to typing in his/her credentials, the zero-phishing engine will inspect, identify, and block phishing sites. If the site is deemed malicious, the user will not be able to enter credentials. This engine offers zero-day protection based on site characteristics, such as known malicious URLs. Even brand-new phishing sites can be identified.
Dozens of indicators
Compares cached PW hashes
Collected on internal sites
Enforced on external sites
Dark Web Alerts user on usage
Check Point’s Zero-Phishing technology for mobile devices. It allows organizations to combat zero-day phishing attacks by inspecting the web page itself and making an informed determination as to whether it is a phishing site. Combined with the SSL inspection feature, organizations can enjoy total protection from phishing sites, no matter which protocol they use or if it is a previously unknown site.
Check Point Anti-Phishing solutions eliminate potential threats before they reach users without affecting workflows or productivity.