Cyveillance Social Engineering Appliance Detects Targeted Email Attacks

Cyveillance is offering an appliance designed to detect and stop spear phishing and other email-based social engineering attacks against enterprise targets. The Social Engineering Protection Appliance (SEPA) combines generic and vertical-specific phishing protection with customanalysis based on information available on the Internet about the organization and its individuals.

The purpose of the appliance is to help stop targeted attacks against enterprises, such as the so-called Aurora attacks that hit Adobe, Juniper Networks and Rackspace, among others; the RSA breach that stole SecurID information; and the attack on security firm HBGary.

SEPA analyzes the content of the email and correlates it with real-time access to Cyveillance’s Threat Intelligence service. The content analysis assesses the sender, the other mail transport agents (MTAs) the email has touched, and the body of the email. SEPA attempts to determine if the email is trying to gain the recipient’s trust and leverage that trust to ask for user action, such as providing authentication information or clicking on a link that will direct the user to a malicious website and download malware.

More specifically, SEPA leverages enterprise-specific information available on the Internet to detect targeting of the organization or even a specific individual. Cyveillance customizes each deployment, gathering information about organization and individual activities on the Internetand incorporating it in its analysis algorithms along with generic phishing analysis and its threat intelligence service.

For example, this “red team” exercise sifts through corporate and industry-related websites, search engines and social networking sites such as Facebook, Twitter and LinkedIn to find information that might be useful in persuading a victim that the email was from a legitimate source. Say someone is talking about a marketing campaign or partnership deal; or it might be something as seemingly innocent as “saw on Facebook that you and Steve are celebrating your 25th anniversary. Here’s a great idea for a getway [click link].”

Cyveillance keeps this custom data current, updating it with fresh information weekly through a subscription service. SEPA detects phishing attacks on four levels:1. Generic threats, directed at anyone regardless of vertical or organization.2. Threats targeting certain verticals, such as financial services, pharmaceuticals energy. These emails are crafted to use social engineering to track people in specific industries.3. Targeted enterprise. These attacks include both enterprise- and industry-specific information and, often, custom malware designed to exploit that organization.4. Targeted individual within an enterprise. These are sophisticated spear phishing messages designed to get information, such as authentication credentials from key managers or employees with special access, etc.

The first two levels are part of the standard SEPA package; the last two are integrated through the custom deployment and service updates. Cyveillance is best known for its anti-fraud, anti-phishing, brand protection and threat detection services.

SEPA pricing is $130,000 to $150,000, depending on configuration, including a year of standard support and Threat Intelligence subscription. Subsequent Threat Intelligence subscriptions are $29,600 annually per appliance, and standard support is $18,400 per appliance. Cyveillance offers High Value Target Protection for a $5,000 annual subscription per individual.

See more on this topic by subscribing to Network Computing Pro Reports Research: WAN Security (subscription required).