Internet Threat Management
ORGANIZATIONS HAVE typically not gone beyond protecting their virtual network perimeters, but a growing number are using outsource firms to scour the Web to target and shut down threats where they originate.
The handful of firms in this space, known as brand-monitoring and antiphishing services, use technical tools and human analysis to search the Web for sites that illegally use a company’s logo or that lure surfers into phishing schemes or downloading malware. While such services were traditionally focused on intellectual property violations, they are increasingly protecting against a more comprehensive set of threats—especially the growing number of phishing and Trojan attacks.
“It’s really the next frontier in a lot of ways,” says Kevin Joy, a vice president at Toronto-based BD-BrandProtect. “Our company really complements the work that’s done inside the firewall.”
BD-BrandProtect recently introduced its Internet Presence Threat Analysis Service. Tailored to financial services, it categorizes threats into four components: phishing; brand threats (counterfeiting, logo misuse); domain threats; and Web linking (looking for broken links).
The company scores each area in terms of complexity, frequency, and severity, and then plots its overall risk. BD-BrandProtect then consults with clients on mitigation strategies and provides services such as taking down Web sites.
Similar firms are also expanding their services. RSA’s FraudAction, which previously combated phishing, pharming, and fraud, recently added anti-Trojan capabilities. “The perception is it’s becoming unsafe to transact online,” says Marc Gaffan, an RSA marketing director. And when consumers turn away from Internet banking and go to a branch, it’s significantly more expensive for banks, he says.
RSA has partnered with several antivirus vendors to identify keyloggers, session hijackers, and other malicious software aimed at clients. The service also scans e-mails captured through various honeypots—servers set up as decoys to lure the bad guys. After Trojans are dissected, RSA works with law enforcement and ISPs to shut down the malware’s hosting site.
The U.S. market for brand-monitoring and anti-phishing services is relatively small, estimated at less than $50 million a year by Gartner. But growth appears to be robust.
“Right now we’re having a wave of [RSA FraudAction] purchases,” says Stephanie Lewis, a senior solutions manager in the strategic initiatives group at Missouri-based Jack Henry & Associates, which provides technology solutions to banks and other companies. Until now, most RSA purchases have been in response to an attack, she says.
Many organizations, particularly in financial services, have in-house staff that monitor the Web and respond to threats. But third-party providers may have more resources with which to tackle the problem, because it is their fulltime concern. BD-BrandProtect’s proprietary Link Walker software maps more than nine billion pages extending to some of the Web’s “deepest, darkest corners.” It can process about one billion pages per month.
Vendors also tend to be more experienced at taking down global sites. Legal differences and language barriers are two challenges. “But we speak multiple languages and have laid down much of the groundwork,” says Gaffan. “The more ISPs we work with, the fewer hurdles we have to go through.”
RSA says that it has closed more than 50,000 phishing sites located in more than 135 countries.