Review: SlashNext is like shooting phish in a barrel

SlashNext is a dedicated platform for combating modern phishing attacks. It does that one thing and it does it very well.

Using social engineering in conjunction with malicious program delivery, a technique known as phishing, remains one of the biggest threats to the cybersecurity landscape. If human users can be tricked into taking an action such as downloading malware, connecting with a compromised website, or even providing their credentials directly to criminals, it often overrides many of the automatic protections that cyber defenses offer. It’s become so popular and so successful that the most recent Verizon Data Breach Investigations Report puts phishing and social engineering attacks at the center of 93 percent of breaches in 2018.

Because of this, most comprehensive cybersecurity defenses try and include at least some from of phishing protection as part of their overall offering. Traditionally this is done mostly with e-mail clients, looking for telltale signs such as outbound links not matching the headers in a message. It is also sometimes done through blacklisting known phishing sites as they are discovered.

The problem with this kind of add-on approach is that the criminals participating in phishing scams tend to specialize in their trade, while the defense programs do not. This often puts the bad guys a couple steps ahead of phishing protection. In fact, a recent Webroot Quarterly Trends report puts the number of new phishing sites created every day at about 46,000, with many of them only existing for a few hours before fading back into the ether to avoid blacklisting.

Phishing scams now also make use of cloud services to give themselves valid top-level URLs. Another technique used by scammers is to first compromise a valid website and then use that to launch attacks. And e-mail, while still a primary phishing delivery method, now shares time with other communication channels such as instant messaging, social media platforms and even web-based advertisements.

SlashNext is a dedicated platform to combat modern phishing attacks. It can work by itself or in conjunction with other cybersecurity tools. There are two products available to organizations. The first is a detailed and dedicated phishing threat feed that can be used to block phishing sites as they pop up. The second is an appliance that provides even more protection and is able to halt even targeted attacks aimed at a single organization that wouldn’t trigger any other kind of alert. The appliance can even stop attacks aimed at a single person at a single organization.

Testing SlashNext

Both offerings have the Session Emulation and Environment Reconnaissance (SEER) engine at their core. SEER exists in a dedicated cloud and proactively scans the internet for phishing-related sites and activity. SEER taps into multiple sources and scans through billions of internet transactions and URLs every day. It then visits webpages using a virtual browser and inspects them using behavioral analysis, optical character recognition, computer forensics, natural language processing, image recognition and other technologies. The engine also uses machine learning to tap into its experience of outing millions of other phishing sites for over four years. It then makes a binary determination as to whether the site is a phishing platform. There are no percentages or gray areas involved. A site is either malicious or benign, and the company says it does not experience any false positives.

SlashNext Warning screen John Breeden II

Although users might be tricked by realistic-looking login pages, SlashNext is almost never fooled. In fact, there are very few controls and no ability to whitelist sites, because the company says that it’s unnecessary.

The threat feed
The threat feed part of the SlashNext offering is available for a flat rate but is divided up into six areas to help organizations control their costs, and so that they can zero in on the specific kinds of phishing attacks that most plague their industry or sector. It’s divided up into credential stealing attacks, scareware (e.g., tech support scams), rogue software (e.g., fake antivirus programs, exploits and malware), social engineering scams (e.g., fake prize giveaways), fake login scams and command and control callbacks from compromised machines.

To continue reading this article register now

FREE Download: Get the Spring 2019 digital issue of CSO magazine today!