SP Guard APT Defense

SP Guard – Enterprise Defense Against Spearphishing

Spearphishing is a highly targeted email scam in which the email is carefully crafted to entice the specific recipient. This differs from typical spam-like phishing scams that are based on fooling a small percentage of a large number of recipients. These are many examples of recent spear-phishing incidents:

In each case, the data compromise occurred because the recipient of the spear-phishing message could not distinguish real from fake, which is especially difficult if the message looks like it’s from a trusted entity and contains content that is specific to the recipient. Telling users to be alert and careful is good general advice, but how can they really know what’s real and what’s not?

Iconix SP-Guard modifies the email client’s display to provide a visual indicator of the identity of the sender of email. This is an example from Outlook, the popular business email client, in which a company called “MyCo” is marking their internal messages as well as those from trusted partners such as their law firm. Note especially the last message, though seemingly benign, is a spear-phishing message and is not marked as authentic:

SP Guard illustration

SP-Guard provides the recipient with three confirmations that a message is real:

  1. List View. There is an integrity indicator in the list view of the email client.
  2. Message. The open message has a further indicator of authenticity.
  3. Mouseover. Mousing over the authentication indicator in the message prompts the display of a certificate that further identifies the sender.

With the recent addition of fraud filtering, SP-Guard can also block fake messages from being seen at all. In the example above, if fraud filtering was enabled, the last message (from “MyCo Human Resources”) would not show up in the user’s inbox, further protecting the user and MyCo from compromise

You protect your systems from technical exploits using a variety of tools. Now you can protect your systems from the exploits that prey on the users themselves. It only takes one user to be fooled by a spear-phishing attach to cause a major compromise of data.

SP-Guard is available now from Iconix. For further information, contact our sales team at 408-727-6342, ext 3 or use our online form.