What are some effective solutions for phishing attacks outside of awareness training?

547 views1 Upvote8 Comments

CISO in Software, 51 - 200 employees
There are sandboxing solutions. I used to use the FireEye solution, which is basically a connector into Gmail or 365 that executes every single email to check whether it's good or not, and then it passes it through.
Senior Director, Technology Solutions and Analytics in Telecommunication, 51 - 200 employees
There are a few solutions out there today using machine learning and AI that go through every single email, but it's still not good.
1 2 Replies
CISO in Software, 51 - 200 employees

The Microsoft one doesn't work. I've tried it. We're using Armorblox, and it works pretty well. They're a startup.

VP - Head of Information Technology in Software, 1,001 - 5,000 employees

The built-in stuff doesn't work. We're using Material Security on our side, and it's done a very good job. But as an ingress point in organizations, I still think the biggest weakness is the humans. Humans are still the weakest link.

The security space is funny, because most companies get acquired. It's a fast turn: there are brilliant ideas, and then they get rolled into something else. A lot of the time, the technology gets killed as a part of the acquisition process. These innovative ideas end up as a piece of something else that's mismanaged and then they’re not particularly innovative once they’ve been acquired. I love the security space, but I'm somewhat cautious there because I wonder, how long are you going to be around?

Director of IT in Software, 201 - 500 employees
I've used KnowBe4 phishing tests and found them easy to execute. Office365 has a new option that allows you to simulate various attacks but it requires higher end-user license
CEO, MSSP - High Assurance Cybersecurity SOC in Services (non-Government), 1,001 - 5,000 employees
Phishing is as much a technical issue as it is training. We all know why training is necessary... the sophistication of phishing attacks however beats how well we are trained and if we retained what we learned. So, think Defense in depth - edge to core solutions all hopefully working in tandem. But then you have the issues of remote work, cloud environments, and Starbucks wi-fi computing. The greatest impact we see comes from XDR (EDR and EPP included) monitoring and response solutions that are behavior-based with threat intelligence working at the speed of attack. Unexpected abnormal activities are identified as they happen and addressed in a form of appropriate and automated responses. I can explain the mechanics in gory detail, please reach out directly. 

CISO in Software, 10,001+ employees
Implementation and adoption of malicious email detection and blocking in email systems
Head of IT and Security in Finance (non-banking), 51 - 200 employees
I've been using Forcepoint mail filter... but awarness is still the best solution.

Content you might like

CTO in Software, 201 - 500 employees
Without a doubt - Technical Debt! It's a ball and chain that creates an ever increasing drag on any organization, stifles innovation, and prevents transformation.
Read More Comments
41.1k views131 Upvotes319 Comments