What are some effective solutions for phishing attacks outside of awareness training?

Security & GRCThreat & Vulnerability ManagementData Protection & Encryption
547 views1 Upvote8 Comments
CISO in Software, 51 - 200 employees
There are sandboxing solutions. I used to use the FireEye solution, which is basically a connector into Gmail or 365 that executes every single email to check whether it's good or not, and then it passes it through.
1
Senior Director, Technology Solutions and Analytics in Telecommunication, 51 - 200 employees
There are a few solutions out there today using machine learning and AI that go through every single email, but it's still not good.
1 2 Replies
CISO in Software, 51 - 200 employees

The Microsoft one doesn't work. I've tried it. We're using Armorblox, and it works pretty well. They're a startup.

VP - Head of Information Technology in Software, 1,001 - 5,000 employees

The built-in stuff doesn't work. We're using Material Security on our side, and it's done a very good job. But as an ingress point in organizations, I still think the biggest weakness is the humans. Humans are still the weakest link.

The security space is funny, because most companies get acquired. It's a fast turn: there are brilliant ideas, and then they get rolled into something else. A lot of the time, the technology gets killed as a part of the acquisition process. These innovative ideas end up as a piece of something else that's mismanaged and then they’re not particularly innovative once they’ve been acquired. I love the security space, but I'm somewhat cautious there because I wonder, how long are you going to be around?

2
Director of IT in Software, 201 - 500 employees
I've used KnowBe4 phishing tests and found them easy to execute. Office365 has a new option that allows you to simulate various attacks but it requires higher end-user license
CEO, MSSP - High Assurance Cybersecurity SOC in Services (non-Government), 1,001 - 5,000 employees
Phishing is as much a technical issue as it is training. We all know why training is necessary... the sophistication of phishing attacks however beats how well we are trained and if we retained what we learned. So, think Defense in depth - edge to core solutions all hopefully working in tandem. But then you have the issues of remote work, cloud environments, and Starbucks wi-fi computing. The greatest impact we see comes from XDR (EDR and EPP included) monitoring and response solutions that are behavior-based with threat intelligence working at the speed of attack. Unexpected abnormal activities are identified as they happen and addressed in a form of appropriate and automated responses. I can explain the mechanics in gory detail, please reach out directly. 

2
CISO in Software, 10,001+ employees
Implementation and adoption of malicious email detection and blocking in email systems
2
Head of IT and Security in Finance (non-banking), 51 - 200 employees
I've been using Forcepoint mail filter... but awarness is still the best solution.
3

Content you might like

So far this year, $210 Million worth of ransomware payments have been tracked by analytics firm Chainalsyis. How much will have been spent in ransomware transactions by the end of the year?

Governance, Risk & ComplianceSecurity & GRCRisk Management+7 more

$300 - $400 Million30%

$401 - $500 Million45%

$501-$600 Million6%

$600 Million +7%

Unsure11%


175 PARTICIPANTS
490 views

A recently reported security vulnerability in Microsoft's MSHTML browser engine is being detected all over the world. It affects everyone with a Windows machine of any kind, as it's based on the victim opening an infected MS document attachment. Has your organization been targeted by this attack in the last 3 months?

Security & GRCThreat & Vulnerability ManagementNews

Yes55%

No32%

Unsure12%


514 PARTICIPANTS
1.4k views1 Upvote

If you had a magic wand - what's the #1 daily business challenge you'd eliminate?

People & LeadershipStrategy & ArchitectureCloud+57 more
CTO in Software, 201 - 500 employees
Without a doubt - Technical Debt! It's a ball and chain that creates an ever increasing drag on any organization, stifles innovation, and prevents transformation.
142 19 Replies
Read More Comments
41.1k views131 Upvotes319 Comments

Does the risk of Ransomware and malware propagation bother you? Is IoT security a top of mind for you? To protect against many risks, we have witnessed success of micro-segmentation in the data center. Would you be willing to deploy similar solution for the campus? I am very curious to get your feedback?

Security & GRCThreat & Vulnerability Management
Read More Comments
2.8k views5 Upvotes5 Comments

Any recommendations on OT security product? I tried pushing Crowdstrike but it wasn't approved by OEMs. Other two are Claroty and Nozomi. Any feedback either on above two or any other as per your experience?

Security & GRCStrategy & Architecture
Read More Comments
1.8k views1 Upvote2 Comments