The time to demonstrate the consequences of spear-phishing is when someone falls victim to an attack.
Herndon, VA (PRWEB) September 26, 2012
At a time when hackers and cyber criminals are devising increasingly devious ways to steal sensitive data, mission critical information, and intellectual property, Northern Virginia-based ThreatSim has announced the next-generation release of its SaaS-based SpearTraining™ solution. Designed to fight phishing attacks at the likely point of compromise -- the individual users within an organization -- SpearTraining consists of interactive lessons that launch when a prospective phishing target opens and interacts with an internally generated mock phishing message. This, according to ThreatSim leadership, is the ideal time to deliver phishing awareness and defense training.
“The time to demonstrate the consequences of spear-phishing is when someone falls victim to an attack,” said founder and CEO Jeff LoSapio. With more than a dozen years in the information security industry, LoSapio noted that he founded ThreatSim precisely because he recognized a serious flaw with traditional, passive training.
“If you train people in an isolated session, then return them to their responsibilities, you’re essentially hoping for the best,” he explained. “If, however, you proactively send your own internally generated mock phishing campaigns, you can monitor who opens those emails, and immediately route them to an online training module.” This, LoSapio added, creates a near-instant understanding of phishing consequences for the user.
Echoing LoSapio’s insights, ThreatSim CTO Trevor Hawthorn explained how the company’s solution is anchored in SpearTraining for users, but is further reinforced by an advanced, adaptive technological platform that constitutes a “full-spectrum, holistic approach to the problem of spearfishing.”
“A spearfishing attack doesn’t end when the user clicks,” Hawthorn said. “That’s when it begins. The user’s endpoint is exploited via vulnerable software and used as a staging point for the attack. Sensitive data starts moving off the network, often barely detectable, and the consequences can be disastrous.”
According to Hawthorn, ThreatSim addresses each stage in the attack by evaluating the security of third-party software and plug-ins, such as Flash and Java. ThreatSim subscriptions also include the company's patent-pending Xfil™ Exfiltration Agent, which can detect where and how an attacker may steal data out of the network.
“Yes, we’re out to change user behavior with SpearTraining,” said Hawthorn, “but we also gather actionable technical metrics that evaluate the organization’s security beyond the click.”
Both LoSapio and Hawthorn concurred that the ThreatSim objective is both organizational data integrity as well as the creation of an intuitive user community -- what ThreatSim calls “smart skeptics”. These are users who can tell when an email doesn’t ring true. That, they maintain, is the surest way to shut down phishing attacks.
ThreatSim delivers full-spectrum simulations designed to change user behavior and minimize the likelihood of successful phishing attacks. It combines point-of-compromise training (SpearTraining) with advanced technical evaluation and data leak testing to create a platform that is as responsive as it is protective. To learn more about ThreatSim, visit http://www.threatsim.com.