TippingPoint has added anti-phishing capabilities to its intrusion prevention system (IPS) for no extra cost.
The system now uses a variety of mechanisms to detect and prevent phishing scams, including vulnerability protection, pattern-matching protection and behaviour-based protection.
Phishing occurs when a perpetrator masquerades as a legitimate organisation to obtain personal or financial information from an individual and use it for malicious purposes.
Since phishing scams usually appear to originate from a trustworthy source, often by using spoofed e-mails and spoofed websites, they are extremely difficult to prevent using existing anti-spam software.
There are several steps used by phishers in the process of identity theft, and the TippingPoint IPS blocks these attempts at every phase.
To launch a campaign, phishers compromise a legitimate site or server by taking advantage of programming flaws in the website code and system flaws in the server.
Once a phishing site is in place and appears as the legitimate site of a well-known institution, phishers send mass e-mails to draw people to the site.
Many of these e-mails have distinguishing characteristics which the TippingPoint system uses to detect and block the e-mails at the mail gateway so they never make it to end-users.
In addition to using pattern-matching and behavior-based techniques to block phishing e-mails, the TippingPoint IPS also analyses e-mail headers and content for defining phishing characteristics.
Should a phishing scam get through the gateway and fool the end-user into clicking on a fraudulent link, the IPS can again use its vulnerability and behavior-based filters to block the site.
Because several phishing sites take advantage of vulnerabilities in Microsoft’s Internet Explorer browser, Outlook messaging software and other popular browsers and e-mail clients, the IPS can determine if the website is forged by detecting these vulnerabilities.
The TippingPoint IPS also inspects the fraudulent web page for defining content and characteristics common to many phishing campaigns.
The TippingPoint system costs from £5,000 and scales up according to the amount of throughput traffic an organisation has to handle. The company’s constantly updated Digital Vaccine security software adds about 20% to the cost of the box every year.
TippingPoint was acquired by 3Com at the beginning of the year and operates as a separate security company.