IronPort Update Targets Spear Phishing Attacks

Cisco updated its IronPort security family with two new features designed to combat sophisticated email and web threats, such as Spear Phishing.

Cisco unveiled the IronPort Outbreak Filters and Business Class Email on 13 July at Cisco Live in Las Vegas. The new features highlight what Cisco claims are new trends in cyber-crime.

Targeted attacks

While spam is still a problem, it is not growing at the same exponential rate, and in some cases may be declining, Cisco said in a recent study. Since targeted attacks are on the rise, Cisco created new security services to focus on the new email and web threats.

Cisco is using network intelligence to improve the email and web security.

IronPort Outbreak Filters are designed to fight off targeted attacks, because as a recent Cisco study found, targeted attacks are highly lucrative and thus are popular attack vectors. The filters run on a custom-built engine based on IronPort and ScanSafe technologies and identify messages that may be part of a targeted attack.

Whenever the user opens an email message that fits the filter parameters, the IronPort system rewrites the malicious URLs embedded in those messages to go through Cisco’s ScanSafe Cloud Web Security system. If the user still goes ahead and clicks on the rewritten link, the web content is passed through additional Cisco filters in the cloud security service which scans and identifies any potential malware that may be on the site and blocks them from downloading when necessary.

“Rewriting the link is what allows us to scan the payload that would come from that site,” Edwards said. A “deep scrub” helps determine the context of the link, he said.

Spear phishing attacks use publicly available information online, including social networking sites, to go after specific individuals the attackers have profiled as likely to fall for the malicious email, Edwards said. The IronPort Outbreak Filters offer enterprises a strong layer of protection for these kinds of “low volume attacks” where only a handful of people within the enterprise are targeted, Edwards said.

Spear phishing danger

Some of the recent high-profile attacks, including RSA Security, Oak Ridge National Laboratory and Pacific Northwest National Laboratory, originated as spear phishing attacks sent to select victims.

The other feature, Business Class Email, takes on the new era of threats such as spear phishing by bundling together various authentication and filtering technologies that can also handle user authentication. Business Class Email focuses on four main features, including automatic user identification, embedded email controls, strong security and universal device support.

The goal is to extend security to personal devices that employees use to access corporate data in the workplace, such as smartphones and tablets, Cisco said. It is platform independent because it depends on plug-ins to hook into appropriate operating systems. While Cisco plans to support smartphones, initial support will be limited to iOS devices with Android support coming next year.

The company incorporated its existing authentication services in single sign-on, including Cisco Registered Envelope Service, Cisco IronPort WSA and WebEx into Business Class Email, and the existing email encryption product. New controls, such as message recall, message expiration, and read receipts have also been added.

Business Class Email is a “new approach” to email security as it combines the network and the cloud, Edwards said.

Cisco officials also unveiled additions to its UCS (Unified Computing System) infrastructure offering, Nexus switches, and WAAS (Wide Area Application Service) at Cisco Live.